github-mirror/discourse
github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-04-03 05:39:41 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Spec for local auth check

Browse Source
This commit is contained in:
Erick Guan 2017-08-16 07:43:05 +02:00
parent 506572bf04
commit c7a101476e
2 changed files with 48 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
app/controllers/session_controller.rb
View File

@ -2,7 +2,12 @@ require_dependency 'rate_limiter'
require_dependency 'single_sign_on' require_dependency 'single_sign_on'
class SessionController < ApplicationController class SessionController < ApplicationController
class LocalLoginNotAllowed < StandardError; end
rescue_from LocalLoginNotAllowed do
render nothing: true, status: 500
end
before_filter :check_local_login_allowed, only: %i(create forgot_password)
skip_before_filter :redirect_to_login_if_required skip_before_filter :redirect_to_login_if_required
skip_before_filter :preload_json, :check_xhr, only: ['sso', 'sso_login', 'become', 'sso_provider', 'destroy'] skip_before_filter :preload_json, :check_xhr, only: ['sso', 'sso_login', 'become', 'sso_provider', 'destroy']
@ -176,12 +181,6 @@ class SessionController < ApplicationController
end end
def create def create
unless allow_local_auth?
render nothing: true, status: 500
return
end
RateLimiter.new(nil, "login-hr-#{request.remote_ip}", SiteSetting.max_logins_per_ip_per_hour, 1.hour).performed! RateLimiter.new(nil, "login-hr-#{request.remote_ip}", SiteSetting.max_logins_per_ip_per_hour, 1.hour).performed!
RateLimiter.new(nil, "login-min-#{request.remote_ip}", SiteSetting.max_logins_per_ip_per_minute, 1.minute).performed! RateLimiter.new(nil, "login-min-#{request.remote_ip}", SiteSetting.max_logins_per_ip_per_minute, 1.minute).performed!
@ -234,11 +233,6 @@ class SessionController < ApplicationController
def forgot_password def forgot_password
params.require(:login) params.require(:login)
unless allow_local_auth?
render nothing: true, status: 500
return
end
RateLimiter.new(nil, "forgot-password-hr-#{request.remote_ip}", 6, 1.hour).performed! RateLimiter.new(nil, "forgot-password-hr-#{request.remote_ip}", 6, 1.hour).performed!
RateLimiter.new(nil, "forgot-password-min-#{request.remote_ip}", 3, 1.minute).performed! RateLimiter.new(nil, "forgot-password-min-#{request.remote_ip}", 3, 1.minute).performed!
@ -281,11 +275,15 @@ class SessionController < ApplicationController
end end
end end
private protected
def allow_local_auth? def check_local_login_allowed
!SiteSetting.enable_sso && SiteSetting.enable_local_logins if SiteSetting.enable_sso || !SiteSetting.enable_local_logins
raise LocalLoginNotAllowed, "SSO takes over local login or the local login is disallowed."
end end
end
private
def login_not_approved_for?(user) def login_not_approved_for?(user)
SiteSetting.must_approve_users? && !user.approved? && !user.admin? SiteSetting.must_approve_users? && !user.approved? && !user.admin?

44
spec/controllers/session_controller_spec.rb
View File

@ -1,6 +1,12 @@
require 'rails_helper' require 'rails_helper'
describe SessionController do describe SessionController do
shared_examples 'failed to continue local login' do
it 'should return the right response' do
expect(response).not_to be_success
expect(response.status.to_i).to eq 500
end
end
describe 'become' do describe 'become' do
let!(:user) { Fabricate(:user) } let!(:user) { Fabricate(:user) }
@ -458,6 +464,22 @@ describe SessionController do
let(:user) { Fabricate(:user) } let(:user) { Fabricate(:user) }
context 'local login is disabled' do
before do
SiteSetting.enable_local_logins = false
xhr :post, :create, login: user.username, password: 'myawesomepassword'
end
it_behaves_like "failed to continue local login"
end
context 'SSO is enabled' do
before do
SiteSetting.enable_sso = true
xhr :post, :create, login: user.username, password: 'myawesomepassword'
end
it_behaves_like "failed to continue local login"
end
context 'when email is confirmed' do context 'when email is confirmed' do
before do before do
token = user.email_tokens.find_by(email: user.email) token = user.email_tokens.find_by(email: user.email)
@ -524,14 +546,6 @@ describe SessionController do
end end
end end
describe 'local logins disabled' do
it 'fails' do
SiteSetting.enable_local_logins = false
xhr :post, :create, login: user.username, password: 'myawesomepassword'
expect(response.status.to_i).to eq(500)
end
end
describe 'with a blocked IP' do describe 'with a blocked IP' do
before do before do
screened_ip = Fabricate(:screened_ip_address) screened_ip = Fabricate(:screened_ip_address)
@ -727,10 +741,20 @@ describe SessionController do
context 'for an existing username' do context 'for an existing username' do
let(:user) { Fabricate(:user) } let(:user) { Fabricate(:user) }
it "returns a 500 if local logins are disabled" do context 'local login is disabled' do
before do
SiteSetting.enable_local_logins = false SiteSetting.enable_local_logins = false
xhr :post, :forgot_password, login: user.username xhr :post, :forgot_password, login: user.username
expect(response.code.to_i).to eq(500) end
it_behaves_like "failed to continue local login"
end
context 'SSO is enabled' do
before do
SiteSetting.enable_sso = true
xhr :post, :create, login: user.username, password: 'myawesomepassword'
end
it_behaves_like "failed to continue local login"
end end
it "generates a new token for a made up username" do it "generates a new token for a made up username" do