mirror of
https://github.com/discourse/discourse.git
synced 2024-11-22 15:06:26 +08:00
FIX: Do not check for suspicious login when impersonating. (#6534)
* FIX: Do not check for suspicious login when impersonating. * DEV: Add 'impersonate' parameter to log_on_user.
This commit is contained in:
parent
012da86a07
commit
5af9a69a3b
|
@ -12,7 +12,7 @@ class Admin::ImpersonateController < Admin::AdminController
|
|||
StaffActionLogger.new(current_user).log_impersonate(user)
|
||||
|
||||
# Log on as the user
|
||||
log_on_user(user)
|
||||
log_on_user(user, impersonate: true)
|
||||
|
||||
render body: nil
|
||||
end
|
||||
|
|
|
@ -61,7 +61,7 @@ class UserAuthToken < ActiveRecord::Base
|
|||
ips.none? { |ip| user_location == login_location(ip) }
|
||||
end
|
||||
|
||||
def self.generate!(user_id: , user_agent: nil, client_ip: nil, path: nil, staff: nil)
|
||||
def self.generate!(user_id: , user_agent: nil, client_ip: nil, path: nil, staff: nil, impersonate: false)
|
||||
token = SecureRandom.hex(16)
|
||||
hashed_token = hash_token(token)
|
||||
user_auth_token = UserAuthToken.create!(
|
||||
|
@ -82,7 +82,7 @@ class UserAuthToken < ActiveRecord::Base
|
|||
path: path,
|
||||
auth_token: hashed_token)
|
||||
|
||||
if staff
|
||||
if staff && !impersonate
|
||||
Jobs.enqueue(:suspicious_login,
|
||||
user_id: user_id,
|
||||
client_ip: client_ip,
|
||||
|
|
|
@ -12,7 +12,7 @@ class Auth::CurrentUserProvider
|
|||
end
|
||||
|
||||
# log on a user and set cookies and session etc.
|
||||
def log_on_user(user, session, cookies)
|
||||
def log_on_user(user, session, cookies, opts = {})
|
||||
raise NotImplementedError
|
||||
end
|
||||
|
||||
|
|
|
@ -149,13 +149,14 @@ class Auth::DefaultCurrentUserProvider
|
|||
end
|
||||
end
|
||||
|
||||
def log_on_user(user, session, cookies)
|
||||
def log_on_user(user, session, cookies, opts = {})
|
||||
@user_token = UserAuthToken.generate!(
|
||||
user_id: user.id,
|
||||
user_agent: @env['HTTP_USER_AGENT'],
|
||||
path: @env['REQUEST_PATH'],
|
||||
client_ip: @request.ip,
|
||||
staff: user.staff?)
|
||||
staff: user.staff?,
|
||||
impersonate: opts.impersonate)
|
||||
|
||||
cookies[TOKEN_COOKIE] = cookie_hash(@user_token.unhashed_auth_token)
|
||||
unstage_user(user)
|
||||
|
|
|
@ -13,8 +13,8 @@ module CurrentUser
|
|||
@current_user_provider = Discourse.current_user_provider.new({})
|
||||
end
|
||||
|
||||
def log_on_user(user)
|
||||
current_user_provider.log_on_user(user, session, cookies)
|
||||
def log_on_user(user, opts = {})
|
||||
current_user_provider.log_on_user(user, session, cookies, opts)
|
||||
user.logged_in
|
||||
end
|
||||
|
||||
|
|
|
@ -283,4 +283,29 @@ describe UserAuthToken do
|
|||
expect(lookup.auth_token_seen).to eq(true)
|
||||
end
|
||||
|
||||
context "suspicious login" do
|
||||
|
||||
let(:user) { Fabricate(:user) }
|
||||
let(:admin) { Fabricate(:admin) }
|
||||
|
||||
it "is not checked when generated for non-staff" do
|
||||
UserAuthToken.generate!(user_id: user.id, staff: user.staff?)
|
||||
|
||||
expect(Jobs::SuspiciousLogin.jobs.size).to eq(0)
|
||||
end
|
||||
|
||||
it "is checked when generated for staff" do
|
||||
UserAuthToken.generate!(user_id: admin.id, staff: admin.staff?)
|
||||
|
||||
expect(Jobs::SuspiciousLogin.jobs.size).to eq(1)
|
||||
end
|
||||
|
||||
it "is not checked when generated by impersonate" do
|
||||
UserAuthToken.generate!(user_id: admin.id, staff: admin.staff?, impersonate: true)
|
||||
|
||||
expect(Jobs::SuspiciousLogin.jobs.size).to eq(0)
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -187,7 +187,7 @@ RSpec.configure do |config|
|
|||
end
|
||||
|
||||
class TestCurrentUserProvider < Auth::DefaultCurrentUserProvider
|
||||
def log_on_user(user, session, cookies)
|
||||
def log_on_user(user, session, cookies, opts = {})
|
||||
session[:current_user_id] = user.id
|
||||
super
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue
Block a user