Maintenance: Improved authentication helper for developers.
This commit is contained in:
parent
d9df6de234
commit
59cfc7c69a
6 changed files with 82 additions and 1 deletions
|
@ -0,0 +1,12 @@
|
||||||
|
# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
|
||||||
|
|
||||||
|
class MaintenanceRemoveActiveLdapSessions < ActiveRecord::Migration[6.0]
|
||||||
|
def change
|
||||||
|
return if !Setting.exists?(name: 'system_init_done')
|
||||||
|
|
||||||
|
# Only relevant for when ldap integration is used.
|
||||||
|
return if !Setting.get('ldap_integration')
|
||||||
|
|
||||||
|
ActiveRecord::SessionStore::Session.destroy_all
|
||||||
|
end
|
||||||
|
end
|
|
@ -21,6 +21,7 @@ class Auth
|
||||||
end
|
end
|
||||||
|
|
||||||
def valid?
|
def valid?
|
||||||
|
return false if password.blank? && password_required?
|
||||||
return false if !perform?
|
return false if !perform?
|
||||||
|
|
||||||
authenticated?
|
authenticated?
|
||||||
|
@ -28,6 +29,10 @@ class Auth
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
|
def password_required?
|
||||||
|
true
|
||||||
|
end
|
||||||
|
|
||||||
def perform?
|
def perform?
|
||||||
raise NotImplementedError
|
raise NotImplementedError
|
||||||
end
|
end
|
||||||
|
|
|
@ -20,6 +20,13 @@ class Auth
|
||||||
false
|
false
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# No password required for developer mode and test environment.
|
||||||
|
#
|
||||||
|
# @returns [Boolean] false
|
||||||
|
def password_required?
|
||||||
|
false
|
||||||
|
end
|
||||||
|
|
||||||
# Overwrites the default behaviour to check for a allowed environment.
|
# Overwrites the default behaviour to check for a allowed environment.
|
||||||
#
|
#
|
||||||
# @returns [Boolean] true if the environment is development or test.
|
# @returns [Boolean] true if the environment is development or test.
|
||||||
|
|
|
@ -21,7 +21,6 @@ class Auth
|
||||||
#
|
#
|
||||||
# @returns [Boolean] true if a internal password for the user is present.
|
# @returns [Boolean] true if a internal password for the user is present.
|
||||||
def perform?
|
def perform?
|
||||||
return false if password.blank?
|
|
||||||
return false if !user.verified && user.source == 'signup'
|
return false if !user.verified && user.source == 'signup'
|
||||||
|
|
||||||
user.password.present?
|
user.password.present?
|
||||||
|
|
|
@ -0,0 +1,30 @@
|
||||||
|
# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
|
||||||
|
|
||||||
|
require 'rails_helper'
|
||||||
|
|
||||||
|
RSpec.describe MaintenanceRemoveActiveLdapSessions, type: :db_migration do
|
||||||
|
before do
|
||||||
|
5.times do
|
||||||
|
ActiveRecord::SessionStore::Session.create(
|
||||||
|
session_id: SecureRandom.hex(16),
|
||||||
|
data: SecureRandom.base64(10)
|
||||||
|
)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'without ldap integration' do
|
||||||
|
before { Setting.set('ldap_integration', false) }
|
||||||
|
|
||||||
|
it 'does not delete existing sessions' do
|
||||||
|
expect { migrate }.not_to change(ActiveRecord::SessionStore::Session, :count)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'with ldap integration' do
|
||||||
|
before { Setting.set('ldap_integration', true) }
|
||||||
|
|
||||||
|
it 'deletes all existing sessions' do
|
||||||
|
expect { migrate }.to change(ActiveRecord::SessionStore::Session, :count).to(0)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
|
@ -168,6 +168,30 @@ RSpec.describe Auth do
|
||||||
allow(Ldap::User).to receive(:new).with(any_args).and_return(ldap_user)
|
allow(Ldap::User).to receive(:new).with(any_args).and_return(ldap_user)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
shared_examples 'check empty password' do
|
||||||
|
before do
|
||||||
|
# Remove adapter from auth developer setting, to avoid execution for this test case, because of special empty
|
||||||
|
# password handling in adapter.
|
||||||
|
Setting.set('auth_developer', {})
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'with empty password string' do
|
||||||
|
let(:password) { '' }
|
||||||
|
|
||||||
|
it 'returns false' do
|
||||||
|
expect(instance.valid?).to be false
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when password is nil' do
|
||||||
|
let(:password) { nil }
|
||||||
|
|
||||||
|
it 'returns false' do
|
||||||
|
expect(instance.valid?).to be false
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
context 'with a ldap user without internal password' do
|
context 'with a ldap user without internal password' do
|
||||||
let(:user) { create(:user, source: 'Ldap') }
|
let(:user) { create(:user, source: 'Ldap') }
|
||||||
let(:password) { password_ldap }
|
let(:password) { password_ldap }
|
||||||
|
@ -197,6 +221,8 @@ RSpec.describe Auth do
|
||||||
expect { instance.valid? }.not_to change { user.reload.login_failed }
|
expect { instance.valid? }.not_to change { user.reload.login_failed }
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
include_examples 'check empty password'
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'with a ldap user which also has a internal password' do
|
context 'with a ldap user which also has a internal password' do
|
||||||
|
@ -238,6 +264,8 @@ RSpec.describe Auth do
|
||||||
expect(instance.valid?).to be true
|
expect(instance.valid?).to be true
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
include_examples 'check empty password'
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue