Do only local auth checks (do ldap tests via integration tests).
This commit is contained in:
parent
4426e83643
commit
6df9dad5b4
4 changed files with 20 additions and 70 deletions
|
@ -223,11 +223,11 @@ returns
|
||||||
return if !password || password == ''
|
return if !password || password == ''
|
||||||
|
|
||||||
# try to find user based on login
|
# try to find user based on login
|
||||||
user = User.find_by( login: username.downcase, active: true )
|
user = User.find_by(login: username.downcase, active: true)
|
||||||
|
|
||||||
# try second lookup with email
|
# try second lookup with email
|
||||||
if !user
|
if !user
|
||||||
user = User.find_by( email: username.downcase, active: true )
|
user = User.find_by(email: username.downcase, active: true)
|
||||||
end
|
end
|
||||||
|
|
||||||
# check failed logins
|
# check failed logins
|
||||||
|
|
|
@ -7,7 +7,7 @@ class Auth
|
||||||
|
|
||||||
authenticate user via username and password
|
authenticate user via username and password
|
||||||
|
|
||||||
result = Auth.check( username, password, user )
|
result = Auth.check(username, password, user)
|
||||||
|
|
||||||
returns
|
returns
|
||||||
|
|
||||||
|
@ -28,7 +28,7 @@ returns
|
||||||
]
|
]
|
||||||
|
|
||||||
# added configured backends
|
# added configured backends
|
||||||
Setting.where( area: 'Security::Authentication' ).each {|setting|
|
Setting.where(area: 'Security::Authentication').each {|setting|
|
||||||
if setting.state_current[:value]
|
if setting.state_current[:value]
|
||||||
config.push setting.state_current[:value]
|
config.push setting.state_current[:value]
|
||||||
end
|
end
|
||||||
|
@ -40,10 +40,10 @@ returns
|
||||||
next if !config_item[:adapter]
|
next if !config_item[:adapter]
|
||||||
|
|
||||||
# load backend
|
# load backend
|
||||||
backend = load_adapter( config_item[:adapter] )
|
backend = load_adapter(config_item[:adapter])
|
||||||
next if !backend
|
next if !backend
|
||||||
|
|
||||||
user_auth = backend.check( username, password, config_item, user )
|
user_auth = backend.check(username, password, config_item, user)
|
||||||
|
|
||||||
# auth not ok
|
# auth not ok
|
||||||
next if !user_auth
|
next if !user_auth
|
||||||
|
|
|
@ -9,7 +9,7 @@ module Auth::Internal
|
||||||
|
|
||||||
# sha auth check
|
# sha auth check
|
||||||
if user.password =~ /^\{sha2\}/
|
if user.password =~ /^\{sha2\}/
|
||||||
crypted = Digest::SHA2.hexdigest( password )
|
crypted = Digest::SHA2.hexdigest(password)
|
||||||
return user if user.password == "{sha2}#{crypted}"
|
return user if user.password == "{sha2}#{crypted}"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -1,46 +1,11 @@
|
||||||
# encoding: utf-8
|
# encoding: utf-8
|
||||||
require 'test_helper'
|
require 'test_helper'
|
||||||
|
|
||||||
# set config
|
class AuthTest < ActiveSupport::TestCase
|
||||||
if !ENV['LDAP_HOST']
|
test 'auth' do
|
||||||
fail "ERROR: Need LDAP_HOST - hint LDAP_HOST='ldap://ci.zammad.org'"
|
|
||||||
end
|
|
||||||
|
|
||||||
Setting.create_or_update(
|
user = User.find_by(email: 'nicole.braun@zammad.org')
|
||||||
title: 'Authentication via LDAP',
|
|
||||||
name: 'auth_ldap',
|
|
||||||
area: 'Security::Authentication',
|
|
||||||
description: 'Enables user authentication via LDAP.',
|
|
||||||
state: {
|
|
||||||
adapter: 'Auth::Ldap',
|
|
||||||
host: ENV['LDAP_HOST'],
|
|
||||||
port: 389,
|
|
||||||
bind_dn: 'cn=Manager,dc=example,dc=org',
|
|
||||||
bind_pw: 'example',
|
|
||||||
uid: 'mail',
|
|
||||||
base: 'dc=example,dc=org',
|
|
||||||
always_filter: '',
|
|
||||||
always_roles: %w(Admin Agent),
|
|
||||||
always_groups: ['Users'],
|
|
||||||
sync_params: {
|
|
||||||
firstname: 'sn',
|
|
||||||
lastname: 'givenName',
|
|
||||||
email: 'mail',
|
|
||||||
login: 'mail',
|
|
||||||
},
|
|
||||||
},
|
|
||||||
frontend: false
|
|
||||||
)
|
|
||||||
|
|
||||||
user = User.lookup(email: 'nicole.braun@zammad.org')
|
|
||||||
if user
|
|
||||||
user.update_attributes(
|
user.update_attributes(
|
||||||
login: 'nicole.braun',
|
|
||||||
password: 'some_pass',
|
|
||||||
active: true,
|
|
||||||
)
|
|
||||||
else
|
|
||||||
User.create_if_not_exists(
|
|
||||||
login: 'nicole.braun',
|
login: 'nicole.braun',
|
||||||
firstname: 'Nicole',
|
firstname: 'Nicole',
|
||||||
lastname: 'Braun',
|
lastname: 'Braun',
|
||||||
|
@ -50,10 +15,7 @@ else
|
||||||
updated_by_id: 1,
|
updated_by_id: 1,
|
||||||
created_by_id: 1
|
created_by_id: 1
|
||||||
)
|
)
|
||||||
end
|
|
||||||
|
|
||||||
class AuthTest < ActiveSupport::TestCase
|
|
||||||
test 'auth' do
|
|
||||||
tests = [
|
tests = [
|
||||||
|
|
||||||
# test 1
|
# test 1
|
||||||
|
@ -99,18 +61,6 @@ class AuthTest < ActiveSupport::TestCase
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
||||||
# test 5
|
|
||||||
{
|
|
||||||
username: 'paige.chen@example.org',
|
|
||||||
password: 'password',
|
|
||||||
result: true,
|
|
||||||
verify: {
|
|
||||||
firstname: 'Chen',
|
|
||||||
lastname: 'Paige',
|
|
||||||
email: 'paige.chen@example.org',
|
|
||||||
}
|
|
||||||
},
|
|
||||||
|
|
||||||
]
|
]
|
||||||
tests.each { |test|
|
tests.each { |test|
|
||||||
user = User.authenticate(test[:username], test[:password])
|
user = User.authenticate(test[:username], test[:password])
|
||||||
|
|
Loading…
Reference in a new issue