From d676fd3702aa37074283db939698e878a1081773 Mon Sep 17 00:00:00 2001 From: Jens Kraemer Date: Tue, 6 Oct 2020 14:46:06 +0800 Subject: [PATCH] changes User.try_to_login to catch and log AuthSourceExceptions, and introduces User.try_to_login! replicating the original behavior. --- app/controllers/account_controller.rb | 2 +- app/models/user.rb | 10 +++++++++ test/unit/user_test.rb | 30 +++++++++++++++++++++------ 3 files changed, 35 insertions(+), 7 deletions(-) diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb index bc0792abb..9f46db64a 100644 --- a/app/controllers/account_controller.rb +++ b/app/controllers/account_controller.rb @@ -308,7 +308,7 @@ class AccountController < ApplicationController end def password_authentication - user = User.try_to_login(params[:username], params[:password], false) + user = User.try_to_login!(params[:username], params[:password], false) if user.nil? invalid_credentials diff --git a/app/models/user.rb b/app/models/user.rb index c859994ed..2e7aa9043 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -221,7 +221,17 @@ class User < Principal end # Returns the user that matches provided login and password, or nil + # AuthSource errors are caught, logged and nil is returned. def self.try_to_login(login, password, active_only=true) + try_to_login!(login, password, active_only) + rescue AuthSourceException => e + logger.error "An error occured when authenticating #{login}: #{e.message}" + nil + end + + # Returns the user that matches provided login and password, or nil + # AuthSource errors are passed through. + def self.try_to_login!(login, password, active_only=true) login = login.to_s.strip password = password.to_s diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb index 56e4c5ecf..3e25fee1d 100644 --- a/test/unit/user_test.rb +++ b/test/unit/user_test.rb @@ -695,13 +695,31 @@ class UserTest < ActiveSupport::TestCase assert_equal "ADMIN", user.login end - if ldap_configured? - test "#try_to_login using LDAP with failed connection to the LDAP server" do - auth_source = AuthSourceLdap.find(1) - AuthSource.any_instance.stubs(:initialize_ldap_con).raises(Net::LDAP::Error, 'Cannot connect') + test "#try_to_login! using LDAP with existing user and failed connection to the LDAP server" do + auth_source = AuthSourceLdap.find(1) + user = users(:users_001) + user.update_column :auth_source_id, auth_source.id + AuthSource.any_instance.stubs(:initialize_ldap_con).raises(Net::LDAP::Error, 'Cannot connect') + assert_raise(AuthSourceException){ User.try_to_login!('admin', 'admin') } + end - assert_nil User.try_to_login('edavis', 'wrong') - end + test "#try_to_login using LDAP with existing user and failed connection to the LDAP server" do + auth_source = AuthSourceLdap.find(1) + user = users(:users_001) + user.update_column :auth_source_id, auth_source.id + AuthSource.any_instance.stubs(:initialize_ldap_con).raises(Net::LDAP::Error, 'Cannot connect') + assert_nil User.try_to_login('admin', 'admin') + end + + test "#try_to_login using LDAP with new user and failed connection to the LDAP server" do + auth_source = AuthSourceLdap.find(1) + auth_source.update onthefly_register: true + AuthSource.any_instance.stubs(:initialize_ldap_con).raises(Net::LDAP::Error, 'Cannot connect') + + assert_nil User.try_to_login('edavis', 'wrong') + end + + if ldap_configured? test "#try_to_login using LDAP" do assert_nil User.try_to_login('edavis', 'wrong') -- 2.20.1