commit: 8e88a18316d45a459a31d67487bccc247592d187
parent 12f5f13fab1023c3cb2a50c7bcb11f281c7984fb
Author: Alexander <devkral@web.de>
Date: Wed, 11 Apr 2018 21:40:38 +0200
update gem, test pam authentication (#7028)
* update gem, test pam authentication
* add description for test parameters
* fix inclusion of optional group
Diffstat:
6 files changed, 73 insertions(+), 6 deletions(-)
diff --git a/.env.test b/.env.test
@@ -1,3 +1,7 @@
# Federation
LOCAL_DOMAIN=cb6e6126.ngrok.io
LOCAL_HTTPS=true
+# test pam authentication
+PAM_ENABLED=true
+PAM_DEFAULT_SERVICE=pam_test
+PAM_CONTROLLED_SERVICE=pam_test_controlled
diff --git a/.travis.yml b/.travis.yml
@@ -23,6 +23,7 @@ env:
- RAILS_ENV=test
- NOKOGIRI_USE_SYSTEM_LIBRARIES=true
- PARALLEL_TEST_PROCESSORS=2
+ - ALLOW_NOPAM=true
addons:
postgresql: 9.4
@@ -47,7 +48,7 @@ services:
install:
- nvm install
- - bundle install --path=vendor/bundle --without development production --retry=3 --jobs=16
+ - bundle install --path=vendor/bundle --with pam_authentication --without development production --retry=3 --jobs=16
- yarn install
before_script:
diff --git a/Gemfile b/Gemfile
@@ -33,7 +33,7 @@ gem 'devise', '~> 4.4'
gem 'devise-two-factor', '~> 3.0'
group :pam_authentication, optional: true do
- gem 'devise_pam_authenticatable2', '~> 9.0'
+ gem 'devise_pam_authenticatable2', '~> 9.1'
end
gem 'net-ldap', '~> 0.10'
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -146,9 +146,9 @@ GEM
devise (~> 4.0)
railties (< 5.2)
rotp (~> 2.0)
- devise_pam_authenticatable2 (9.0.0)
+ devise_pam_authenticatable2 (9.1.0)
devise (>= 4.0.0)
- rpam2 (~> 3.0)
+ rpam2 (~> 4.0)
diff-lcs (1.3)
docile (1.1.5)
domain_name (0.5.20170404)
@@ -464,7 +464,7 @@ GEM
actionpack (>= 4.2.0, < 5.3)
railties (>= 4.2.0, < 5.3)
rotp (2.1.2)
- rpam2 (3.1.0)
+ rpam2 (4.0.2)
rqrcode (0.10.1)
chunky_png (~> 1.0)
rspec-core (3.7.0)
@@ -639,7 +639,7 @@ DEPENDENCIES
climate_control (~> 0.2)
devise (~> 4.4)
devise-two-factor (~> 3.0)
- devise_pam_authenticatable2 (~> 9.0)
+ devise_pam_authenticatable2 (~> 9.1)
doorkeeper (~> 4.2)
dotenv-rails (~> 2.2)
fabrication (~> 2.18)
diff --git a/config/environments/test.rb b/config/environments/test.rb
@@ -59,3 +59,14 @@ Rails.application.configure do
end
Paperclip::Attachment.default_options[:path] = "#{Rails.root}/spec/test_files/:class/:id_partition/:style.:extension"
+
+# set fake_data for pam, don't do real calls, just use fake data
+if ENV['PAM_ENABLED'] == 'true'
+ Rpam2.fake_data =
+ {
+ usernames: Set['pam_user1', 'pam_user2'],
+ servicenames: Set['pam_test', 'pam_test_controlled'],
+ password: '123456',
+ env: { email: 'pam@example.com' }
+ }
+end
diff --git a/spec/controllers/auth/sessions_controller_spec.rb b/spec/controllers/auth/sessions_controller_spec.rb
@@ -48,6 +48,57 @@ RSpec.describe Auth::SessionsController, type: :controller do
request.env['devise.mapping'] = Devise.mappings[:user]
end
+ context 'using PAM authentication' do
+ context 'using a valid password' do
+ before do
+ post :create, params: { user: { email: "pam_user1", password: '123456' } }
+ end
+
+ it 'redirects to home' do
+ expect(response).to redirect_to(root_path)
+ end
+
+ it 'logs the user in' do
+ expect(controller.current_user).to be_instance_of(User)
+ end
+ end
+
+ context 'using an invalid password' do
+ before do
+ post :create, params: { user: { email: "pam_user1", password: 'WRONGPW' } }
+ end
+
+ it 'shows a login error' do
+ expect(flash[:alert]).to match I18n.t('devise.failure.invalid', authentication_keys: 'Email')
+ end
+
+ it "doesn't log the user in" do
+ expect(controller.current_user).to be_nil
+ end
+ end
+
+ context 'using a valid email and existing user' do
+ let(:user) do
+ account = Fabricate.build(:account, username: 'pam_user1')
+ account.save!(validate: false)
+ user = Fabricate(:user, email: 'pam@example.com', password: nil, account: account)
+ user
+ end
+
+ before do
+ post :create, params: { user: { email: user.email, password: '123456' } }
+ end
+
+ it 'redirects to home' do
+ expect(response).to redirect_to(root_path)
+ end
+
+ it 'logs the user in' do
+ expect(controller.current_user).to eq user
+ end
+ end
+ end
+
context 'using password authentication' do
let(:user) { Fabricate(:user, email: 'foo@bar.com', password: 'abcdefgh') }