squeegily
/
pleroma
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 42 Wiki Activity
Browse Source

Remove fallback to local database when LDAP is unavailable. 

In many environments this will not work as the LDAP password and the copy stored in Pleroma will stay synchronized.
note-update
Mark Felder 3 years ago
parent
f7146583e5
commit
0f9aecbca4
2 changed files with 0 additions and 49 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +0
    -4
      lib/pleroma/web/auth/ldap_authenticator.ex
  2. +0
    -45
      test/web/oauth/ldap_authorization_test.exs

+ 0
- 4
lib/pleroma/web/auth/ldap_authenticator.ex View File

@@ -28,10 +28,6 @@ defmodule Pleroma.Web.Auth.LDAPAuthenticator do
%User{} = user <- ldap_user(name, password) do
{:ok, user}
else
{:error, {:ldap_connection_error, _}} ->
# When LDAP is unavailable, try default authenticator
@base.get_user(conn)

{:ldap, _} ->
@base.get_user(conn)



+ 0
- 45
test/web/oauth/ldap_authorization_test.exs View File

@@ -7,7 +7,6 @@ defmodule Pleroma.Web.OAuth.LDAPAuthorizationTest do
alias Pleroma.Repo
alias Pleroma.Web.OAuth.Token
import Pleroma.Factory
import ExUnit.CaptureLog
import Mock

@skip if !Code.ensure_loaded?(:eldap), do: :skip
@@ -100,50 +99,6 @@ defmodule Pleroma.Web.OAuth.LDAPAuthorizationTest do
end

@tag @skip
test "falls back to the default authorization when LDAP is unavailable" do
password = "testpassword"
user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt(password))
app = insert(:oauth_app, scopes: ["read", "write"])

host = Pleroma.Config.get([:ldap, :host]) |> to_charlist
port = Pleroma.Config.get([:ldap, :port])

with_mocks [
{:eldap, [],
[
open: fn [^host], [{:port, ^port}, {:ssl, false} | _] -> {:error, 'connect failed'} end,
simple_bind: fn _connection, _dn, ^password -> :ok end,
close: fn _connection ->
send(self(), :close_connection)
:ok
end
]}
] do
log =
capture_log(fn ->
conn =
build_conn()
|> post("/oauth/token", %{
"grant_type" => "password",
"username" => user.nickname,
"password" => password,
"client_id" => app.client_id,
"client_secret" => app.client_secret
})

assert %{"access_token" => token} = json_response(conn, 200)

token = Repo.get_by(Token, token: token)

assert token.user_id == user.id
end)

assert log =~ "Could not open LDAP connection: 'connect failed'"
refute_received :close_connection
end
end

@tag @skip
test "disallow authorization for wrong LDAP credentials" do
password = "testpassword"
user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt(password))


Write Preview
Loading…
Cancel
Save