LDAP/OmniAuth on-the-fly registration user limits

pull/6374/head
Markus Kahl 6 years ago
parent 8acc44383d
commit dad7e6b125
  1. 2
      app/controllers/account_controller.rb
  2. 4
      app/controllers/concerns/omniauth_login.rb
  3. 5
      app/models/user.rb
  4. 43
      spec/controllers/account_controller_spec.rb

@ -320,6 +320,8 @@ class AccountController < ApplicationController
end
def self_registration!
return if enforce_activation_user_limit
if @user.nil?
@user = User.new
@user.admin = false

@ -119,6 +119,8 @@ module Concerns::OmniauthLogin
omni_auth_hash: auth_hash
}
return if enforce_activation_user_limit
# Create on the fly
register_user_according_to_setting(user, opts) do
# Allow registration form to show provider-specific title
@ -146,7 +148,7 @@ module Concerns::OmniauthLogin
end
def fill_user_fields_from_omniauth(user, auth)
user.update_attributes omniauth_hash_to_user_attributes(auth)
user.assign_attributes omniauth_hash_to_user_attributes(auth)
user.register unless user.invited?
user
end

@ -253,7 +253,10 @@ class User < Principal
user = new(attrs.except(:login))
user.login = login
user.language = Setting.default_language
if user.save
if OpenProject::Enterprise.user_limit_reached?
user.errors.add :base, I18n.t(:error_enterprise_activation_user_limit)
elsif user.save
user.reload
logger.info("User '#{user.login}' created from external auth source: #{user.auth_source.type} - #{user.auth_source.name}") if logger && user.auth_source
end

@ -270,6 +270,49 @@ describe AccountController, type: :controller do
expect(response.status).to eq 404
end
end
context 'with an auth source' do
let(:auth_source_id) { 42 }
let(:user_attributes) do
{
login: 's.scallywag',
firstname: 'Scarlet',
lastname: 'Scallywag',
mail: 's.scallywag@openproject.com',
auth_source_id: auth_source_id
}
end
let(:authenticate) { true }
before do
allow(Setting).to receive(:self_registration).and_return('0')
allow(Setting).to receive(:self_registration?).and_return(false)
allow(AuthSource).to receive(:authenticate).and_return(authenticate ? user_attributes : nil)
# required so that the register view can be rendered
allow_any_instance_of(User).to receive(:change_password_allowed?).and_return(false)
end
context 'with user limit reached' do
render_views
before do
allow(OpenProject::Enterprise).to receive(:user_limit_reached?).and_return(true)
post :login, params: { username: 'foo', password: 'bar' }
end
it 'shows the user limit error' do
expect(response.body).to have_text "user limit reached"
end
it 'renders the register form' do
expect(response.body).to include "/account/register"
end
end
end
end
describe '#login with omniauth_direct_login enabled',

Loading…
Cancel
Save