mirror of
https://github.com/yu-i-i/overleaf-cep.git
synced 2026-06-08 08:39:03 +02:00
If external auth system is in use, skip sudo-mode checks
This commit is contained in:
Shane Kilkelly
@@ -9,6 +9,9 @@ UserGetter = require '../User/UserGetter'
|
||||
module.exports = SudoModeController =
|
||||
|
||||
sudoModePrompt: (req, res, next) ->
|
||||
if req.externalAuthenticationSystemUsed()
|
||||
logger.log {userId}, "[SudoMode] using external auth, redirecting"
|
||||
return res.redirect('/project')
|
||||
userId = AuthenticationController.getLoggedInUserId(req)
|
||||
logger.log {userId}, "[SudoMode] rendering sudo mode password page"
|
||||
SudoModeHandler.isSudoModeActive userId, (err, isActive) ->
|
||||
|
||||
@@ -6,6 +6,9 @@ AuthenticationController = require '../Authentication/AuthenticationController'
|
||||
module.exports = SudoModeMiddlewear =
|
||||
|
||||
protectPage: (req, res, next) ->
|
||||
if req.externalAuthenticationSystemUsed()
|
||||
logger.log {userId}, "[SudoMode] using external auth, skipping sudo-mode check"
|
||||
return next()
|
||||
userId = AuthenticationController.getLoggedInUserId(req)
|
||||
logger.log {userId}, "[SudoMode] protecting endpoint, checking if sudo mode is active"
|
||||
SudoModeHandler.isSudoModeActive userId, (err, isActive) ->
|
||||
|
||||
@@ -84,6 +84,11 @@ module.exports = (app, webRouter, apiRouter)->
|
||||
webRouter.use addSetContentDisposition
|
||||
apiRouter.use addSetContentDisposition
|
||||
|
||||
webRouter.use (req, res, next)->
|
||||
req.externalAuthenticationSystemUsed = res.locals.externalAuthenticationSystemUsed = ->
|
||||
Settings.ldap? or Settings.saml?
|
||||
next()
|
||||
|
||||
webRouter.use (req, res, next)->
|
||||
|
||||
cdnBlocked = req.query.nocdn == 'true' or req.session.cdnBlocked
|
||||
@@ -222,11 +227,6 @@ module.exports = (app, webRouter, apiRouter)->
|
||||
res.locals.formatPrice = SubscriptionFormatters.formatPrice
|
||||
next()
|
||||
|
||||
webRouter.use (req, res, next)->
|
||||
res.locals.externalAuthenticationSystemUsed = ->
|
||||
Settings.ldap? or Settings.saml?
|
||||
next()
|
||||
|
||||
webRouter.use (req, res, next)->
|
||||
currentUser = AuthenticationController.getSessionUser(req)
|
||||
if currentUser?
|
||||
|
||||
@@ -34,7 +34,7 @@ describe 'SudoModeController', ->
|
||||
describe 'sudoModePrompt', ->
|
||||
beforeEach ->
|
||||
@SudoModeHandler.isSudoModeActive = sinon.stub().callsArgWith(1, null, false)
|
||||
@req = {}
|
||||
@req = {externalAuthenticationSystemUsed: sinon.stub().returns(false)}
|
||||
@res = {redirect: sinon.stub(), render: sinon.stub()}
|
||||
@next = sinon.stub()
|
||||
|
||||
@@ -70,6 +70,27 @@ describe 'SudoModeController', ->
|
||||
@next.callCount.should.equal 1
|
||||
expect(@next.lastCall.args[0]).to.be.instanceof Error
|
||||
|
||||
it 'should not render page', ->
|
||||
@SudoModeController.sudoModePrompt(@req, @res, @next)
|
||||
@res.render.callCount.should.equal 0
|
||||
|
||||
describe 'when external auth system is used', ->
|
||||
beforeEach ->
|
||||
@req.externalAuthenticationSystemUsed = sinon.stub().returns(true)
|
||||
|
||||
it 'should redirect', ->
|
||||
@SudoModeController.sudoModePrompt(@req, @res, @next)
|
||||
@res.redirect.callCount.should.equal 1
|
||||
@res.redirect.calledWith('/project').should.equal true
|
||||
|
||||
it 'should not check if sudo mode is active', ->
|
||||
@SudoModeController.sudoModePrompt(@req, @res, @next)
|
||||
@SudoModeHandler.isSudoModeActive.callCount.should.equal 0
|
||||
|
||||
it 'should not render page', ->
|
||||
@SudoModeController.sudoModePrompt(@req, @res, @next)
|
||||
@res.render.callCount.should.equal 0
|
||||
|
||||
describe 'submitPassword', ->
|
||||
beforeEach ->
|
||||
@AuthenticationController._getRedirectFromSession = sinon.stub().returns '/somewhere'
|
||||
|
||||
@@ -21,8 +21,9 @@ describe 'SudoModeMiddlewear', ->
|
||||
|
||||
describe 'protectPage', ->
|
||||
beforeEach ->
|
||||
@externalAuth = false
|
||||
@call = (cb) =>
|
||||
@req = {}
|
||||
@req = {externalAuthenticationSystemUsed: sinon.stub().returns(@externalAuth)}
|
||||
@res = {redirect: sinon.stub()}
|
||||
@next = sinon.stub()
|
||||
@SudoModeMiddlewear.protectPage @req, @res, @next
|
||||
@@ -100,3 +101,23 @@ describe 'SudoModeMiddlewear', ->
|
||||
@next.callCount.should.equal 1
|
||||
expect(@next.lastCall.args[0]).to.be.instanceof Error
|
||||
done()
|
||||
|
||||
describe 'when external auth is being used', ->
|
||||
beforeEach ->
|
||||
@externalAuth = true
|
||||
|
||||
it 'should immediately return next with no args', (done) ->
|
||||
@call () =>
|
||||
@next.callCount.should.equal 1
|
||||
expect(@next.lastCall.args[0]).to.not.exist
|
||||
done()
|
||||
|
||||
it 'should not get the current user id', (done) ->
|
||||
@call () =>
|
||||
@AuthenticationController.getLoggedInUserId.callCount.should.equal 0
|
||||
done()
|
||||
|
||||
it 'should not check if sudo-mode is active', (done) ->
|
||||
@call () =>
|
||||
@SudoModeHandler.isSudoModeActive.callCount.should.equal 0
|
||||
done()
|
||||
|
||||
Reference in New Issue
Block a user