lino.jorzick
/
greenlight
forked from External/greenlight
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add check to make sure ldap username isn't blank (#1252) 

Co-authored-by: Jesus Federico <jesus@123it.ca>
This commit is contained in:
Ahmad Farhat 2020-04-16 12:42:27 -04:00 committed by GitHub
parent da82867abe
commit 7738499978
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 22 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/controllers/sessions_controller.rb
View File

@ -139,7 +139,9 @@ class SessionsController < ApplicationController
ldap_config[:base] = ENV['LDAP_BASE'] ldap_config[:base] = ENV['LDAP_BASE']
ldap_config[:uid] = ENV['LDAP_UID'] ldap_config[:uid] = ENV['LDAP_UID']
return redirect_to(ldap_signin_path, alert: I18n.t("invalid_credentials")) unless session_params[:password].present? if params[:session][:username].blank? || session_params[:password].blank?
return redirect_to(ldap_signin_path, alert: I18n.t("invalid_credentials"))
end
result = send_ldap_request(params[:session], ldap_config) result = send_ldap_request(params[:session], ldap_config)

24
spec/controllers/sessions_controller_spec.rb
View File

@ -522,7 +522,7 @@ describe SessionsController, type: :controller do
post :ldap, params: { post :ldap, params: {
session: { session: {
user: "test", username: "test",
password: 'password', password: 'password',
}, },
} }
@ -544,7 +544,7 @@ describe SessionsController, type: :controller do
post :ldap, params: { post :ldap, params: {
session: { session: {
user: "test", username: "test",
password: 'password', password: 'password',
}, },
} }
@ -567,7 +567,7 @@ describe SessionsController, type: :controller do
post :ldap, params: { post :ldap, params: {
session: { session: {
user: "test", username: "test",
password: 'password', password: 'password',
}, },
} }
@ -583,7 +583,7 @@ describe SessionsController, type: :controller do
post :ldap, params: { post :ldap, params: {
session: { session: {
user: "test", username: "test",
password: 'passwor', password: 'passwor',
}, },
} }
@ -597,7 +597,7 @@ describe SessionsController, type: :controller do
post :ldap, params: { post :ldap, params: {
session: { session: {
user: "test", username: "test",
password: '', password: '',
}, },
} }
@ -605,5 +605,19 @@ describe SessionsController, type: :controller do
expect(response).to redirect_to(ldap_signin_path) expect(response).to redirect_to(ldap_signin_path)
expect(flash[:alert]).to eq(I18n.t("invalid_credentials")) expect(flash[:alert]).to eq(I18n.t("invalid_credentials"))
end end
it "redirects to signin if no username provided" do
allow_any_instance_of(Net::LDAP).to receive(:bind_as).and_return(false)
post :ldap, params: {
session: {
username: "",
password: 'test',
},
}
expect(response).to redirect_to(ldap_signin_path)
expect(flash[:alert]).to eq(I18n.t("invalid_credentials"))
end
end end
end end