Prevented LDAP sign in without password (#1092)

Co-authored-by: Jesus Federico <jesus@123it.ca>
2020-04-01 10:45:45 -04:00
parent fab3b479c9
commit c72d77dbcb
2 changed files with 16 additions and 0 deletions
--- a/spec/controllers/sessions_controller_spec.rb
+++ b/spec/controllers/sessions_controller_spec.rb
@ -591,5 +591,19 @@ describe SessionsController, type: :controller do
      expect(response).to redirect_to(ldap_signin_path)
      expect(flash[:alert]).to eq(I18n.t("invalid_credentials"))
    end
+
+    it "redirects to signin if no password provided" do
+      allow_any_instance_of(Net::LDAP).to receive(:bind_as).and_return(false)
+
+      post :ldap, params: {
+        session: {
+          user: "test",
+          password: '',
+        },
+      }
+
+      expect(response).to redirect_to(ldap_signin_path)
+      expect(flash[:alert]).to eq(I18n.t("invalid_credentials"))
+    end
  end
 end