captain_arepa
/
akkoma-cachapa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove fallback to local database when LDAP is unavailable.

Browse Source 
In many environments this will not work as the LDAP password and the copy stored in Pleroma will stay synchronized.
stable
Mark Felder 4 years ago
parent f7146583e5
commit 0f9aecbca4
2 changed files with 0 additions and 49 deletions
Show Stats Download Patch File Download Diff File

4
lib/pleroma/web/auth/ldap_authenticator.ex
Unescape View File

@ -28,10 +28,6 @@ defmodule Pleroma.Web.Auth.LDAPAuthenticator do
%User{} = user <- ldap_user(name, password) do %User{} = user <- ldap_user(name, password) do
{:ok, user} {:ok, user}
else else
{:error, {:ldap_connection_error, _}} ->
# When LDAP is unavailable, try default authenticator
@base.get_user(conn)
{:ldap, _} -> {:ldap, _} ->
@base.get_user(conn) @base.get_user(conn)

45
test/web/oauth/ldap_authorization_test.exs
Unescape View File

@ -7,7 +7,6 @@ defmodule Pleroma.Web.OAuth.LDAPAuthorizationTest do
alias Pleroma.Repo alias Pleroma.Repo
alias Pleroma.Web.OAuth.Token alias Pleroma.Web.OAuth.Token
import Pleroma.Factory import Pleroma.Factory
import ExUnit.CaptureLog
import Mock import Mock
@skip if !Code.ensure_loaded?(:eldap), do: :skip @skip if !Code.ensure_loaded?(:eldap), do: :skip
@ -99,50 +98,6 @@ defmodule Pleroma.Web.OAuth.LDAPAuthorizationTest do
end end
end end
@tag @skip
test "falls back to the default authorization when LDAP is unavailable" do
password = "testpassword"
user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt(password))
app = insert(:oauth_app, scopes: ["read", "write"])
host = Pleroma.Config.get([:ldap, :host]) |> to_charlist
port = Pleroma.Config.get([:ldap, :port])
with_mocks [
{:eldap, [],
[
open: fn [^host], [{:port, ^port}, {:ssl, false} | _] -> {:error, 'connect failed'} end,
simple_bind: fn _connection, _dn, ^password -> :ok end,
close: fn _connection ->
send(self(), :close_connection)
:ok
end
]}
] do
log =
capture_log(fn ->
conn =
build_conn()
|> post("/oauth/token", %{
"grant_type" => "password",
"username" => user.nickname,
"password" => password,
"client_id" => app.client_id,
"client_secret" => app.client_secret
})
assert %{"access_token" => token} = json_response(conn, 200)
token = Repo.get_by(Token, token: token)
assert token.user_id == user.id
end)
assert log =~ "Could not open LDAP connection: 'connect failed'"
refute_received :close_connection
end
end
@tag @skip @tag @skip
test "disallow authorization for wrong LDAP credentials" do test "disallow authorization for wrong LDAP credentials" do
password = "testpassword" password = "testpassword"

Write Preview
Loading…
Cancel
Save