FEATURE: Allow user creation with admin api when local logins disabled (#9587)

This commit is contained in:
David Taylor 2020-04-30 02:39:24 +01:00 committed by GitHub
parent 310a7edee5
commit 367cbf5d2b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 25 additions and 1 deletions

View File

@ -477,7 +477,7 @@ class UsersController < ApplicationController
authentication = UserAuthenticator.new(user, session) authentication = UserAuthenticator.new(user, session)
if !authentication.has_authenticator? && !SiteSetting.enable_local_logins if !authentication.has_authenticator? && !SiteSetting.enable_local_logins && !(current_user&.admin? && is_api?)
return render body: nil, status: :forbidden return render body: nil, status: :forbidden
end end

View File

@ -654,6 +654,30 @@ describe UsersController do
expect(User.find_by(username: @user.username).user_option.timezone).to eq("Australia/Brisbane") expect(User.find_by(username: @user.username).user_option.timezone).to eq("Australia/Brisbane")
end end
end end
context "with local logins disabled" do
before do
SiteSetting.enable_local_logins = false
SiteSetting.enable_google_oauth2_logins = true
end
it "blocks registration without authenticator information" do
post_user
expect(response.status).to eq(403)
end
it "blocks with a regular api key" do
api_key = Fabricate(:api_key, user: user)
post "/u.json", params: post_user_params, headers: { HTTP_API_KEY: api_key.key }
expect(response.status).to eq(403)
end
it "works with an admin api key" do
api_key = Fabricate(:api_key, user: Fabricate(:admin))
post "/u.json", params: post_user_params, headers: { HTTP_API_KEY: api_key.key }
expect(response.status).to eq(200)
end
end
end end
context 'when creating a non active user (unconfirmed email)' do context 'when creating a non active user (unconfirmed email)' do