FIX: Missing 2FA guards when sso is enabled or when local login is disabled.
This commit is contained in:
parent
e19ae6c55e
commit
939180efa8
|
@ -952,6 +952,7 @@ class UsersController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
def create_second_factor
|
def create_second_factor
|
||||||
|
raise Discourse::NotFound if SiteSetting.enable_sso || !SiteSetting.enable_local_logins
|
||||||
RateLimiter.new(nil, "login-hr-#{request.remote_ip}", SiteSetting.max_logins_per_ip_per_hour, 1.hour).performed!
|
RateLimiter.new(nil, "login-hr-#{request.remote_ip}", SiteSetting.max_logins_per_ip_per_hour, 1.hour).performed!
|
||||||
RateLimiter.new(nil, "login-min-#{request.remote_ip}", SiteSetting.max_logins_per_ip_per_minute, 1.minute).performed!
|
RateLimiter.new(nil, "login-min-#{request.remote_ip}", SiteSetting.max_logins_per_ip_per_minute, 1.minute).performed!
|
||||||
|
|
||||||
|
|
|
@ -33,6 +33,8 @@ module SecondFactorManager
|
||||||
end
|
end
|
||||||
|
|
||||||
def totp_enabled?
|
def totp_enabled?
|
||||||
!!(self&.user_second_factor&.enabled?)
|
!!(self&.user_second_factor&.enabled?) &&
|
||||||
|
!SiteSetting.enable_sso &&
|
||||||
|
SiteSetting.enable_local_logins
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -89,5 +89,22 @@ RSpec.describe SecondFactorManager do
|
||||||
expect(user.totp_enabled?).to eq(true)
|
expect(user.totp_enabled?).to eq(true)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe 'when SSO is enabled' do
|
||||||
|
it 'should return false' do
|
||||||
|
SiteSetting.sso_url = 'http://someurl.com'
|
||||||
|
SiteSetting.enable_sso = true
|
||||||
|
|
||||||
|
expect(user.totp_enabled?).to eq(false)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'when local login is disabled' do
|
||||||
|
it 'should return false' do
|
||||||
|
SiteSetting.enable_local_logins = false
|
||||||
|
|
||||||
|
expect(user.totp_enabled?).to eq(false)
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -431,6 +431,31 @@ RSpec.describe UsersController do
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe 'when local logins are disabled' do
|
||||||
|
it 'should return the right response' do
|
||||||
|
SiteSetting.enable_local_logins = false
|
||||||
|
|
||||||
|
post "/users/second_factors.json", params: {
|
||||||
|
password: 'somecomplicatedpassword'
|
||||||
|
}
|
||||||
|
|
||||||
|
expect(response.status).to eq(404)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'when SSO is enabled' do
|
||||||
|
it 'should return the right response' do
|
||||||
|
SiteSetting.sso_url = 'http://someurl.com'
|
||||||
|
SiteSetting.enable_sso = true
|
||||||
|
|
||||||
|
post "/users/second_factors.json", params: {
|
||||||
|
password: 'somecomplicatedpassword'
|
||||||
|
}
|
||||||
|
|
||||||
|
expect(response.status).to eq(404)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
it 'succeeds on correct password' do
|
it 'succeeds on correct password' do
|
||||||
post "/users/second_factors.json", params: {
|
post "/users/second_factors.json", params: {
|
||||||
password: 'somecomplicatedpassword'
|
password: 'somecomplicatedpassword'
|
||||||
|
|
Loading…
Reference in New Issue