mirror of
https://akkoma.dev/AkkomaGang/akkoma.git
synced 2024-11-10 11:19:19 +00:00
Remove fallback to local database when LDAP is unavailable.
In many environments this will not work as the LDAP password and the copy stored in Pleroma will stay synchronized.
This commit is contained in:
parent
f7146583e5
commit
0f9aecbca4
2 changed files with 0 additions and 49 deletions
|
@ -28,10 +28,6 @@ defmodule Pleroma.Web.Auth.LDAPAuthenticator do
|
|||
%User{} = user <- ldap_user(name, password) do
|
||||
{:ok, user}
|
||||
else
|
||||
{:error, {:ldap_connection_error, _}} ->
|
||||
# When LDAP is unavailable, try default authenticator
|
||||
@base.get_user(conn)
|
||||
|
||||
{:ldap, _} ->
|
||||
@base.get_user(conn)
|
||||
|
||||
|
|
|
@ -7,7 +7,6 @@ defmodule Pleroma.Web.OAuth.LDAPAuthorizationTest do
|
|||
alias Pleroma.Repo
|
||||
alias Pleroma.Web.OAuth.Token
|
||||
import Pleroma.Factory
|
||||
import ExUnit.CaptureLog
|
||||
import Mock
|
||||
|
||||
@skip if !Code.ensure_loaded?(:eldap), do: :skip
|
||||
|
@ -99,50 +98,6 @@ defmodule Pleroma.Web.OAuth.LDAPAuthorizationTest do
|
|||
end
|
||||
end
|
||||
|
||||
@tag @skip
|
||||
test "falls back to the default authorization when LDAP is unavailable" do
|
||||
password = "testpassword"
|
||||
user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt(password))
|
||||
app = insert(:oauth_app, scopes: ["read", "write"])
|
||||
|
||||
host = Pleroma.Config.get([:ldap, :host]) |> to_charlist
|
||||
port = Pleroma.Config.get([:ldap, :port])
|
||||
|
||||
with_mocks [
|
||||
{:eldap, [],
|
||||
[
|
||||
open: fn [^host], [{:port, ^port}, {:ssl, false} | _] -> {:error, 'connect failed'} end,
|
||||
simple_bind: fn _connection, _dn, ^password -> :ok end,
|
||||
close: fn _connection ->
|
||||
send(self(), :close_connection)
|
||||
:ok
|
||||
end
|
||||
]}
|
||||
] do
|
||||
log =
|
||||
capture_log(fn ->
|
||||
conn =
|
||||
build_conn()
|
||||
|> post("/oauth/token", %{
|
||||
"grant_type" => "password",
|
||||
"username" => user.nickname,
|
||||
"password" => password,
|
||||
"client_id" => app.client_id,
|
||||
"client_secret" => app.client_secret
|
||||
})
|
||||
|
||||
assert %{"access_token" => token} = json_response(conn, 200)
|
||||
|
||||
token = Repo.get_by(Token, token: token)
|
||||
|
||||
assert token.user_id == user.id
|
||||
end)
|
||||
|
||||
assert log =~ "Could not open LDAP connection: 'connect failed'"
|
||||
refute_received :close_connection
|
||||
end
|
||||
end
|
||||
|
||||
@tag @skip
|
||||
test "disallow authorization for wrong LDAP credentials" do
|
||||
password = "testpassword"
|
||||
|
|
Loading…
Reference in a new issue