mirror of
https://github.com/Ombi-app/Ombi.git
synced 2025-07-07 13:41:13 -07:00
Added the denied user check to the UserLoginModule. added a test case to cover it.
This commit is contained in:
tidusjar
parent
3eaf1971ec
commit
2ee94f78b4
6 changed files with 59 additions and 23 deletions
|
|
@ -49,6 +49,11 @@ namespace PlexRequests.Core.SettingModels
|
|||
get
|
||||
{
|
||||
var users = new List<string>();
|
||||
if (string.IsNullOrEmpty(DeniedUsers))
|
||||
{
|
||||
return users;
|
||||
}
|
||||
|
||||
var splitUsers = DeniedUsers.Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
|
||||
foreach (var user in splitUsers)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -36,7 +36,6 @@ namespace PlexRequests.Core.SettingModels
|
|||
public string Ip { get; set; }
|
||||
public int Port { get; set; }
|
||||
public string ApiKey { get; set; }
|
||||
public bool Enabled { get; set; }
|
||||
|
||||
[JsonIgnore]
|
||||
public Uri FullUri
|
||||
|
|
|
|||
|
|
@ -176,7 +176,7 @@ namespace PlexRequests.UI.Tests
|
|||
|
||||
|
||||
Assert.That(HttpStatusCode.OK, Is.EqualTo(result.StatusCode));
|
||||
Assert.That(result.Context.Request.Session[SessionKeys.UsernameKey], Is.EqualTo("abc"));
|
||||
Assert.That(result.Context.Request.Session[SessionKeys.UsernameKey], Is.Null);
|
||||
|
||||
var body = JsonConvert.DeserializeObject<JsonResponseModel>(result.Body.AsString());
|
||||
Assert.That(body.Result, Is.EqualTo(false));
|
||||
|
|
@ -286,7 +286,7 @@ namespace PlexRequests.UI.Tests
|
|||
|
||||
|
||||
Assert.That(HttpStatusCode.OK, Is.EqualTo(result.StatusCode));
|
||||
Assert.That(result.Context.Request.Session[SessionKeys.UsernameKey], Is.EqualTo("abc"));
|
||||
Assert.That(result.Context.Request.Session[SessionKeys.UsernameKey], Is.Null);
|
||||
|
||||
var body = JsonConvert.DeserializeObject<JsonResponseModel>(result.Body.AsString());
|
||||
Assert.That(body.Result, Is.EqualTo(false));
|
||||
|
|
@ -295,5 +295,40 @@ namespace PlexRequests.UI.Tests
|
|||
PlexMock.Verify(x => x.SignIn(It.IsAny<string>(), It.IsAny<string>()), Times.Once);
|
||||
PlexMock.Verify(x => x.GetUsers(It.IsAny<string>()), Times.Never);
|
||||
}
|
||||
|
||||
[Test]
|
||||
public void AttemptToLoginAsDeniedUser()
|
||||
{
|
||||
var expectedSettings = new AuthenticationSettings { UserAuthentication = false, DeniedUsers = "abc", PlexAuthToken = "abc" };
|
||||
AuthMock.Setup(x => x.GetSettings()).Returns(expectedSettings);
|
||||
|
||||
var bootstrapper = new ConfigurableBootstrapper(with =>
|
||||
{
|
||||
with.Module<UserLoginModule>();
|
||||
with.Dependency(AuthMock.Object);
|
||||
with.Dependency(PlexMock.Object);
|
||||
with.RootPathProvider<TestRootPathProvider>();
|
||||
});
|
||||
|
||||
bootstrapper.WithSession(new Dictionary<string, object>());
|
||||
|
||||
var browser = new Browser(bootstrapper);
|
||||
var result = browser.Post("/userlogin", with =>
|
||||
{
|
||||
with.HttpRequest();
|
||||
with.Header("Accept", "application/json");
|
||||
with.FormValue("Username", "abc");
|
||||
});
|
||||
|
||||
Assert.That(HttpStatusCode.OK, Is.EqualTo(result.StatusCode));
|
||||
Assert.That(result.Context.Request.Session[SessionKeys.UsernameKey], Is.Null);
|
||||
|
||||
var body = JsonConvert.DeserializeObject<JsonResponseModel>(result.Body.AsString());
|
||||
Assert.That(body.Result, Is.EqualTo(false));
|
||||
Assert.That(body.Message, Is.Not.Empty);
|
||||
AuthMock.Verify(x => x.GetSettings(), Times.Once);
|
||||
PlexMock.Verify(x => x.SignIn(It.IsAny<string>(), It.IsAny<string>()), Times.Never);
|
||||
PlexMock.Verify(x => x.GetUsers(It.IsAny<string>()), Times.Never);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -63,6 +63,12 @@ namespace PlexRequests.UI.Modules
|
|||
|
||||
var settings = AuthService.GetSettings();
|
||||
var username = Request.Form.username.Value;
|
||||
|
||||
if (IsUserInDeniedList(username, settings))
|
||||
{
|
||||
return Response.AsJson(new JsonResponseModel { Result = false, Message = "Incorrect User or Password" });
|
||||
}
|
||||
|
||||
var password = string.Empty;
|
||||
if (settings.UsePassword)
|
||||
{
|
||||
|
|
@ -87,9 +93,11 @@ namespace PlexRequests.UI.Modules
|
|||
authenticated = true;
|
||||
}
|
||||
|
||||
|
||||
// Add to the session (Used in the BaseModules)
|
||||
Session[SessionKeys.UsernameKey] = (string)username;
|
||||
if (authenticated)
|
||||
{
|
||||
// Add to the session (Used in the BaseModules)
|
||||
Session[SessionKeys.UsernameKey] = (string)username;
|
||||
}
|
||||
|
||||
return Response.AsJson(authenticated
|
||||
? new JsonResponseModel { Result = true }
|
||||
|
|
@ -101,5 +109,10 @@ namespace PlexRequests.UI.Modules
|
|||
var users = Api.GetUsers(authToken);
|
||||
return users.User.Any(x => x.Username == username);
|
||||
}
|
||||
|
||||
private bool IsUserInDeniedList(string username, AuthenticationSettings settings)
|
||||
{
|
||||
return settings.DeniedUserList.Any(x => x.Equals(username));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -137,7 +137,7 @@
|
|||
$('#users').append("<option>" + this + "</option>");
|
||||
});
|
||||
} else {
|
||||
$('#users').append("<option>No Users!</option>");
|
||||
$('#users').append("<option>No Users, Please refresh!</option>");
|
||||
}
|
||||
},
|
||||
error: function (e) {
|
||||
|
|
|
|||
|
|
@ -15,22 +15,6 @@
|
|||
<fieldset>
|
||||
<legend>CouchPotato Settings</legend>
|
||||
|
||||
<div class="form-group">
|
||||
<label for="Enabled" class="col-lg-2 control-label">Enable CouchPotato</label>
|
||||
<div class="col-lg-10 checkbox">
|
||||
<label>
|
||||
@if (Model.Enabled)
|
||||
{
|
||||
<input type="checkbox" id="Enabled" name="Enabled" checked="checked">
|
||||
}
|
||||
else
|
||||
{
|
||||
<input type="checkbox" id="Enabled" name="Enabled">
|
||||
}
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="form-group">
|
||||
<label for="Ip" class="col-lg-2 control-label">CouchPotato Hostname or IP</label>
|
||||
<div class="col-lg-10">
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue