From 2ee94f78b4ce8116686c7e392afa4ac0cefade3e Mon Sep 17 00:00:00 2001 From: tidusjar Date: Wed, 9 Mar 2016 12:28:54 +0000 Subject: [PATCH] Added the denied user check to the UserLoginModule. added a test case to cover it. --- .../SettingModels/AuthenticationSettings.cs | 5 +++ .../SettingModels/CouchPotatoSettings.cs | 1 - PlexRequests.UI.Tests/UserLoginModuleTests.cs | 39 ++++++++++++++++++- PlexRequests.UI/Modules/UserLoginModule.cs | 19 +++++++-- .../Views/Admin/Authentication.cshtml | 2 +- .../Views/Admin/CouchPotato.cshtml | 16 -------- 6 files changed, 59 insertions(+), 23 deletions(-) diff --git a/PlexRequests.Core/SettingModels/AuthenticationSettings.cs b/PlexRequests.Core/SettingModels/AuthenticationSettings.cs index ccfa2ceb0..6a86c9005 100644 --- a/PlexRequests.Core/SettingModels/AuthenticationSettings.cs +++ b/PlexRequests.Core/SettingModels/AuthenticationSettings.cs @@ -49,6 +49,11 @@ namespace PlexRequests.Core.SettingModels get { var users = new List(); + if (string.IsNullOrEmpty(DeniedUsers)) + { + return users; + } + var splitUsers = DeniedUsers.Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries); foreach (var user in splitUsers) { diff --git a/PlexRequests.Core/SettingModels/CouchPotatoSettings.cs b/PlexRequests.Core/SettingModels/CouchPotatoSettings.cs index d577e1e1a..9b3d9b385 100644 --- a/PlexRequests.Core/SettingModels/CouchPotatoSettings.cs +++ b/PlexRequests.Core/SettingModels/CouchPotatoSettings.cs @@ -36,7 +36,6 @@ namespace PlexRequests.Core.SettingModels public string Ip { get; set; } public int Port { get; set; } public string ApiKey { get; set; } - public bool Enabled { get; set; } [JsonIgnore] public Uri FullUri diff --git a/PlexRequests.UI.Tests/UserLoginModuleTests.cs b/PlexRequests.UI.Tests/UserLoginModuleTests.cs index 63fd034c6..06e115eb9 100644 --- a/PlexRequests.UI.Tests/UserLoginModuleTests.cs +++ b/PlexRequests.UI.Tests/UserLoginModuleTests.cs @@ -176,7 +176,7 @@ namespace PlexRequests.UI.Tests Assert.That(HttpStatusCode.OK, Is.EqualTo(result.StatusCode)); - Assert.That(result.Context.Request.Session[SessionKeys.UsernameKey], Is.EqualTo("abc")); + Assert.That(result.Context.Request.Session[SessionKeys.UsernameKey], Is.Null); var body = JsonConvert.DeserializeObject(result.Body.AsString()); Assert.That(body.Result, Is.EqualTo(false)); @@ -286,7 +286,7 @@ namespace PlexRequests.UI.Tests Assert.That(HttpStatusCode.OK, Is.EqualTo(result.StatusCode)); - Assert.That(result.Context.Request.Session[SessionKeys.UsernameKey], Is.EqualTo("abc")); + Assert.That(result.Context.Request.Session[SessionKeys.UsernameKey], Is.Null); var body = JsonConvert.DeserializeObject(result.Body.AsString()); Assert.That(body.Result, Is.EqualTo(false)); @@ -295,5 +295,40 @@ namespace PlexRequests.UI.Tests PlexMock.Verify(x => x.SignIn(It.IsAny(), It.IsAny()), Times.Once); PlexMock.Verify(x => x.GetUsers(It.IsAny()), Times.Never); } + + [Test] + public void AttemptToLoginAsDeniedUser() + { + var expectedSettings = new AuthenticationSettings { UserAuthentication = false, DeniedUsers = "abc", PlexAuthToken = "abc" }; + AuthMock.Setup(x => x.GetSettings()).Returns(expectedSettings); + + var bootstrapper = new ConfigurableBootstrapper(with => + { + with.Module(); + with.Dependency(AuthMock.Object); + with.Dependency(PlexMock.Object); + with.RootPathProvider(); + }); + + bootstrapper.WithSession(new Dictionary()); + + var browser = new Browser(bootstrapper); + var result = browser.Post("/userlogin", with => + { + with.HttpRequest(); + with.Header("Accept", "application/json"); + with.FormValue("Username", "abc"); + }); + + Assert.That(HttpStatusCode.OK, Is.EqualTo(result.StatusCode)); + Assert.That(result.Context.Request.Session[SessionKeys.UsernameKey], Is.Null); + + var body = JsonConvert.DeserializeObject(result.Body.AsString()); + Assert.That(body.Result, Is.EqualTo(false)); + Assert.That(body.Message, Is.Not.Empty); + AuthMock.Verify(x => x.GetSettings(), Times.Once); + PlexMock.Verify(x => x.SignIn(It.IsAny(), It.IsAny()), Times.Never); + PlexMock.Verify(x => x.GetUsers(It.IsAny()), Times.Never); + } } } \ No newline at end of file diff --git a/PlexRequests.UI/Modules/UserLoginModule.cs b/PlexRequests.UI/Modules/UserLoginModule.cs index bf201bf06..1f342a570 100644 --- a/PlexRequests.UI/Modules/UserLoginModule.cs +++ b/PlexRequests.UI/Modules/UserLoginModule.cs @@ -63,6 +63,12 @@ namespace PlexRequests.UI.Modules var settings = AuthService.GetSettings(); var username = Request.Form.username.Value; + + if (IsUserInDeniedList(username, settings)) + { + return Response.AsJson(new JsonResponseModel { Result = false, Message = "Incorrect User or Password" }); + } + var password = string.Empty; if (settings.UsePassword) { @@ -87,9 +93,11 @@ namespace PlexRequests.UI.Modules authenticated = true; } - - // Add to the session (Used in the BaseModules) - Session[SessionKeys.UsernameKey] = (string)username; + if (authenticated) + { + // Add to the session (Used in the BaseModules) + Session[SessionKeys.UsernameKey] = (string)username; + } return Response.AsJson(authenticated ? new JsonResponseModel { Result = true } @@ -101,5 +109,10 @@ namespace PlexRequests.UI.Modules var users = Api.GetUsers(authToken); return users.User.Any(x => x.Username == username); } + + private bool IsUserInDeniedList(string username, AuthenticationSettings settings) + { + return settings.DeniedUserList.Any(x => x.Equals(username)); + } } } \ No newline at end of file diff --git a/PlexRequests.UI/Views/Admin/Authentication.cshtml b/PlexRequests.UI/Views/Admin/Authentication.cshtml index a7e032aa5..14f6d255f 100644 --- a/PlexRequests.UI/Views/Admin/Authentication.cshtml +++ b/PlexRequests.UI/Views/Admin/Authentication.cshtml @@ -137,7 +137,7 @@ $('#users').append(""); }); } else { - $('#users').append(""); + $('#users').append(""); } }, error: function (e) { diff --git a/PlexRequests.UI/Views/Admin/CouchPotato.cshtml b/PlexRequests.UI/Views/Admin/CouchPotato.cshtml index 835513d8c..8c2fb4639 100644 --- a/PlexRequests.UI/Views/Admin/CouchPotato.cshtml +++ b/PlexRequests.UI/Views/Admin/CouchPotato.cshtml @@ -15,22 +15,6 @@
CouchPotato Settings -
- -
- -
-
-