mirror of
https://github.com/Ombi-app/Ombi.git
synced 2025-07-07 21:51:13 -07:00
Added the denied user check to the UserLoginModule. added a test case to cover it.
This commit is contained in:
tidusjar
parent
3eaf1971ec
commit
2ee94f78b4
6 changed files with 59 additions and 23 deletions
|
|
@ -49,6 +49,11 @@ namespace PlexRequests.Core.SettingModels
|
||||||
get
|
get
|
||||||
{
|
{
|
||||||
var users = new List<string>();
|
var users = new List<string>();
|
||||||
|
if (string.IsNullOrEmpty(DeniedUsers))
|
||||||
|
{
|
||||||
|
return users;
|
||||||
|
}
|
||||||
|
|
||||||
var splitUsers = DeniedUsers.Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
|
var splitUsers = DeniedUsers.Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
|
||||||
foreach (var user in splitUsers)
|
foreach (var user in splitUsers)
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -36,7 +36,6 @@ namespace PlexRequests.Core.SettingModels
|
||||||
public string Ip { get; set; }
|
public string Ip { get; set; }
|
||||||
public int Port { get; set; }
|
public int Port { get; set; }
|
||||||
public string ApiKey { get; set; }
|
public string ApiKey { get; set; }
|
||||||
public bool Enabled { get; set; }
|
|
||||||
|
|
||||||
[JsonIgnore]
|
[JsonIgnore]
|
||||||
public Uri FullUri
|
public Uri FullUri
|
||||||
|
|
|
||||||
|
|
@ -176,7 +176,7 @@ namespace PlexRequests.UI.Tests
|
||||||
|
|
||||||
|
|
||||||
Assert.That(HttpStatusCode.OK, Is.EqualTo(result.StatusCode));
|
Assert.That(HttpStatusCode.OK, Is.EqualTo(result.StatusCode));
|
||||||
Assert.That(result.Context.Request.Session[SessionKeys.UsernameKey], Is.EqualTo("abc"));
|
Assert.That(result.Context.Request.Session[SessionKeys.UsernameKey], Is.Null);
|
||||||
|
|
||||||
var body = JsonConvert.DeserializeObject<JsonResponseModel>(result.Body.AsString());
|
var body = JsonConvert.DeserializeObject<JsonResponseModel>(result.Body.AsString());
|
||||||
Assert.That(body.Result, Is.EqualTo(false));
|
Assert.That(body.Result, Is.EqualTo(false));
|
||||||
|
|
@ -286,7 +286,7 @@ namespace PlexRequests.UI.Tests
|
||||||
|
|
||||||
|
|
||||||
Assert.That(HttpStatusCode.OK, Is.EqualTo(result.StatusCode));
|
Assert.That(HttpStatusCode.OK, Is.EqualTo(result.StatusCode));
|
||||||
Assert.That(result.Context.Request.Session[SessionKeys.UsernameKey], Is.EqualTo("abc"));
|
Assert.That(result.Context.Request.Session[SessionKeys.UsernameKey], Is.Null);
|
||||||
|
|
||||||
var body = JsonConvert.DeserializeObject<JsonResponseModel>(result.Body.AsString());
|
var body = JsonConvert.DeserializeObject<JsonResponseModel>(result.Body.AsString());
|
||||||
Assert.That(body.Result, Is.EqualTo(false));
|
Assert.That(body.Result, Is.EqualTo(false));
|
||||||
|
|
@ -295,5 +295,40 @@ namespace PlexRequests.UI.Tests
|
||||||
PlexMock.Verify(x => x.SignIn(It.IsAny<string>(), It.IsAny<string>()), Times.Once);
|
PlexMock.Verify(x => x.SignIn(It.IsAny<string>(), It.IsAny<string>()), Times.Once);
|
||||||
PlexMock.Verify(x => x.GetUsers(It.IsAny<string>()), Times.Never);
|
PlexMock.Verify(x => x.GetUsers(It.IsAny<string>()), Times.Never);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[Test]
|
||||||
|
public void AttemptToLoginAsDeniedUser()
|
||||||
|
{
|
||||||
|
var expectedSettings = new AuthenticationSettings { UserAuthentication = false, DeniedUsers = "abc", PlexAuthToken = "abc" };
|
||||||
|
AuthMock.Setup(x => x.GetSettings()).Returns(expectedSettings);
|
||||||
|
|
||||||
|
var bootstrapper = new ConfigurableBootstrapper(with =>
|
||||||
|
{
|
||||||
|
with.Module<UserLoginModule>();
|
||||||
|
with.Dependency(AuthMock.Object);
|
||||||
|
with.Dependency(PlexMock.Object);
|
||||||
|
with.RootPathProvider<TestRootPathProvider>();
|
||||||
|
});
|
||||||
|
|
||||||
|
bootstrapper.WithSession(new Dictionary<string, object>());
|
||||||
|
|
||||||
|
var browser = new Browser(bootstrapper);
|
||||||
|
var result = browser.Post("/userlogin", with =>
|
||||||
|
{
|
||||||
|
with.HttpRequest();
|
||||||
|
with.Header("Accept", "application/json");
|
||||||
|
with.FormValue("Username", "abc");
|
||||||
|
});
|
||||||
|
|
||||||
|
Assert.That(HttpStatusCode.OK, Is.EqualTo(result.StatusCode));
|
||||||
|
Assert.That(result.Context.Request.Session[SessionKeys.UsernameKey], Is.Null);
|
||||||
|
|
||||||
|
var body = JsonConvert.DeserializeObject<JsonResponseModel>(result.Body.AsString());
|
||||||
|
Assert.That(body.Result, Is.EqualTo(false));
|
||||||
|
Assert.That(body.Message, Is.Not.Empty);
|
||||||
|
AuthMock.Verify(x => x.GetSettings(), Times.Once);
|
||||||
|
PlexMock.Verify(x => x.SignIn(It.IsAny<string>(), It.IsAny<string>()), Times.Never);
|
||||||
|
PlexMock.Verify(x => x.GetUsers(It.IsAny<string>()), Times.Never);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -63,6 +63,12 @@ namespace PlexRequests.UI.Modules
|
||||||
|
|
||||||
var settings = AuthService.GetSettings();
|
var settings = AuthService.GetSettings();
|
||||||
var username = Request.Form.username.Value;
|
var username = Request.Form.username.Value;
|
||||||
|
|
||||||
|
if (IsUserInDeniedList(username, settings))
|
||||||
|
{
|
||||||
|
return Response.AsJson(new JsonResponseModel { Result = false, Message = "Incorrect User or Password" });
|
||||||
|
}
|
||||||
|
|
||||||
var password = string.Empty;
|
var password = string.Empty;
|
||||||
if (settings.UsePassword)
|
if (settings.UsePassword)
|
||||||
{
|
{
|
||||||
|
|
@ -87,9 +93,11 @@ namespace PlexRequests.UI.Modules
|
||||||
authenticated = true;
|
authenticated = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (authenticated)
|
||||||
// Add to the session (Used in the BaseModules)
|
{
|
||||||
Session[SessionKeys.UsernameKey] = (string)username;
|
// Add to the session (Used in the BaseModules)
|
||||||
|
Session[SessionKeys.UsernameKey] = (string)username;
|
||||||
|
}
|
||||||
|
|
||||||
return Response.AsJson(authenticated
|
return Response.AsJson(authenticated
|
||||||
? new JsonResponseModel { Result = true }
|
? new JsonResponseModel { Result = true }
|
||||||
|
|
@ -101,5 +109,10 @@ namespace PlexRequests.UI.Modules
|
||||||
var users = Api.GetUsers(authToken);
|
var users = Api.GetUsers(authToken);
|
||||||
return users.User.Any(x => x.Username == username);
|
return users.User.Any(x => x.Username == username);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private bool IsUserInDeniedList(string username, AuthenticationSettings settings)
|
||||||
|
{
|
||||||
|
return settings.DeniedUserList.Any(x => x.Equals(username));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -137,7 +137,7 @@
|
||||||
$('#users').append("<option>" + this + "</option>");
|
$('#users').append("<option>" + this + "</option>");
|
||||||
});
|
});
|
||||||
} else {
|
} else {
|
||||||
$('#users').append("<option>No Users!</option>");
|
$('#users').append("<option>No Users, Please refresh!</option>");
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
error: function (e) {
|
error: function (e) {
|
||||||
|
|
|
||||||
|
|
@ -15,22 +15,6 @@
|
||||||
<fieldset>
|
<fieldset>
|
||||||
<legend>CouchPotato Settings</legend>
|
<legend>CouchPotato Settings</legend>
|
||||||
|
|
||||||
<div class="form-group">
|
|
||||||
<label for="Enabled" class="col-lg-2 control-label">Enable CouchPotato</label>
|
|
||||||
<div class="col-lg-10 checkbox">
|
|
||||||
<label>
|
|
||||||
@if (Model.Enabled)
|
|
||||||
{
|
|
||||||
<input type="checkbox" id="Enabled" name="Enabled" checked="checked">
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
<input type="checkbox" id="Enabled" name="Enabled">
|
|
||||||
}
|
|
||||||
</label>
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
|
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label for="Ip" class="col-lg-2 control-label">CouchPotato Hostname or IP</label>
|
<label for="Ip" class="col-lg-2 control-label">CouchPotato Hostname or IP</label>
|
||||||
<div class="col-lg-10">
|
<div class="col-lg-10">
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue