github/mealie
1
0
Fork 0
mirror of https://github.com/hay-kot/mealie.git synced 2025-08-21 14:03:32 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

Merge e57ca636f5 into f2b71e981e

Browse source
This commit is contained in:
LinuxSBC 2025-08-20 10:41:45 +02:00 committed by GitHub
commit 5a9448f7d9
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 43 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
mealie/core/security/providers/openid_provider.py
View file

@ -43,7 +43,9 @@ class OpenIDProvider(AuthProvider[UserInfo]):
# Check for empty required claims
for claim in self.required_claims:
if not claims.get(claim):
if not claims.get(claim) and claim != settings.OIDC_GROUPS_CLAIM: # Allow empty groups claim
# It doesn't actually matter if the groups claim is empty,
# since OIDC_ADMIN_GROUP can be set without OIDC_USER_GROUP
self._logger.error("[OIDC] Required claim '%s' is empty", claim)
raise MissingClaimException()

40
tests/unit_tests/core/security/providers/test_openid_provider.py
View file

@ -149,6 +149,46 @@ def test_has_admin_group_new_user(monkeypatch: MonkeyPatch, session: Session):
assert user.admin
def test_no_group_new_user(monkeypatch: MonkeyPatch, session: Session):
monkeypatch.setenv("OIDC_ADMIN_GROUP", "mealie_admin")
get_app_settings.cache_clear()
data = {
"preferred_username": "dude2",
"email": "dude2@email.com",
"name": "Firstname Lastname",
"groups": [],
}
auth_provider = OpenIDProvider(session, data)
assert auth_provider.authenticate() is not None
db = get_repositories(session, group_id=None, household_id=None)
user = db.users.get_one("dude2", "username")
assert user is not None
assert not user.admin
def test_nonmatching_group_new_user(monkeypatch: MonkeyPatch, session: Session):
monkeypatch.setenv("OIDC_ADMIN_GROUP", "mealie_admin")
get_app_settings.cache_clear()
data = {
"preferred_username": "dude2",
"email": "dude2@email.com",
"name": "Firstname Lastname",
"groups": ["testgroup"],
}
auth_provider = OpenIDProvider(session, data)
assert auth_provider.authenticate() is not None
db = get_repositories(session, group_id=None, household_id=None)
user = db.users.get_one("dude2", "username")
assert user is not None
assert not user.admin
@pytest.mark.parametrize("valid_group", [True, False])
@pytest.mark.parametrize("valid_household", [True, False])
def test_ldap_user_creation_invalid_group_or_household(