Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
161a05b9
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
161a05b9
编写于
3月 22, 2018
作者:
T
Tiago Botelho
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Writes specs
上级
f7420102
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
88 addition
and
45 deletion
+88
-45
app/controllers/omniauth_callbacks_controller.rb
app/controllers/omniauth_callbacks_controller.rb
+4
-2
changelogs/unreleased/43525-limit-number-of-failed-logins-using-ldap.yml
...leased/43525-limit-number-of-failed-logins-using-ldap.yml
+5
-0
spec/controllers/omniauth_callbacks_controller_spec.rb
spec/controllers/omniauth_callbacks_controller_spec.rb
+79
-43
未找到文件。
app/controllers/omniauth_callbacks_controller.rb
浏览文件 @
161a05b9
...
...
@@ -21,9 +21,11 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
# Extend the standard implementation to also increment
# the number of failed sign in attempts
def
failure
user
=
User
.
find_by_username
(
params
[
:username
])
if
params
[
:username
].
present?
&&
AuthHelper
.
form_based_provider?
(
failed_strategy
.
name
)
user
=
User
.
by_login
(
params
[
:username
])
user
&
.
increment_failed_attempts!
user
&
.
increment_failed_attempts!
end
super
end
...
...
changelogs/unreleased/43525-limit-number-of-failed-logins-using-ldap.yml
0 → 100644
浏览文件 @
161a05b9
---
title
:
Limit the number of failed logins when using LDAP for authentication
merge_request
:
43525
author
:
type
:
added
spec/controllers/omniauth_callbacks_controller_spec.rb
浏览文件 @
161a05b9
...
...
@@ -10,83 +10,119 @@ describe OmniauthCallbacksController do
stub_omniauth_provider
(
provider
,
context:
request
)
end
context
'
github
'
do
context
'
when the user is on the last sign in attempt
'
do
let
(
:extern_uid
)
{
'my-uid'
}
let
(
:provider
)
{
:github
}
it
'allows sign in'
do
post
provider
expect
(
request
.
env
[
'warden'
]).
to
be_authenticated
before
do
user
.
update
(
failed_attempts:
User
.
maximum_attempts
.
pred
)
subject
.
response
=
ActionDispatch
::
Response
.
new
end
shared_context
'sign_up'
do
let
(
:user
)
{
double
(
email:
'new@example.com'
)
}
context
'when using a form based provider'
do
let
(
:provider
)
{
:ldap
}
it
'locks the user when sign in fails'
do
allow
(
subject
).
to
receive
(
:params
).
and_return
(
ActionController
::
Parameters
.
new
(
username:
user
.
username
))
request
.
env
[
'omniauth.error.strategy'
]
=
OmniAuth
::
Strategies
::
LDAP
.
new
(
nil
)
subject
.
send
(
:failure
)
before
do
stub_omniauth_setting
(
block_auto_created_users:
false
)
expect
(
user
.
reload
).
to
be_access_locked
end
end
context
'
sign up
'
do
include_context
'sign_up'
context
'
when using a button based provider
'
do
let
(
:provider
)
{
:github
}
it
'
is allowed
'
do
post
provider
it
'
does not lock the user when sign in fails
'
do
request
.
env
[
'omniauth.error.strategy'
]
=
OmniAuth
::
Strategies
::
GitHub
.
new
(
nil
)
expect
(
request
.
env
[
'warden'
]).
to
be_authenticated
subject
.
send
(
:failure
)
expect
(
user
.
reload
).
not_to
be_access_locked
end
end
end
context
'when OAuth is disabled'
do
before
do
stub_env
(
'IN_MEMORY_APPLICATION_SETTINGS'
,
'false'
)
settings
=
Gitlab
::
CurrentSettings
.
current_application_settings
settings
.
update
(
disabled_oauth_sign_in_sources:
[
provider
.
to_s
])
end
context
'strategies'
do
context
'github'
do
let
(
:extern_uid
)
{
'my-uid'
}
let
(
:provider
)
{
:github
}
it
'
prevents login via POST
'
do
it
'
allows sign in
'
do
post
provider
expect
(
request
.
env
[
'warden'
]).
not_
to
be_authenticated
expect
(
request
.
env
[
'warden'
]).
to
be_authenticated
end
it
'shows warning when attempting login
'
do
post
provider
shared_context
'sign_up
'
do
let
(
:user
)
{
double
(
email:
'new@example.com'
)
}
expect
(
response
).
to
redirect_to
new_user_session_path
expect
(
flash
[
:alert
]).
to
eq
(
'Signing in using GitHub has been disabled'
)
before
do
stub_omniauth_setting
(
block_auto_created_users:
false
)
end
end
it
'allows linking the disabled provider'
do
user
.
identities
.
destroy_all
sign_in
(
user
)
context
'sign up'
do
include_context
'sign_up'
it
'is allowed'
do
post
provider
expect
{
post
provider
}.
to
change
{
user
.
reload
.
identities
.
count
}.
by
(
1
)
expect
(
request
.
env
[
'warden'
]).
to
be_authenticated
end
end
context
'sign up'
do
include_context
'sign_up'
context
'when OAuth is disabled'
do
before
do
stub_env
(
'IN_MEMORY_APPLICATION_SETTINGS'
,
'false'
)
settings
=
Gitlab
::
CurrentSettings
.
current_application_settings
settings
.
update
(
disabled_oauth_sign_in_sources:
[
provider
.
to_s
])
end
it
'
is prevented
'
do
it
'
prevents login via POST
'
do
post
provider
expect
(
request
.
env
[
'warden'
]).
not_to
be_authenticated
end
it
'shows warning when attempting login'
do
post
provider
expect
(
response
).
to
redirect_to
new_user_session_path
expect
(
flash
[
:alert
]).
to
eq
(
'Signing in using GitHub has been disabled'
)
end
it
'allows linking the disabled provider'
do
user
.
identities
.
destroy_all
sign_in
(
user
)
expect
{
post
provider
}.
to
change
{
user
.
reload
.
identities
.
count
}.
by
(
1
)
end
context
'sign up'
do
include_context
'sign_up'
it
'is prevented'
do
post
provider
expect
(
request
.
env
[
'warden'
]).
not_to
be_authenticated
end
end
end
end
end
context
'auth0'
do
let
(
:extern_uid
)
{
''
}
let
(
:provider
)
{
:auth0
}
context
'auth0'
do
let
(
:extern_uid
)
{
''
}
let
(
:provider
)
{
:auth0
}
it
'does not allow sign in without extern_uid'
do
post
'auth0'
it
'does not allow sign in without extern_uid'
do
post
'auth0'
expect
(
request
.
env
[
'warden'
]).
not_to
be_authenticated
expect
(
response
.
status
).
to
eq
(
302
)
expect
(
controller
).
to
set_flash
[
:alert
].
to
(
'Wrong extern UID provided. Make sure Auth0 is configured correctly.'
)
expect
(
request
.
env
[
'warden'
]).
not_to
be_authenticated
expect
(
response
.
status
).
to
eq
(
302
)
expect
(
controller
).
to
set_flash
[
:alert
].
to
(
'Wrong extern UID provided. Make sure Auth0 is configured correctly.'
)
end
end
end
end
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录