Repair ldap_blocked state when no ldap identity exist anymore
This commit is contained in:
parent
d6dc088aff
commit
ec67e9be1d
|
@ -26,6 +26,7 @@ class Admin::IdentitiesController < Admin::ApplicationController
|
||||||
|
|
||||||
def update
|
def update
|
||||||
if @identity.update_attributes(identity_params)
|
if @identity.update_attributes(identity_params)
|
||||||
|
RepairLdapBlockedUserService.new(@user, @identity).execute
|
||||||
redirect_to admin_user_identities_path(@user), notice: 'User identity was successfully updated.'
|
redirect_to admin_user_identities_path(@user), notice: 'User identity was successfully updated.'
|
||||||
else
|
else
|
||||||
render :edit
|
render :edit
|
||||||
|
@ -34,6 +35,7 @@ class Admin::IdentitiesController < Admin::ApplicationController
|
||||||
|
|
||||||
def destroy
|
def destroy
|
||||||
if @identity.destroy
|
if @identity.destroy
|
||||||
|
RepairLdapBlockedUserService.new(@user, @identity).execute
|
||||||
redirect_to admin_user_identities_path(@user), notice: 'User identity was successfully removed.'
|
redirect_to admin_user_identities_path(@user), notice: 'User identity was successfully removed.'
|
||||||
else
|
else
|
||||||
redirect_to admin_user_identities_path(@user), alert: 'Failed to remove user identity.'
|
redirect_to admin_user_identities_path(@user), alert: 'Failed to remove user identity.'
|
||||||
|
|
|
@ -18,4 +18,8 @@ class Identity < ActiveRecord::Base
|
||||||
validates :provider, presence: true
|
validates :provider, presence: true
|
||||||
validates :extern_uid, allow_blank: true, uniqueness: { scope: :provider }
|
validates :extern_uid, allow_blank: true, uniqueness: { scope: :provider }
|
||||||
validates :user_id, uniqueness: { scope: :provider }
|
validates :user_id, uniqueness: { scope: :provider }
|
||||||
|
|
||||||
|
def is_ldap?
|
||||||
|
provider.starts_with?('ldap')
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -196,6 +196,7 @@ class User < ActiveRecord::Base
|
||||||
state_machine :state, initial: :active do
|
state_machine :state, initial: :active do
|
||||||
event :block do
|
event :block do
|
||||||
transition active: :blocked
|
transition active: :blocked
|
||||||
|
transition ldap_blocked: :blocked
|
||||||
end
|
end
|
||||||
|
|
||||||
event :ldap_block do
|
event :ldap_block do
|
||||||
|
|
|
@ -0,0 +1,15 @@
|
||||||
|
class RepairLdapBlockedUserService
|
||||||
|
attr_accessor :user, :identity
|
||||||
|
|
||||||
|
def initialize(user, identity)
|
||||||
|
@user, @identity = user, identity
|
||||||
|
end
|
||||||
|
|
||||||
|
def execute
|
||||||
|
if identity.destroyed?
|
||||||
|
user.block if identity.is_ldap? && user.ldap_blocked? && !user.ldap_user?
|
||||||
|
else
|
||||||
|
user.block if !identity.is_ldap? && user.ldap_blocked? && !user.ldap_user?
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
|
@ -0,0 +1,26 @@
|
||||||
|
require 'spec_helper'
|
||||||
|
|
||||||
|
describe Admin::IdentitiesController do
|
||||||
|
let(:admin) { create(:admin) }
|
||||||
|
before { sign_in(admin) }
|
||||||
|
|
||||||
|
describe 'UPDATE identity' do
|
||||||
|
let(:user) { create(:omniauth_user, provider: 'ldapmain', extern_uid: 'uid=myuser,ou=people,dc=example,dc=com') }
|
||||||
|
|
||||||
|
it 'repairs ldap blocks' do
|
||||||
|
expect_any_instance_of(RepairLdapBlockedUserService).to receive(:execute)
|
||||||
|
|
||||||
|
put :update, user_id: user.username, id: user.ldap_identity.id, identity: { provider: 'twitter' }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'DELETE identity' do
|
||||||
|
let(:user) { create(:omniauth_user, provider: 'ldapmain', extern_uid: 'uid=myuser,ou=people,dc=example,dc=com') }
|
||||||
|
|
||||||
|
it 'repairs ldap blocks' do
|
||||||
|
expect_any_instance_of(RepairLdapBlockedUserService).to receive(:execute)
|
||||||
|
|
||||||
|
delete :destroy, user_id: user.username, id: user.ldap_identity.id
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
|
@ -0,0 +1,38 @@
|
||||||
|
# == Schema Information
|
||||||
|
#
|
||||||
|
# Table name: identities
|
||||||
|
#
|
||||||
|
# id :integer not null, primary key
|
||||||
|
# extern_uid :string(255)
|
||||||
|
# provider :string(255)
|
||||||
|
# user_id :integer
|
||||||
|
# created_at :datetime
|
||||||
|
# updated_at :datetime
|
||||||
|
#
|
||||||
|
|
||||||
|
require 'spec_helper'
|
||||||
|
|
||||||
|
RSpec.describe Identity, models: true do
|
||||||
|
|
||||||
|
describe 'relations' do
|
||||||
|
it { is_expected.to belong_to(:user) }
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'fields' do
|
||||||
|
it { is_expected.to respond_to(:provider) }
|
||||||
|
it { is_expected.to respond_to(:extern_uid) }
|
||||||
|
end
|
||||||
|
|
||||||
|
describe '#is_ldap?' do
|
||||||
|
let(:ldap_identity) { create(:identity, provider: 'ldapmain') }
|
||||||
|
let(:other_identity) { create(:identity, provider: 'twitter') }
|
||||||
|
|
||||||
|
it 'returns true if it is a ldap identity' do
|
||||||
|
expect(ldap_identity.is_ldap?).to be_truthy
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'returns false if it is not a ldap identity' do
|
||||||
|
expect(other_identity.is_ldap?).to be_falsey
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
|
@ -0,0 +1,23 @@
|
||||||
|
require 'spec_helper'
|
||||||
|
|
||||||
|
describe RepairLdapBlockedUserService, services: true do
|
||||||
|
let(:user) { create(:omniauth_user, provider: 'ldapmain', state: 'ldap_blocked') }
|
||||||
|
let(:identity) { user.ldap_identity }
|
||||||
|
subject(:service) { RepairLdapBlockedUserService.new(user, identity) }
|
||||||
|
|
||||||
|
describe '#execute' do
|
||||||
|
it 'change to normal block after destroying last ldap identity' do
|
||||||
|
identity.destroy
|
||||||
|
service.execute
|
||||||
|
|
||||||
|
expect(user.reload).not_to be_ldap_blocked
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'change to normal block after changing last ldap identity to another provider' do
|
||||||
|
identity.update_attribute(:provider, 'twitter')
|
||||||
|
service.execute
|
||||||
|
|
||||||
|
expect(user.reload).not_to be_ldap_blocked
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in New Issue