github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-24 14:12:10 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: When enabled only allow Discourse Connect logins

Browse Source 
If Discourse Connect is enabled no other methods for account creation or
authentication should be allowed.
This commit is contained in:
Blake Erickson
2024-10-24 13:06:55 -06:00
committed by =
parent 15b43a205b
commit 17bdffc900
9 changed files with 84 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
spec/integration/github_omniauth_spec.rb
View File

@ -183,4 +183,23 @@ describe "GitHub Oauth2" do
expect(response.location).to eq("http://test.localhost/")
expect(session[:current_user_id]).to eq(user1.id)
end
it "doesn't log in the user if discourse connect is enabled" do
SiteSetting.discourse_connect_url = "https://example.com/sso"
SiteSetting.enable_discourse_connect = true
post "/auth/github"
expect(response.status).to eq(302)
expect(response.location).to start_with("https://github.com/login/oauth/authorize?")
setup_github_emails_stub(
[
{ email: user1.email, primary: true, verified: true, visibility: "private" },
{ email: user2.email, primary: false, verified: true, visibility: "private" },
],
)
post "/auth/github/callback", params: { state: session["omniauth.state"], code: temp_code }
expect(response.status).to eq(403)
expect(session[:current_user_id]).to be_blank
end
end