github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-23 07:01:13 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: Don't allow DiscourseConnect logins in readonly mode (#16508)

Browse Source
This commit is contained in:
Daniel Waterworth
2022-04-19 12:33:31 -05:00
committed by GitHub
parent d196ec9680
commit f55edd54fd
2 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
app/controllers/session_controller.rb
View File

@ -121,6 +121,7 @@ class SessionController < ApplicationController
end end
def sso_login def sso_login
return render_sso_error(text: I18n.t("read_only_mode_enabled"), status: 503) if @readonly_mode
raise Discourse::NotFound.new unless SiteSetting.enable_discourse_connect raise Discourse::NotFound.new unless SiteSetting.enable_discourse_connect
params.require(:sso) params.require(:sso)

14
spec/requests/session_controller_spec.rb
View File

@ -1112,6 +1112,20 @@ describe SessionController do
expect(logged_on_user.email).to eq(@user.email) expect(logged_on_user.email).to eq(@user.email)
end end
end end
context "in readonly mode" do
use_redis_snapshotting
before do
Discourse.enable_readonly_mode
end
it "disallows requests" do
get "/session/sso_login"
expect(response.status).to eq(503)
end
end
end end
describe '#sso_provider' do describe '#sso_provider' do