Remove fallback to local database when LDAP is unavailable.

In many environments this will not work as the LDAP password and the copy stored in Pleroma will stay synchronized.
This commit is contained in:
Mark Felder 2020-08-05 08:18:16 -05:00
parent f7146583e5
commit 0f9aecbca4
2 changed files with 0 additions and 49 deletions

View File

@ -28,10 +28,6 @@ defmodule Pleroma.Web.Auth.LDAPAuthenticator do
%User{} = user <- ldap_user(name, password) do %User{} = user <- ldap_user(name, password) do
{:ok, user} {:ok, user}
else else
{:error, {:ldap_connection_error, _}} ->
# When LDAP is unavailable, try default authenticator
@base.get_user(conn)
{:ldap, _} -> {:ldap, _} ->
@base.get_user(conn) @base.get_user(conn)

View File

@ -7,7 +7,6 @@ defmodule Pleroma.Web.OAuth.LDAPAuthorizationTest do
alias Pleroma.Repo alias Pleroma.Repo
alias Pleroma.Web.OAuth.Token alias Pleroma.Web.OAuth.Token
import Pleroma.Factory import Pleroma.Factory
import ExUnit.CaptureLog
import Mock import Mock
@skip if !Code.ensure_loaded?(:eldap), do: :skip @skip if !Code.ensure_loaded?(:eldap), do: :skip
@ -99,50 +98,6 @@ defmodule Pleroma.Web.OAuth.LDAPAuthorizationTest do
end end
end end
@tag @skip
test "falls back to the default authorization when LDAP is unavailable" do
password = "testpassword"
user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt(password))
app = insert(:oauth_app, scopes: ["read", "write"])
host = Pleroma.Config.get([:ldap, :host]) |> to_charlist
port = Pleroma.Config.get([:ldap, :port])
with_mocks [
{:eldap, [],
[
open: fn [^host], [{:port, ^port}, {:ssl, false} | _] -> {:error, 'connect failed'} end,
simple_bind: fn _connection, _dn, ^password -> :ok end,
close: fn _connection ->
send(self(), :close_connection)
:ok
end
]}
] do
log =
capture_log(fn ->
conn =
build_conn()
|> post("/oauth/token", %{
"grant_type" => "password",
"username" => user.nickname,
"password" => password,
"client_id" => app.client_id,
"client_secret" => app.client_secret
})
assert %{"access_token" => token} = json_response(conn, 200)
token = Repo.get_by(Token, token: token)
assert token.user_id == user.id
end)
assert log =~ "Could not open LDAP connection: 'connect failed'"
refute_received :close_connection
end
end
@tag @skip @tag @skip
test "disallow authorization for wrong LDAP credentials" do test "disallow authorization for wrong LDAP credentials" do
password = "testpassword" password = "testpassword"