[Git][noosfero/noosfero][master] 3 commits: api: use plugins when authenticate

Tue Apr 4 15:24:56 BRT 2017

Leandro Nunes pushed to branch master at Noosfero / noosfero


Commits:
26e5bbd9 by Victor Costa at 2017-04-04T14:28:49-03:00
api: use plugins when authenticate

- - - - -
ab85ed6c by Victor Costa at 2017-04-04T14:29:35-03:00
ldap_plugin: fix authentication for api

- - - - -
41c6ac47 by Leandro Nunes at 2017-04-04T18:24:38+00:00
Merge branch 'api-ldap' into 'master'

api: use plugins when authenticate

See merge request !1161
- - - - -


4 changed files:

- app/api/v1/session.rb
- plugins/ldap/lib/ldap_plugin.rb
- plugins/ldap/test/test_helper.rb
- test/api/session_test.rb


Changes:

=====================================
app/api/v1/session.rb
=====================================

--- a/app/api/v1/session.rb
+++ b/app/api/v1/session.rb
@@ -15,6 +15,10 @@ module Api
       post "/login" do
         begin
           user ||= User.authenticate(params[:login], params[:password], environment)
+          @plugins.each do |plugin|
+            user ||= plugin.alternative_authentication
+            break unless user.nil?
+          end
         rescue User::UserNotActivated => e
           render_api_error!(e.message, Api::Status::UNAUTHORIZED)
         end


=====================================
plugins/ldap/lib/ldap_plugin.rb
=====================================
--- a/plugins/ldap/lib/ldap_plugin.rb
+++ b/plugins/ldap/lib/ldap_plugin.rb
@@ -40,8 +40,8 @@ class LdapPlugin < Noosfero::Plugin
   end
 
   def alternative_authentication
-    login = context.params[:user][:login]
-    password = context.params[:user][:password]
+    login = context.params[:login] || context.params[:user][:login]
+    password = context.params[:password] || context.params[:user][:password]
     ldap = LdapAuthentication.new(context.environment.ldap_plugin_attributes)
 
     # try to authenticate


=====================================
plugins/ldap/test/test_helper.rb
=====================================
--- a/plugins/ldap/test/test_helper.rb
+++ b/plugins/ldap/test/test_helper.rb
@@ -1,4 +1,5 @@
 require 'test_helper'
+require_relative '../../../test/api/test_helper'
 
 def load_ldap_config
   begin


=====================================
test/api/session_test.rb
=====================================
--- a/test/api/session_test.rb
+++ b/test/api/session_test.rb
@@ -227,4 +227,20 @@ class SessionTest < ActiveSupport::TestCase
      assert json.first['private_token']
    end
 
+   should 'authenticate from plugin when fail to login with user/password' do
+     user = create_user
+     user.activate
+     class Plugin1 < Noosfero::Plugin
+       def alternative_authentication
+         User.last
+       end
+     end
+     Noosfero::Plugin.stubs(:all).returns([Plugin1.name])
+     Environment.default.enable_plugin(Plugin1)
+
+     params = {:login => "testplugin", :password => "testplugin"}
+     post "/api/v1/login?#{params.to_query}"
+     json = JSON.parse(last_response.body)
+     assert json["private_token"].present?
+   end
 end



View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/59427193753001e1dd3b9cb9d0e516a69d5cc6d1...41c6ac476940498e612db807e450cc4196a77fa9
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20170404/2a4e8fdf/attachment-0001.html>
