IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-22 17:06:31 -06:00
Code Issues Packages Projects Releases Wiki Activity

FIX: Check 2FA is disabled before enabling DiscourseConnect. (#16542)

Browse Source 
Both settings are incompatible. We validated that DiscourseConnect is disabled before enabling 2FA but were missing the other way around.
This commit is contained in:
Roman Rizzi 2022-04-25 14:49:36 -03:00 committed by GitHub
parent 596469a712
commit 068e93534c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 25 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
config/locales/server.en.yml
View File

@ -2409,6 +2409,7 @@ en:
google_oauth2_hd_groups: "You must first set 'google oauth2 hd' before enabling this setting." google_oauth2_hd_groups: "You must first set 'google oauth2 hd' before enabling this setting."
search_tokenize_chinese_enabled: "You must disable 'search_tokenize_chinese' before enabling this setting." search_tokenize_chinese_enabled: "You must disable 'search_tokenize_chinese' before enabling this setting."
search_tokenize_japanese_enabled: "You must disable 'search_tokenize_japanese' before enabling this setting." search_tokenize_japanese_enabled: "You must disable 'search_tokenize_japanese' before enabling this setting."
discourse_connect_cannot_be_enabled_if_second_factor_enforced: "You cannot enable DiscourseConnect if 2FA is enforced."
placeholder: placeholder:
discourse_connect_provider_secrets: discourse_connect_provider_secrets:

2
lib/site_settings/validations.rb
View File

@ -199,7 +199,7 @@ module SiteSettings::Validations
end end
def validate_enforce_second_factor(new_val) def validate_enforce_second_factor(new_val)
if SiteSetting.enable_discourse_connect? if new_val != "no" && SiteSetting.enable_discourse_connect?
return validate_error :second_factor_cannot_be_enforced_with_discourse_connect_enabled return validate_error :second_factor_cannot_be_enforced_with_discourse_connect_enabled
end end
if new_val == "all" && Discourse.enabled_auth_providers.count > 0 if new_val == "all" && Discourse.enabled_auth_providers.count > 0

7
lib/validators/enable_sso_validator.rb
View File

@ -7,12 +7,17 @@ class EnableSsoValidator
def valid_value?(val) def valid_value?(val)
return true if val == 'f' return true if val == 'f'
return false if SiteSetting.discourse_connect_url.blank? || SiteSetting.invite_only? return false if SiteSetting.discourse_connect_url.blank? || SiteSetting.invite_only? || is_2fa_enforced?
true true
end end
def error_message def error_message
return I18n.t('site_settings.errors.discourse_connect_url_is_empty') if SiteSetting.discourse_connect_url.blank? return I18n.t('site_settings.errors.discourse_connect_url_is_empty') if SiteSetting.discourse_connect_url.blank?
return I18n.t('site_settings.errors.discourse_connect_invite_only') if SiteSetting.invite_only? return I18n.t('site_settings.errors.discourse_connect_invite_only') if SiteSetting.invite_only?
return I18n.t('site_settings.errors.discourse_connect_cannot_be_enabled_if_second_factor_enforced') if is_2fa_enforced?
end
def is_2fa_enforced?
SiteSetting.enforce_second_factor? != 'no'
end end
end end

17
spec/lib/validators/enable_sso_validator_spec.rb
View File

@ -62,5 +62,22 @@ RSpec.describe EnableSsoValidator do
end end
end end
describe 'when 2FA is enforced' do
before do
SiteSetting.discourse_connect_url = "https://www.example.com/sso"
end
it 'should be invalid' do
SiteSetting.enforce_second_factor = 'all'
expect(subject.valid_value?('t')).to eq(false)
end
it 'should be valid' do
SiteSetting.enforce_second_factor = 'no'
expect(subject.valid_value?('t')).to eq(true)
end
end
end end
end end