Exam markus auth #7072
Exam markus auth #7072
Conversation
Pull Request Test Coverage Report for Build 9026043649Details
💛 - Coveralls |
There was a problem hiding this comment.
@pretendWhale good work. I left a few comments. Also whenever a new setting is added it should be reflected in the schema in config.rb.
| @@ -37,10 +37,12 @@ class User < ApplicationRecord | |||
| AUTHENTICATE_ERROR = 'error'.freeze | |||
| AUTHENTICATE_BAD_PLATFORM = 'bad_platform'.freeze | |||
| AUTHENTICATE_BAD_CHAR = 'bad_char'.freeze | |||
| AUTHENTICATE_LOCAL = 'local'.freeze | |||
| AUTHENTICATE_REMOTE = 'remote'.freeze | |||
|
|
|||
| # Authenticates login against its password | |||
| # through a script specified by Settings.validate_file | |||
There was a problem hiding this comment.
Please update the function documentation
app/controllers/main_controller.rb
Outdated
| def validate_login(user_name, password) | ||
| if user_name.blank? || password.blank? | ||
| def validate_login(user_name, password, auth_type: User::AUTHENTICATE_LOCAL) | ||
| if user_name.blank? || (password.blank? && auth_type == User::AUTHENTICATE_LOCAL) | ||
| flash_now(:error, get_blank_message(user_name, password)) | ||
| return false | ||
| end | ||
|
|
||
| # No validate file means only remote authentication is allowed |
There was a problem hiding this comment.
This comment also needs to be updated
There was a problem hiding this comment.
@pretendWhale it doesn't seem like you changed this comment. My point here is that the comment is now misleading because the check below isn't just checking for "no validate file".
config/locales/views/main/en.yml
Outdated
| @@ -4,6 +4,7 @@ en: | |||
| cannot_role_switch: You do not have permission to role switch to this account. | |||
| cannot_role_switch_to_self: You cannot role switch to your own account. | |||
| create_marking_scheme: Create a Marking Scheme to display course summary graph. | |||
| external_authentication_bad_ip: Authentication with %{name} was successful, but access to this MarkUs is restricted. | |||
There was a problem hiding this comment.
remove the word "this"
| @@ -83,6 +83,31 @@ | |||
| expect(response).to redirect_to action: 'index', controller: 'courses' | |||
| end | |||
|
|
|||
| context 'when markus is in restricted mode' do | |||
There was a problem hiding this comment.
always use correct capitalization when referring to "MarkUs"
|
Thanks @david-yz-liu ! Addressed the comments and added |
app/controllers/main_controller.rb
Outdated
| def validate_login(user_name, password) | ||
| if user_name.blank? || password.blank? | ||
| def validate_login(user_name, password, auth_type: User::AUTHENTICATE_LOCAL) | ||
| if user_name.blank? || (password.blank? && auth_type == User::AUTHENTICATE_LOCAL) | ||
| flash_now(:error, get_blank_message(user_name, password)) | ||
| return false | ||
| end | ||
|
|
||
| # No validate file means only remote authentication is allowed |
There was a problem hiding this comment.
@pretendWhale it doesn't seem like you changed this comment. My point here is that the comment is now misleading because the check below isn't just checking for "no validate file".
Proposed Changes
(Describe your changes here. Also describe the motivation for your changes: what problem do they solve, or how do they improve the application or codebase? If this pull request fixes an open issue, use a keyword to link this pull request to the issue.)
This PR adds a
Settings.remote_validate_fileoption. If set to a file location, anytime a user logs in with remote auth (e.g. UTORauth), the program atSettings.remote_validate_filewill be run. Login will be rejected if the program's exit status is anything other than0. This was accomplished by modifying the User.authenticate method.Tested on a staging server with utorauth https://ben.teach.cs.toronto.edu/canvas-test/ (by directly modifying
remote_validate_fileto exit with a desired code).Screenshots of your changes (if applicable)
Associated [documentation repository](https://github.com/MarkUsProject/Wiki) pull request (if applicable)
https://github.com/MarkUsProject/Wiki/pull/213Type of Change
(Write an
Xor a brief description next to the type or types that best describe your changes.)Checklist
(Complete each of the following items for your pull request. Indicate that you have completed an item by changing the
[ ]into a[x]in the raw text, or by clicking on the checkbox in the rendered description on GitHub.)Before opening your pull request:
After opening your pull request:
Questions and Comments
(Include any questions or comments you have regarding your changes.)
I took the approach of modifying
User.authenticate, but maybe it would be cleaner as a separate method?