mirror of
https://github.com/livebook-dev/livebook.git
synced 2025-09-07 13:34:55 +08:00
Do not crash when giving token to password and vice-versa (#1574)
This commit is contained in:
parent
27f62eeb6d
commit
190a4cffd3
3 changed files with 18 additions and 11 deletions
|
@ -25,7 +25,7 @@ defmodule LivebookWeb.AuthController do
|
|||
if AuthPlug.authenticated?(conn, :password) do
|
||||
redirect_to(conn)
|
||||
else
|
||||
render_form_error(conn)
|
||||
render_form_error(conn, :password)
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -35,14 +35,12 @@ defmodule LivebookWeb.AuthController do
|
|||
if AuthPlug.authenticated?(conn, :token) do
|
||||
redirect_to(conn)
|
||||
else
|
||||
render_form_error(conn)
|
||||
render_form_error(conn, :token)
|
||||
end
|
||||
end
|
||||
|
||||
defp render_form_error(conn) do
|
||||
index(conn, %{
|
||||
"errors" => [{"%{auth_mode} is invalid", [auth_mode: Livebook.Config.auth_mode()]}]
|
||||
})
|
||||
defp render_form_error(conn, auth_mode) do
|
||||
index(conn, %{"errors" => [{"%{auth_mode} is invalid", [auth_mode: auth_mode]}]})
|
||||
end
|
||||
|
||||
defp redirect_to(conn) do
|
||||
|
|
|
@ -51,7 +51,9 @@ defmodule LivebookWeb.AuthPlug do
|
|||
|
||||
def authenticated?(session, port, mode) when mode in [:token, :password] do
|
||||
secret = session[key(port, mode)]
|
||||
is_binary(secret) and Plug.Crypto.secure_compare(secret, expected(mode))
|
||||
|
||||
is_binary(secret) and mode == Livebook.Config.auth_mode() and
|
||||
Plug.Crypto.secure_compare(secret, expected(mode))
|
||||
end
|
||||
|
||||
defp authenticate(conn, :password) do
|
||||
|
|
|
@ -2,14 +2,15 @@ defmodule LivebookWeb.AuthPlugTest do
|
|||
use LivebookWeb.ConnCase, async: false
|
||||
|
||||
setup context do
|
||||
{type, value} =
|
||||
{type, other_type, value} =
|
||||
cond do
|
||||
token = context[:token] -> {:token, token}
|
||||
password = context[:password] -> {:password, password}
|
||||
true -> {:disabled, ""}
|
||||
token = context[:token] -> {:token, :password, token}
|
||||
password = context[:password] -> {:password, :token, password}
|
||||
true -> {:disabled, :disabled, ""}
|
||||
end
|
||||
|
||||
unless type == :disabled do
|
||||
Application.delete_env(:livebook, other_type)
|
||||
Application.put_env(:livebook, :authentication_mode, type)
|
||||
Application.put_env(:livebook, type, value)
|
||||
|
||||
|
@ -100,6 +101,12 @@ defmodule LivebookWeb.AuthPlugTest do
|
|||
assert redirected_to(conn) == "/"
|
||||
end
|
||||
|
||||
@tag password: "grumpycat"
|
||||
test "does not crash when given a token", %{conn: conn} do
|
||||
conn = post(conn, "/authenticate?token=grumpycat")
|
||||
assert html_response(conn, 200) =~ "token is invalid"
|
||||
end
|
||||
|
||||
@tag password: "grumpycat"
|
||||
test "redirects to '/authenticate' if not authenticated", %{conn: conn} do
|
||||
conn = get(conn, "/")
|
||||
|
|
Loading…
Add table
Reference in a new issue