scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2025-09-12 08:04:34 +08:00
Code Issues Projects Releases Packages Wiki Activity

Add option to disable local password log in [SCI-7298]

Browse source
This commit is contained in:
Oleksii Kriuchykhin 2022-10-12 10:30:09 +02:00
parent e96ccdb1d5
commit f0ea7ea2a4
6 changed files with 63 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
app/models/user.rb
View file

@ -686,6 +686,12 @@ class User < ApplicationRecord
false
end
def after_database_authentication
if Rails.application.config.x.disable_local_passwords
throw(:warden, message: I18n.t('devise.failure.auth_method_disabled'))
end
end
protected
def confirmation_required?

44
app/views/users/sessions/new.html.erb
View file

@ -12,32 +12,34 @@
</div>
<% end -%>
<%= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %>
<div class="input-group sci-input-container">
<%= f.label :email, t("devise.sessions.new.email_field") %>
<%= f.email_field :email, autofocus: true, class: "form-control sci-input-field", placeholder: t("devise.sessions.new.email_placeholder") %>
</div>
<% unless Rails.application.config.x.disable_local_passwords %>
<%= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %>
<div class="input-group sci-input-container">
<%= f.label :email, t("devise.sessions.new.email_field") %>
<%= f.email_field :email, autofocus: true, class: "form-control sci-input-field", placeholder: t("devise.sessions.new.email_placeholder") %>
</div>
<div class="input-group sci-input-container">
<%= f.label :password, t("devise.sessions.new.password_field") %>
<%= f.password_field :password, autocomplete: "off", class: "form-control sci-input-field", placeholder: t("devise.sessions.new.password_placeholder") %>
</div>
<div class="input-group sci-input-container">
<%= f.label :password, t("devise.sessions.new.password_field") %>
<%= f.password_field :password, autocomplete: "off", class: "form-control sci-input-field", placeholder: t("devise.sessions.new.password_placeholder") %>
</div>
<% if devise_mapping.rememberable? && !@simple_sign_in %>
<div class="field remember-me">
<div class="sci-checkbox-container">
<%= f.check_box :remember_me, class: "sci-checkbox" %>
<span class="sci-checkbox-label"></span>
<% if devise_mapping.rememberable? && !@simple_sign_in %>
<div class="field remember-me">
<div class="sci-checkbox-container">
<%= f.check_box :remember_me, class: "sci-checkbox" %>
<span class="sci-checkbox-label"></span>
</div>
<%= f.label :remember_me, t("devise.sessions.new.remember_me") %>
</div>
<%= f.label :remember_me, t("devise.sessions.new.remember_me") %>
<% end %>
<%= hidden_field_tag(:simple_sign_in, @simple_sign_in) %>
<div class="actions" style="margin-top: 10px; margin-bottom: 10px;">
<%= f.button t("devise.sessions.new.submit"), class: "btn btn-primary log-in-button" %>
</div>
<% end %>
<%= hidden_field_tag(:simple_sign_in, @simple_sign_in) %>
<div class="actions" style="margin-top: 10px; margin-bottom: 10px;">
<%= f.button t("devise.sessions.new.submit"), class: "btn btn-primary log-in-button" %>
</div>
<% end %>
<%= render partial: "users/shared/links", locals: {linkedin_skip: true} unless @simple_sign_in %>

36
app/views/users/shared/_links.html.erb
View file

@ -1,25 +1,27 @@
<div class="sign-in-up-links">
<%- if controller_name != 'sessions' %>
<% login = t("devise.links.login") %>
<% login = t("devise.links.login_with_provider") if action_name.in? %w(new_with_provider create_with_provider) %>
<%= link_to login, new_session_path(resource_name) %><br />
<% end -%>
<% unless Rails.application.config.x.disable_local_passwords %>
<%- if controller_name != 'sessions' %>
<% login = t("devise.links.login") %>
<% login = t("devise.links.login_with_provider") if action_name.in? %w(new_with_provider create_with_provider) %>
<%= link_to login, new_session_path(resource_name) %><br />
<% end -%>
<%- if devise_mapping.recoverable? && controller_name != 'passwords' && controller_name != 'registrations' %>
<%= link_to t("devise.links.forgot"), new_password_path(resource_name), class: 'forgot-password-link' %><br />
<% end -%>
<%- if devise_mapping.recoverable? && controller_name != 'passwords' && controller_name != 'registrations' %>
<%= link_to t("devise.links.forgot"), new_password_path(resource_name), class: 'forgot-password-link' %><br />
<% end -%>
<%- if devise_mapping.registerable? && Rails.configuration.x.enable_user_registration && controller_name != 'registrations' %>
<%= link_to t("devise.links.signup"), new_registration_path(resource_name), class: 'signup-link' %><br />
<% end -%>
<%- if devise_mapping.registerable? && Rails.configuration.x.enable_user_registration && controller_name != 'registrations' %>
<%= link_to t("devise.links.signup"), new_registration_path(resource_name), class: 'signup-link' %><br />
<% end -%>
<%- if Rails.configuration.x.enable_email_confirmations && devise_mapping.confirmable? && controller_name != 'confirmations' %>
<%= link_to t("devise.links.not_receive_confirmation"), new_confirmation_path(resource_name) %><br />
<% end -%>
<%- if Rails.configuration.x.enable_email_confirmations && devise_mapping.confirmable? && controller_name != 'confirmations' %>
<%= link_to t("devise.links.not_receive_confirmation"), new_confirmation_path(resource_name) %><br />
<% end -%>
<%- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks' && flash[:alert] == t('devise.failure.locked') %>
<%= link_to t("devise.links.not_receive_unlock"), new_unlock_path(resource_name) %><br />
<% end -%>
<%- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks' && flash[:alert] == t('devise.failure.locked') %>
<%= link_to t("devise.links.not_receive_unlock"), new_unlock_path(resource_name) %><br />
<% end -%>
<% end %>
<%- if devise_mapping.omniauthable? && resource_class.omniauth_providers.any? %>
<div data-hook="omniauth-sign-in-links"></div>

2
config/initializers/devise.rb
View file

@ -299,6 +299,8 @@ Devise.setup do |config|
config.omniauth :linkedin, ENV['LINKEDIN_KEY'], ENV['LINKEDIN_SECRET'], scope: 'r_liteprofile r_emailaddress'
end
Rails.application.config.x.disable_local_passwords = ENV['DISABLE_LOCAL_PASSWORDS'] == 'true'
if [ENV['OKTA_CLIENT_ID'], ENV['OKTA_CLIENT_SECRET'], ENV['OKTA_DOMAIN'], ENV['OKTA_AUTH_SERVER_ID']].all?(&:present?)
config.omniauth(
:okta,

1
config/locales/devise.en.yml
View file

@ -17,6 +17,7 @@ en:
timeout: "Your session expired. Please log in again to continue."
unauthenticated: "You need to log in or sign up before continuing."
unconfirmed: "You have to confirm your email address before continuing."
auth_method_disabled: "This authentication method is disabled."
mailer:
confirmation_instructions:
subject: "Confirmation instructions"

12
spec/controllers/users/sessions_controller_spec.rb
View file

@ -57,6 +57,18 @@ RSpec.describe Users::SessionsController, type: :controller do
expect { action }.not_to(change { subject.current_user })
end
end
context 'when local passwords disabled' do
it 'returns error message' do
Rails.application.config.x.disable_local_passwords = true
action
expect(flash[:alert]).to eq(I18n.t('devise.failure.auth_method_disabled'))
end
it 'does not set current user' do
expect { action }.not_to(change { subject.current_user })
end
end
end
end