From 17211811b26f312ed5a9e4cc64bbb9b9efaf842d Mon Sep 17 00:00:00 2001 From: shamoon <4887959+shamoon@users.noreply.github.com> Date: Wed, 21 Feb 2024 07:53:54 -0800 Subject: [PATCH] Add test coverage for pre_authenticate login disabling --- src/paperless/adapter.py | 22 +++++++++++++++++++++- src/paperless/tests/test_adapter.py | 14 ++++++++++++++ 2 files changed, 35 insertions(+), 1 deletion(-) diff --git a/src/paperless/adapter.py b/src/paperless/adapter.py index 843c310b0..3d521bd66 100644 --- a/src/paperless/adapter.py +++ b/src/paperless/adapter.py @@ -8,18 +8,30 @@ from django.urls import reverse class CustomAccountAdapter(DefaultAccountAdapter): def is_open_for_signup(self, request): + """ + Check whether the site is open for signups, which can be + disabled via the ACCOUNT_ALLOW_SIGNUPS setting. + """ allow_signups = super().is_open_for_signup(request) # Override with setting, otherwise default to super. return getattr(settings, "ACCOUNT_ALLOW_SIGNUPS", allow_signups) def pre_authenticate(self, request, **credentials): + """ + Called prior to calling the authenticate method on the + authentication backend. If login is disabled using DISABLE_REGULAR_LOGIN, + raise ValidationError to prevent the login. + """ if settings.DISABLE_REGULAR_LOGIN: raise ValidationError("Regular login is disabled") return super().pre_authenticate(request, **credentials) def is_safe_url(self, url): - # see https://github.com/paperless-ngx/paperless-ngx/issues/5780 + """ + Check if the URL is a safe URL. + See https://github.com/paperless-ngx/paperless-ngx/issues/5780 + """ from django.utils.http import url_has_allowed_host_and_scheme # get_host already validates the given host, so no need to check it again @@ -36,6 +48,10 @@ class CustomAccountAdapter(DefaultAccountAdapter): class CustomSocialAccountAdapter(DefaultSocialAccountAdapter): def is_open_for_signup(self, request, sociallogin): + """ + Check whether the site is open for signups via social account, which can be + disabled via the SOCIALACCOUNT_ALLOW_SIGNUPS setting. + """ allow_signups = super().is_open_for_signup(request, sociallogin) # Override with setting, otherwise default to super. return getattr(settings, "SOCIALACCOUNT_ALLOW_SIGNUPS", allow_signups) @@ -49,5 +65,9 @@ class CustomSocialAccountAdapter(DefaultSocialAccountAdapter): return url def populate_user(self, request, sociallogin, data): + """ + Populate the user with data from the social account. Stub is kept in case + global default permissions are implemented in the future. + """ # TODO: If default global permissions are implemented, should also be here return super().populate_user(request, sociallogin, data) # pragma: no cover diff --git a/src/paperless/tests/test_adapter.py b/src/paperless/tests/test_adapter.py index f07e0b422..a77c55f23 100644 --- a/src/paperless/tests/test_adapter.py +++ b/src/paperless/tests/test_adapter.py @@ -4,6 +4,7 @@ from allauth.account.adapter import get_adapter from allauth.core import context from allauth.socialaccount.adapter import get_adapter as get_social_adapter from django.conf import settings +from django.forms import ValidationError from django.http import HttpRequest from django.test import TestCase from django.test import override_settings @@ -47,6 +48,19 @@ class TestCustomAccountAdapter(TestCase): # False because request host is not in allowed hosts self.assertFalse(adapter.is_safe_url(url)) + @mock.patch("allauth.core.ratelimit._consume_rate", return_value=True) + def test_pre_authenticate(self, mock_consume_rate): + adapter = get_adapter() + request = HttpRequest() + request.get_host = mock.Mock(return_value="example.com") + + settings.DISABLE_REGULAR_LOGIN = False + adapter.pre_authenticate(request) + + settings.DISABLE_REGULAR_LOGIN = True + with self.assertRaises(ValidationError): + adapter.pre_authenticate(request) + class TestCustomSocialAccountAdapter(TestCase): def test_is_open_for_signup(self):