diff options
author | Chris <ccbrown112@gmail.com> | 2017-11-02 16:24:11 -0500 |
---|---|---|
committer | Joram Wilander <jwawilander@gmail.com> | 2017-11-02 17:24:11 -0400 |
commit | 9d32cd42085bbb37460d815c6c1a00ad881c4895 (patch) | |
tree | eb6963263ecd79ea4e5166a117a6be5ff9706687 | |
parent | fed5324ce505c3725472af23757cd6659bb7139c (diff) | |
download | chat-9d32cd42085bbb37460d815c6c1a00ad881c4895.tar.gz chat-9d32cd42085bbb37460d815c6c1a00ad881c4895.tar.bz2 chat-9d32cd42085bbb37460d815c6c1a00ad881c4895.zip |
prevent deactivation of sso users (#7759)
-rw-r--r-- | api/user.go | 2 | ||||
-rw-r--r-- | api4/user.go | 2 | ||||
-rw-r--r-- | api4/user_test.go | 4 | ||||
-rw-r--r-- | app/user.go | 6 | ||||
-rw-r--r-- | app/user_test.go | 20 | ||||
-rw-r--r-- | i18n/en.json | 4 |
6 files changed, 29 insertions, 9 deletions
diff --git a/api/user.go b/api/user.go index 4a3b52417..9712d2ef1 100644 --- a/api/user.go +++ b/api/user.go @@ -729,7 +729,7 @@ func updateActive(c *Context, w http.ResponseWriter, r *http.Request) { return } - if ruser, err := c.App.UpdateActiveNoLdap(userId, active); err != nil { + if ruser, err := c.App.UpdateNonSSOUserActive(userId, active); err != nil { c.Err = err } else { c.LogAuditWithUserId(ruser.Id, fmt.Sprintf("active=%v", active)) diff --git a/api4/user.go b/api4/user.go index 7343ce326..16b7f79a9 100644 --- a/api4/user.go +++ b/api4/user.go @@ -683,7 +683,7 @@ func updateUserActive(c *Context, w http.ResponseWriter, r *http.Request) { return } - if ruser, err := c.App.UpdateActiveNoLdap(c.Params.UserId, active); err != nil { + if ruser, err := c.App.UpdateNonSSOUserActive(c.Params.UserId, active); err != nil { c.Err = err } else { c.LogAuditWithUserId(ruser.Id, fmt.Sprintf("active=%v", active)) diff --git a/api4/user_test.go b/api4/user_test.go index 98f88ab64..d2bbdcd7b 100644 --- a/api4/user_test.go +++ b/api4/user_test.go @@ -521,7 +521,7 @@ func TestSearchUsers(t *testing.T) { t.Fatal("should have found user") } - _, err := th.App.UpdateActiveNoLdap(th.BasicUser2.Id, false) + _, err := th.App.UpdateNonSSOUserActive(th.BasicUser2.Id, false) if err != nil { t.Fatal(err) } @@ -638,7 +638,7 @@ func TestSearchUsers(t *testing.T) { th.App.UpdateConfig(func(cfg *model.Config) { cfg.PrivacySettings.ShowEmailAddress = false }) th.App.UpdateConfig(func(cfg *model.Config) { cfg.PrivacySettings.ShowFullName = false }) - _, err = th.App.UpdateActiveNoLdap(th.BasicUser2.Id, true) + _, err = th.App.UpdateNonSSOUserActive(th.BasicUser2.Id, true) if err != nil { t.Fatal(err) } diff --git a/app/user.go b/app/user.go index a4513af9a..9f74ef303 100644 --- a/app/user.go +++ b/app/user.go @@ -867,15 +867,15 @@ func (a *App) UpdatePasswordAsUser(userId, currentPassword, newPassword string) return a.UpdatePasswordSendEmail(user, newPassword, T("api.user.update_password.menu")) } -func (a *App) UpdateActiveNoLdap(userId string, active bool) (*model.User, *model.AppError) { +func (a *App) UpdateNonSSOUserActive(userId string, active bool) (*model.User, *model.AppError) { var user *model.User var err *model.AppError if user, err = a.GetUser(userId); err != nil { return nil, err } - if user.IsLDAPUser() { - err := model.NewAppError("UpdateActive", "api.user.update_active.no_deactivate_ldap.app_error", nil, "userId="+user.Id, http.StatusBadRequest) + if user.IsSSOUser() { + err := model.NewAppError("UpdateActive", "api.user.update_active.no_deactivate_sso.app_error", nil, "userId="+user.Id, http.StatusBadRequest) err.StatusCode = http.StatusBadRequest return nil, err } diff --git a/app/user_test.go b/app/user_test.go index 51db207ef..d9f40a604 100644 --- a/app/user_test.go +++ b/app/user_test.go @@ -13,6 +13,8 @@ import ( "testing" "time" + "github.com/stretchr/testify/assert" + "github.com/mattermost/mattermost-server/einterfaces" "github.com/mattermost/mattermost-server/model" "github.com/mattermost/mattermost-server/model/gitlab" @@ -98,6 +100,24 @@ func TestCreateOAuthUser(t *testing.T) { } } +func TestDeactivateSSOUser(t *testing.T) { + th := Setup().InitBasic() + defer th.TearDown() + + r := rand.New(rand.NewSource(time.Now().UnixNano())) + glUser := oauthgitlab.GitLabUser{Id: int64(r.Intn(1000)) + 1, Username: "o" + model.NewId(), Email: model.NewId() + "@simulator.amazonses.com", Name: "Joram Wilander"} + + json := glUser.ToJson() + user, err := th.App.CreateOAuthUser(model.USER_AUTH_SERVICE_GITLAB, strings.NewReader(json), th.BasicTeam.Id) + if err != nil { + t.Fatal(err) + } + defer th.App.PermanentDeleteUser(user) + + _, err = th.App.UpdateNonSSOUserActive(user.Id, false) + assert.Equal(t, "api.user.update_active.no_deactivate_sso.app_error", err.Id) +} + func TestCreateProfileImage(t *testing.T) { b, err := CreateProfileImage("Corey Hulen", "eo1zkdr96pdj98pjmq8zy35wba", "luximbi.ttf") if err != nil { diff --git a/i18n/en.json b/i18n/en.json index 23500d2ed..82e8ebf40 100644 --- a/i18n/en.json +++ b/i18n/en.json @@ -2800,8 +2800,8 @@ "translation": "Failed to send welcome email successfully" }, { - "id": "api.user.update_active.no_deactivate_ldap.app_error", - "translation": "You can not modify the activation status of AD/LDAP accounts. Please modify through the AD/LDAP server." + "id": "api.user.update_active.no_deactivate_sso.app_error", + "translation": "You can not modify the activation status of SSO accounts. Please modify through the SSO server." }, { "id": "api.user.update_active.permissions.app_error", |