[ci][api] Disallow user password change in LDAP mode.

openSUSE · Aug 24, 2017 · e2a445e · e2a445e
1 parent 80343b1
commit e2a445e
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 1 deletion.
diff --git a/src/api/app/controllers/person_controller.rb b/src/api/app/controllers/person_controller.rb
@@ -155,6 +155,15 @@ class NoPermission < APIException
   end
 
   def internal_register
+    if ::Configuration.ldap_enabled?
+      render_error(
+        status: 403,
+        errorcode: 'permission_denied',
+        message: "User accounts can not be registered via OBS when in LDAP mode. Please refer to your LDAP server to create new users."
+      )
+      return
+    end
+
     xml = REXML::Document.new( request.raw_post )
 
     logger.debug( "register XML: #{request.raw_post}" )

diff --git a/src/api/spec/controllers/person_controller_spec.rb b/src/api/spec/controllers/person_controller_spec.rb
@@ -72,4 +72,34 @@
       end
     end
   end
+
+  describe 'POST #register' do
+    context 'when in LDAP mode' do
+      before do
+        stub_const('CONFIG', CONFIG.merge({ 'ldap_mode' => :on }))
+      end
+
+      subject! { post :register }
+
+      it 'sets an error code' do
+        expect(response.header['X-Opensuse-Errorcode']).to eq('permission_denied')
+      end
+    end
+  end
+
+  describe 'POST #command' do
+    context 'with param cmd = register' do
+      context 'when in LDAP mode' do
+        before do
+          stub_const('CONFIG', CONFIG.merge({ 'ldap_mode' => :on }))
+        end
+
+        subject! { post :command, params: { cmd: 'register' } }
+
+        it 'sets an error code' do
+          expect(response.header['X-Opensuse-Errorcode']).to eq('permission_denied')
+        end
+      end
+    end
+  end
 end
diff --git a/src/api/test/unit/code_quality_test.rb b/src/api/test/unit/code_quality_test.rb
@@ -82,7 +82,7 @@ def setup
       'ConfigurationsController#update'                                         => 82.1,
       'IssueTrackersController#update'                                          => 100.78,
       'MaintenanceHelper#instantiate_container'                                 => 163.57,
-      'PersonController#internal_register'                                      => 112.01,
+      'PersonController#internal_register'                                      => 115.01,
       'Package#find_changed_issues'                                             => 93.74,
       'Package#close_requests'                                                  => 84.82,
       'Flag#compute_status'                                                     => 145.55,