From 80e69df75c0a80b69fc1d064ff0f1bf8ff4412f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Thu, 28 Mar 2024 17:19:29 +0400 Subject: [PATCH] Add global setting for default services, enable for preconfirmed accounts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Greg Karékinian --- app/jobs/create_ldap_user_job.rb | 6 +++- app/models/setting.rb | 5 ++++ app/models/user.rb | 8 ++++-- app/services/create_account.rb | 10 +++++-- spec/jobs/create_ldap_user_job_spec.rb | 38 ++++++++++++++++++++++++-- spec/services/create_account_spec.rb | 31 +++++++++++++++++---- 6 files changed, 83 insertions(+), 15 deletions(-) diff --git a/app/jobs/create_ldap_user_job.rb b/app/jobs/create_ldap_user_job.rb index 5146f53..4eff181 100644 --- a/app/jobs/create_ldap_user_job.rb +++ b/app/jobs/create_ldap_user_job.rb @@ -1,7 +1,7 @@ class CreateLdapUserJob < ApplicationJob queue_as :default - def perform(username, domain, email, hashed_pw) + def perform(username:, domain:, email:, hashed_pw:, confirmed: false) dn = "cn=#{username},ou=#{domain},cn=users,dc=kosmos,dc=org" attr = { objectclass: ["top", "account", "person", "extensibleObject"], @@ -12,6 +12,10 @@ class CreateLdapUserJob < ApplicationJob userPassword: hashed_pw } + if confirmed + attr[:serviceEnabled] = Setting.default_services + end + ldap_client.add(dn: dn, attributes: attr) end diff --git a/app/models/setting.rb b/app/models/setting.rb index 4796ab4..c00152a 100644 --- a/app/models/setting.rb +++ b/app/models/setting.rb @@ -206,4 +206,9 @@ class Setting < RailsSettings::Base # # field :email_imap_port, type: :string, # default: ENV["EMAIL_IMAP_PORT"].presence || 993 + + def self.default_services + # TODO Make configurable from respective service settings page + %w[ discourse gitea mediawiki xmpp ] + end end diff --git a/app/models/user.rb b/app/models/user.rb index f9bd0ae..2169402 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -93,9 +93,7 @@ class User < ApplicationRecord LdapManager::UpdateEmail.call(dn: self.dn, address: self.email) else # E-Mail from signup confirmed (i.e. account activation) - - # TODO Make configurable, only activate globally enabled services - enable_service %w[ discourse gitea mediawiki xmpp ] + enable_default_services # TODO enable in development when we have easy setup of ejabberd etc. return if Rails.env.development? || !Setting.ejabberd_enabled? @@ -141,6 +139,10 @@ class User < ApplicationRecord self.errors[attribute_name].blank? end + def enable_default_services + enable_service Setting.default_services + end + def ln_create_invoice(payload) lndhub = Lndhub.new lndhub.authenticate self diff --git a/app/services/create_account.rb b/app/services/create_account.rb index 4e31200..12bf07b 100644 --- a/app/services/create_account.rb +++ b/app/services/create_account.rb @@ -35,11 +35,15 @@ class CreateAccount < ApplicationService @invitation.update! invited_user_id: user_id, used_at: DateTime.now end - # TODO move to confirmation - # (and/or add email_confirmed to entry and use in login filter) def add_ldap_document hashed_pw = Devise.ldap_auth_password_builder.call(@password) - CreateLdapUserJob.perform_later(@username, @domain, @email, hashed_pw) + CreateLdapUserJob.perform_later( + username: @username, + domain: @domain, + email: @email, + hashed_pw: hashed_pw, + confirmed: @confirmed + ) end def create_lndhub_account(user) diff --git a/spec/jobs/create_ldap_user_job_spec.rb b/spec/jobs/create_ldap_user_job_spec.rb index adb2abb..e8d0e61 100644 --- a/spec/jobs/create_ldap_user_job_spec.rb +++ b/spec/jobs/create_ldap_user_job_spec.rb @@ -3,12 +3,24 @@ require 'rails_helper' RSpec.describe CreateLdapUserJob, type: :job do let(:ldap_client_mock) { instance_double(Net::LDAP) } - subject(:job) { + before do allow_any_instance_of(described_class).to receive(:ldap_client).and_return(ldap_client_mock) + end + subject(:job) { described_class.perform_later( - 'halfinney', 'kosmos.org', 'halfinney@example.com', - 'remember-remember-the-5th-of-november' + username: 'halfinney', domain: 'kosmos.org', + email: 'halfinney@example.com', + hashed_pw: 'remember-remember-the-5th-of-november' + ) + } + + subject(:job_for_preconfirmed_account) { + described_class.perform_later( + username: 'halfinney', domain: 'kosmos.org', + email: 'halfinney@example.com', + hashed_pw: 'remember-remember-the-5th-of-november', + confirmed: true ) } @@ -30,6 +42,26 @@ RSpec.describe CreateLdapUserJob, type: :job do ) end + it "adds default services for pre-confirmed accounts" do + allow(ldap_client_mock).to receive(:add) # spy on mock + allow(Setting).to receive(:default_services).and_return(["xmpp", "discourse"]) + + perform_enqueued_jobs { job_for_preconfirmed_account } + + expect(ldap_client_mock).to have_received(:add).with( + dn: "cn=halfinney,ou=kosmos.org,cn=users,dc=kosmos,dc=org", + attributes: { + objectclass: ["top", "account", "person", "extensibleObject"], + cn: "halfinney", + sn: "halfinney", + uid: "halfinney", + mail: "halfinney@example.com", + serviceEnabled: ["xmpp", "discourse"], + userPassword: "remember-remember-the-5th-of-november" + } + ) + end + after do clear_enqueued_jobs clear_performed_jobs diff --git a/spec/services/create_account_spec.rb b/spec/services/create_account_spec.rb index 5155f19..4aaf139 100644 --- a/spec/services/create_account_spec.rb +++ b/spec/services/create_account_spec.rb @@ -53,11 +53,32 @@ RSpec.describe CreateAccount, type: :model do expect(enqueued_jobs.size).to eq(1) - args = enqueued_jobs.first['arguments'] - expect(args[0]).to eq('halfinney') - expect(args[1]).to eq('kosmos.org') - expect(args[2]).to eq('halfinney@example.com') - expect(args[3]).to match(/^{SSHA512}.{171}=/) + args = enqueued_jobs.first['arguments'][0] + expect(args["username"]).to eq('halfinney') + expect(args["domain"]).to eq('kosmos.org') + expect(args["email"]).to eq('halfinney@example.com') + expect(args["hashed_pw"]).to match(/^{SSHA512}.{171}=/) + end + + after do + clear_enqueued_jobs + end + end + + describe "#add_ldap_document for pre-confirmed account" do + include ActiveJob::TestHelper + + let(:service) { CreateAccount.new(account: { + username: 'halfinney', + email: 'halfinney@example.com', + password: 'remember-remember-the-5th-of-november', + confirmed: true + })} + + it "enqueues a job to create the LDAP user document" do + service.send(:add_ldap_document) + args = enqueued_jobs.first['arguments'][0] + expect(args["confirmed"]).to be(true) end after do