Add internal login

2026-06-14 03:30:14 +00:00 · 2023-04-25 09:14:52 +02:00
parent bb0860c533
commit b03e14e329
3 changed files with 30 additions and 1 deletions
@@ -49,13 +49,18 @@ class AccountController < ApplicationController

    if user.logged?
      redirect_after_login(user)
-    elsif omniauth_direct_login?
+    elsif omniauth_direct_login? && !session[:internal_login]
      direct_login(user)
    elsif request.post?
      authenticate_user
    end
  end

+  def internal_login
+    session[:internal_login] = true
+    redirect_to action: :login
+  end
+
  # Log out current user and redirect to welcome page
  def logout
    # Keep attributes from the session
@@ -84,6 +84,7 @@ OpenProject::Application.routes.draw do
    get '/account/activate', action: 'activate'

    match '/login', action: 'login',  as: 'signin', via: %i[get post]
+    get '/login/internal', action: 'internal_login', as: 'internal_signin'
    get '/logout', action: 'logout', as: 'signout'

    get '/sso', action: 'auth_source_sso_failed', as: 'sso_failure'
@@ -453,14 +453,37 @@ describe AccountController,

        expect(response).to redirect_to '/auth/some_provider'
      end
+
+      it 'allows to login internally using a special route' do
+        get :internal_login
+
+        expect(response).to redirect_to '/login'
+        expect(session[:internal_login]).to be true
+      end
+
+      it 'allows to login internally using a session flag' do
+        session[:internal_login] = true
+        get :login
+
+        expect(response).to render_template 'login'
+      end
    end

    describe 'POST' do
+      shared_let(:admin) { create(:admin) }
+
      it 'redirects to some_provider' do
        post :login, params: { username: 'foo', password: 'bar' }

        expect(response).to redirect_to '/auth/some_provider'
      end
+
+      it 'allows to login internally using a session flag' do
+        session[:internal_login] = true
+        post :login, params: { username: admin.login, password: 'adminADMIN!' }
+
+        expect(response).to redirect_to '/my/page'
+      end
    end
  end