Added the denied user check to the UserLoginModule. added a test case to cover it.

9 years ago · 2ee94f78b4
parent 3eaf1971ec
commit 2ee94f78b4
6 changed files with 59 additions and 23 deletions
--- a/PlexRequests.Core/SettingModels/AuthenticationSettings.cs
+++ b/PlexRequests.Core/SettingModels/AuthenticationSettings.cs
@ -49,6 +49,11 @@ namespace PlexRequests.Core.SettingModels
            get
            {
                var users = new List<string>();
+                if (string.IsNullOrEmpty(DeniedUsers))
+                {
+                    return users;
+                }
+
                var splitUsers = DeniedUsers.Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
                foreach (var user in splitUsers)
                {
--- a/PlexRequests.Core/SettingModels/CouchPotatoSettings.cs
+++ b/PlexRequests.Core/SettingModels/CouchPotatoSettings.cs
@ -36,7 +36,6 @@ namespace PlexRequests.Core.SettingModels
        public string Ip { get; set; }
        public int Port { get; set; }
        public string ApiKey { get; set; }
-        public bool Enabled { get; set; }

        [JsonIgnore]
        public Uri FullUri
--- a/PlexRequests.UI.Tests/UserLoginModuleTests.cs
+++ b/PlexRequests.UI.Tests/UserLoginModuleTests.cs
@ -176,7 +176,7 @@ namespace PlexRequests.UI.Tests


            Assert.That(HttpStatusCode.OK, Is.EqualTo(result.StatusCode));
-            Assert.That(result.Context.Request.Session[SessionKeys.UsernameKey], Is.EqualTo("abc"));
+            Assert.That(result.Context.Request.Session[SessionKeys.UsernameKey], Is.Null);

            var body = JsonConvert.DeserializeObject<JsonResponseModel>(result.Body.AsString());
            Assert.That(body.Result, Is.EqualTo(false));
@ -286,7 +286,7 @@ namespace PlexRequests.UI.Tests


            Assert.That(HttpStatusCode.OK, Is.EqualTo(result.StatusCode));
-            Assert.That(result.Context.Request.Session[SessionKeys.UsernameKey], Is.EqualTo("abc"));
+            Assert.That(result.Context.Request.Session[SessionKeys.UsernameKey], Is.Null);

            var body = JsonConvert.DeserializeObject<JsonResponseModel>(result.Body.AsString());
            Assert.That(body.Result, Is.EqualTo(false));
@ -295,5 +295,40 @@ namespace PlexRequests.UI.Tests
            PlexMock.Verify(x => x.SignIn(It.IsAny<string>(), It.IsAny<string>()), Times.Once);
            PlexMock.Verify(x => x.GetUsers(It.IsAny<string>()), Times.Never);
        }
+
+        [Test]
+        public void AttemptToLoginAsDeniedUser()
+        {
+            var expectedSettings = new AuthenticationSettings { UserAuthentication = false, DeniedUsers = "abc", PlexAuthToken = "abc" };
+            AuthMock.Setup(x => x.GetSettings()).Returns(expectedSettings);
+
+            var bootstrapper = new ConfigurableBootstrapper(with =>
+            {
+                with.Module<UserLoginModule>();
+                with.Dependency(AuthMock.Object);
+                with.Dependency(PlexMock.Object);
+                with.RootPathProvider<TestRootPathProvider>();
+            });
+
+            bootstrapper.WithSession(new Dictionary<string, object>());
+
+            var browser = new Browser(bootstrapper);
+            var result = browser.Post("/userlogin", with =>
+            {
+                with.HttpRequest();
+                with.Header("Accept", "application/json");
+                with.FormValue("Username", "abc");
+            });
+
+            Assert.That(HttpStatusCode.OK, Is.EqualTo(result.StatusCode));
+            Assert.That(result.Context.Request.Session[SessionKeys.UsernameKey], Is.Null);
+
+            var body = JsonConvert.DeserializeObject<JsonResponseModel>(result.Body.AsString());
+            Assert.That(body.Result, Is.EqualTo(false));
+            Assert.That(body.Message, Is.Not.Empty);
+            AuthMock.Verify(x => x.GetSettings(), Times.Once);
+            PlexMock.Verify(x => x.SignIn(It.IsAny<string>(), It.IsAny<string>()), Times.Never);
+            PlexMock.Verify(x => x.GetUsers(It.IsAny<string>()), Times.Never);
+        }
    }
 }
--- a/PlexRequests.UI/Modules/UserLoginModule.cs
+++ b/PlexRequests.UI/Modules/UserLoginModule.cs
@ -63,6 +63,12 @@ namespace PlexRequests.UI.Modules

            var settings = AuthService.GetSettings();
            var username = Request.Form.username.Value;
+
+            if (IsUserInDeniedList(username, settings))
+            {
+                return Response.AsJson(new JsonResponseModel { Result = false, Message = "Incorrect User or Password" });
+            }
+
            var password = string.Empty;
            if (settings.UsePassword)
            {
@ -87,9 +93,11 @@ namespace PlexRequests.UI.Modules
                authenticated = true;
            }

-
+            if (authenticated)
+            {
                // Add to the session (Used in the BaseModules)
                Session[SessionKeys.UsernameKey] = (string)username;
+            }

            return Response.AsJson(authenticated 
                ? new JsonResponseModel { Result = true } 
@ -101,5 +109,10 @@ namespace PlexRequests.UI.Modules
            var users = Api.GetUsers(authToken);
            return users.User.Any(x => x.Username == username);
        }
+
+        private bool IsUserInDeniedList(string username, AuthenticationSettings settings)
+        {
+            return settings.DeniedUserList.Any(x => x.Equals(username));
+        }
    }
 }
--- a/PlexRequests.UI/Views/Admin/Authentication.cshtml
+++ b/PlexRequests.UI/Views/Admin/Authentication.cshtml
@ -137,7 +137,7 @@
                            $('#users').append("<option>" + this + "</option>");
                        });
                    } else {
-                        $('#users').append("<option>No Users!</option>");
+                        $('#users').append("<option>No Users, Please refresh!</option>");
                    }
                },
                error: function (e) {
--- a/PlexRequests.UI/Views/Admin/CouchPotato.cshtml
+++ b/PlexRequests.UI/Views/Admin/CouchPotato.cshtml
@ -15,22 +15,6 @@
        <fieldset>
            <legend>CouchPotato Settings</legend>

-            <div class="form-group">
-                <label for="Enabled" class="col-lg-2 control-label">Enable CouchPotato</label>
-                <div class="col-lg-10 checkbox">
-                    <label>
-                        @if (Model.Enabled)
-                        {
-                            <input type="checkbox" id="Enabled" name="Enabled" checked="checked">
-                        }
-                        else
-                        {
-                            <input type="checkbox" id="Enabled" name="Enabled">
-                        }
-                    </label>
-                </div>
-            </div>
-
            <div class="form-group">
                <label for="Ip" class="col-lg-2 control-label">CouchPotato Hostname or IP</label>
                <div class="col-lg-10">