Add HTTP basic auth to the signup controllers
so that signup is internal-only for now.
This commit is contained in:
@@ -1,6 +1,11 @@
|
||||
class Signup::BaseController < ApplicationController
|
||||
require_untenanted_access
|
||||
|
||||
http_basic_authenticate_with(
|
||||
name: Rails.application.credentials.dig(:account_signup_http_basic_auth, :name),
|
||||
password: Rails.application.credentials.dig(:account_signup_http_basic_auth, :password)
|
||||
)
|
||||
|
||||
attr_reader :authenticated_identity
|
||||
|
||||
private
|
||||
|
||||
@@ -1 +1 @@
|
||||
/M5cK3B/Wq1R2f4XsQQ8t7qJGCNMaBU3itDDKNZapeGMjrlE4A9CKOh2RPQsKlrsGjJdgGL4YdfDiT1LiF0pD/KL/t5Fw8Z8GMndzA+hmpvQ+hgufvd8n2ZzK/SIK6RmfC9BabdlvuQ0rr3/EdQJ5yIgk3WtWv73bOWDopqHerEAcaNl8KjCu5n2vokAidqEh0/O30yQQB9PAFMRqEwapLVcDSnaJXr6OQnAAm9tIoWaEaIF8ZJH3Rmn0COs8xZqYFyFv/pP3gVy3Mw+VL3aIkEf/eZ3IQWYNf7fiKPvIdNVsmghmeoQRqCp4E0dpn2XDSEGx5i5oq7ynSDCPky4GahiLtpe3vas+Z+lzD5hAAZmlX0G615b4hWjAViTEQU+CMXhmpj7eVpT9co+1oKmqtbDvHr7uCJIf4d17kC13u/8yjgl2SaCjRWx94wh8su/h6h9Xw0qewITbfM32pFRiH+R5bc=--fxg4Lf+qmYeuvyZp--qVZ+ELV0FRzBb69MUAqOsQ==
|
||||
+JzvZ6SJZbmUiqTJ6URzPupXIJQ3Sh+RYpjvGgkDizJ+jPQ1j+2d2Dx8AkpGHsKc+lC6Hrt1WiO/jmjNjvTEFvL/TPFh5D+49s0a2/uop3B32519TkTCDHVFWBhiPfOgRyhznvl+b26HR4VmDi0F6d9+C60DVUqMlPf9NptdkdqjafkkC44Dsd3/GfKLJvN8cM69kqom1ug9tLz9W1bvfjlnrS64lfvJc9qKMO2K7Spog1mZM8330AAHVzagzD4lopXHcJysbGfjI9jAQblYq0VFqjy6+bxxT+K/ql4EvYnDpdOcH2ktFopTVUHME/f9d5BCSzElaybNOUk+49Zzl5CUJyEGrVFquV+V9wyDjUrKZ+E06LH3zeCKqQaseSAJdz/Pvp132Deo3pu/WzN0ymq5/lie+JJqgRPzWxsvTrTLe6z/MpxSs3TJq6LY2h1vqZOOhS0kdgAWsHCEcBYGI+6am+D9N+WV4i0FbbTYUGIoxyN2M+PWgeRNes/xCbHo9qhrNle48c4m/Co4rEqR3VaMZnyiztTy6HC43hFD1zpoEuJGBeVHiJEx9I4fn/m+RSiG1qbQGXgZ1DFsm3TLqxB9Ct7SD2gJWmCl--djNicAvuImKuZL9G--6hGmlJLaeEErdqHUQNt8xw==
|
||||
@@ -1 +1 @@
|
||||
e6HcyVNJvgdJGTCcvW8FDHQ9pHYmTgNW2/71Espdwxd5LQX/Xb9+VkeqpEAL8ceFJo6ro49mMs85G2YngKbbXEh//8+XSS0inMR/kh9wTV3f6YBWnLVBbhrOnYgPcQ8vedsgxLG2Cs4y7ipfeT/dp9bb5m4IxV0OPiUjVFFJuAuGkMJt3pE7D6alqL1ACRxazV9UKV5WKEBfaQYeKpJ++5f86Nls1EwKo5tB1lJed9P5n2yH7meX/QyxjgQd38CIaPwp+F92y5DLKJD5MZRMJGgWf6MT6096LhjEC3vvtS3wwT/eDVcVKTplRkEszj7BZEfOs9Ondb9EVtbXmeoHYSgpaOq9/nEwtho5Uw==--KlHZy1apg3u1XxFs--N2ehRobLHNz+Sepc8p4EIA==
|
||||
rzCdhg7Eu/UqyDwyiXWIRCDdQ/jbUZneJT9rpWFQA1hji3RjY1lnmd7CYTppOprDKvStwgRfC//GwGxIXxC8sigImX3+Lzju3d8H1dtq1k98dPBsg1lNRUmmmQ+p8GHJS5M+PXbPnNeDu50TsHjHTQ6n+g2dd/UK0kuJl5RVkoIrdvx1MZ1UCdmbvDjiF3YQf2Mq1FfjGcBqfdwGZLywoE6CbtO70kJrp+G/s/6Sz4en/AYOnrlB/jc/qgOaINzMcv7V0YjlAyzrIGfhJzhe6JsPvdvgRCrStVei4o3NUdJ/13HqDwoik03EUTNaTxjfgnRdLL0MXTw/H0OoOin1ViR12Bx7/3LUWzQtXncRB+2b8FdpO63I3FdG+dRN1c5LPFNCf652ip58a7o2lQcNNQ+ygKJBCVKSBD2oHRqU7aCz6mf3g7RXwhW5Op3p/1iof75w8Lgbkzb1Yf0nWUQGemBjjOYUWwB4NS3c+eEHN+vPVNM=--ZP6IQVw4GNc9MErY--LELFuHAeYiPb3L5I1S2J7A==
|
||||
@@ -1 +1 @@
|
||||
Qkkt3krcGlOh76//7TmY5rXz31mhL3NNNiO6TCcRhx4lT6uZ8sLjW7X0yp2wZ30y2cJBeIsNMeOhL47JTpu0Z4d0FPtwgH4bzzXAiab0/YrfMjxyBt7/K1DzW/bePUvakJggIvVGGRA1NB1tPkwziQ4dgA34E/UUPAxUofFaoCIFVABmqt4DFg0DKYB8tImDDjZ5xUfSNxrKj3pH5mOIU9jqSK6LtBELFZcNxrJOI0UEgayRNwYAs44ujdM2/2zrAWlUCFZ3NnMU4bBJW02/d6LaxHtB809u8mx3bChEzWMtZB9CvpbRH7u6XfZJR1YGFztcNguzRbNX5x9pKZImAuAhVFKR7Fbi12Hg3w7U3A/YovwmyhHK6ksfOzYlYoDUTBnGYVwiqR16naaHCMekomK+uo0qtOn83RQkLuuqFJshPXn/lW8Rggt4dq/0THEl7Qj+dumadlWDVEgxhipI031RSBF1toNWw/zwaC31Ord1YXD8ZC09sPoj8Zd4hD2o2a0IUuIMXA8w5/2+AmdU8wF66opdKGdsZDRjM2Bul8aAbJ7/iV7xTuvlE4LmzXGArMvivIZ0GwrN3YAsDta2Y3ufibq7WZzSCOrpbPKJ9CEGg4a2AN8UGaGZ5ZEAYg8lhDgsZMjHRkGNuxk8QkDiVFDyNoI7H9ZQqbw+L1AJRTfDIcNB/9h5n+//Nk4ylLF1lnI7y/IQA/AuSQ+UN+okt3RhLugwGvWrs49MExJStLHpGveSoQ==--MQ2JycR3X6LIiKSY--45C7bleKX9FMGv4fc+G1yw==
|
||||
wZrcTr2xjFlI9oupBoPLtCfZNJAZPRTDoCWR2+Ak7+QnoI/O527bDPYWWjYJgABWSw/O6NyblXQUwcfWuccKdvGDeTiZkziZkzsPOr192uYk4Wvf/uWpVexvZeFNM7AT5azPVNprCNPKdbBCeyjSl1ETchjA432b7tm8wjO3sxD+3iRPy4lcdSfkz6tX8JIvKO5JMakx/ooNFTovir4TgiImSxNxkRUixHehrvm36pcBFqdbCnK5Lf/jd2rNGelBkfJC/W7GYcmNlGokMQ85rTw/xjkhJXgmZgXNO7TwvKQNcHFUM6B6F1opb06TtaVzWA0VlUot2All3lBef4FKnDN6vXOVoxDnp5E2JkmgmbVd+jxGI3MOxvFh3ENzRHwjuJSL+vaX5bYBBEwPfEDRrF+If9mys1pj6VsJ4KYLvL7dLHLijFUQbLuXrEJpUAp0wk/mPP1ck7Lo1Wa3NbK9YcwoRMTezpIzKmoJuanm2xnXs+uGDDtZ7i/YSk6korQeW7rnuKBie/0QH9hfxYe2PfxzeGGoFd6l1HfHVtLjnWp1Sd/2ItGR2ATJzQVDCfDo2MM2EyiPawwtKL3nLWc0eToWfydmB/Xw82oh9JLqMFFCjuC1pasHLi2OQVicPSSKuBdcnOh8Pji0MoXHdYZ8R4rFTebUQExeVrFRFaPViKaU6hmzwzY9bXgAxWnlYx6K/envcCA5vmhxooEZF6lin+hRfNA+EblP2R6vcvOmojV0mPRumjQESQlUvZz5+KlzoRcPqBmfY9j8KKDZMs7k9SP5nAn00OBeuy6gia0l8zHuII5MYGC3xnOVPJT56OPZlUYB9Es8BVy5yHr9ILCLrg8QzkS058pHLV7HmmG4usNqjIvdPxbfPfTad+s=--GUrt5KBBpPYkq2Jk--vgtaD0duoW8vyd3wakpW8g==
|
||||
@@ -1 +1 @@
|
||||
Tc514fYVlm1c2c81KUFmuAGZ9rSZT7XfeGUEdTEvJNDD6JE9IghKbAAGgc6AalIt2/VxzSV6AGvNagb0/qlJrMOFeSJLqzufKt1YoLRUZtSUZDtzmI/2WSzju0Tyu4za6rnLEu+WvDc0NM8KZEv/TwwUbSOwoEVDQmava/iuWyvFr5sOH1wNr2kwYbErwDpThKcYqacI4CdvgpgXc//3T0Z5vsVCs6d8723DymM0KkSK9so8WrcCesk2fmhM1K2hQV7QdckaVuOL0JEj1AI7KzdJm7REoeLwRwaBeVDkqDNo2fKxwZ2XmU2ViJOozPsowx+324wQQZjbsf/0ohtDkgjbfMmA2tjkuNJdJFwIIc5VyvILhVs5WQIJHSXmabhUKxzKRCRZNBSaadLGCb7/AGfULKvh2vP1BWqm80EkDmhHm42ucJW1vA377y9UYWVcdvqWtp5m2F7HlXqi9Uw/+kFV2X6Jw1c07FsCu35TrUb5u8G7mu/866GBgf5VlfDVs1BA3aru05CtcsXi2qKMw0II7fZps/4XpYCB+VehXAyLi2ABVeTnqSfF7HwasXvfD3Jgh7zJLD0hudNDpu6xkmoyeksVBn034dmQf0TwAIKmNjEKMDxgAG50T2JhnEvHZEnqzGl6O8if8DKM5rPgt3XEU3zN/U3yA8T0eTyFdGlWbYK7Ergu4TcGo3WPk6bJhTGOHQ9puD89t6JGHbKDYW77w44SHv+C42flmNkzcndXlpvZvnEafDYeW6ofRC4eeTRX4+WKL4CYhlel78+twD6Mh0MV42MYM2rmtl66NHN8fWxyfoyjrNcXveKVAsGMatB0+dOglq6GmOiXRAt/I6D+7QYZLyaUhYNmmiuZXF4=--H6KWPnHc9qUQE5AI--PN98cg9t9ZhxMUEax/Mfgg==
|
||||
bVG7BIEvGCbJZb/VfrNfO0wc+Brny62Xj0oVSPcIe//kVUCQ+4QlDptS8UiRtpO85yESOPlSk/SRKIDEhiGpuXnTt4YQt+Y2V3GTLk9L3sNK9ctetIJUISwvfWuI8syieowJi4g3hOHrBy8aMdpdZWVVoZFJvuTwHZJqPEaS7V2vPfoPaKI00b6il0sp3kML/D6U2QpG4tEruUsB4Ou55RLTXrllzPtrTO5oDdaWQi+7P0OAcOjeORgMIhQM3Dl8n6VM89upjK/W1jt8JapJQsJH4UQYFaY5SRTXljFA478M+Cm5dcG4L7nEzJgMIMLlT7fuPFfu2FsTUwbWvOYxse7r4VzOaEJSxsl8inOeI0aWZYOcaGEpyAD24XOYB23zWtvEtoG3T1kJdQu/pl3ItNcCN4aDeHsrTkY71VTF+WLfZtUt/oIhxCEzOPA525CY9lNQ+ev9PkjiWOUyZF3260Z5JmYWcQ03baESJ74yq2N+/l3Kjgs5NGJK5TVWCiVLiik6Muq9BVrmgH0192ikrZRWMQBFoq9bUk2nn/8GU9V57OqbhXhmC+PcKEFMwGi08JaAlcP6MFvvYpLTPuYeXglDK9zj1NaRmC/6xwlTMgbvVthm+a/HQyLWYndSTTOkifDU7G6mqI1A4vwLiG1rHHH7sRHGbTr3bFwJz0Z6vGqS4ZWL8Ju8WlxeaaZq7YOpfVsifaM82Exx8FlOspt0X2yhoQdR/bUkcpxSOQh6cPDZKulWOFJQ4u2q0GbSU4K1sXNzewfRYQdKwS8i3ezzhKinVrTiuZmlIRfvuBojkWM5xXi5OtoaZGoWlbGlypqvtxEjr5HjQlj9MirvtXlyxMZ2xFwyU8CBAKusEDP6OKt9KK9BulF8U3b95hi0oiPv4qnRxpLv+rV2FKU9dK6K9NA+xiZ61LQ7FUvasbK5sB0BjYbaInczb05yZsQB1tM8vAjLxgLALPbPJE57TGRsks/bBdJVJaNUCoiv9ANRqtZuG/K2vDib--ZaLFpBm5vEIDM+lC--mN7WS01CW/MS2shsMixZ9g==
|
||||
@@ -1 +1 @@
|
||||
1QS4QGl05L2YvkEusirttYv2gIfRbNLEWTK7pOXG/HxqyWbWj9o5/GbTFeLI7K0sbcEjz+gcPcVKB+FGnkJECExynSvIN02bg5gP0QegTC3WA2vWInlr+gpoWCNgsazOgHKMxDBnQXc2myqhwDLKRsDHCQTW/5lIiKGBtBOLaml8KrJg84SeYCh54tJUjAp5yRkrhJQBHVgSSUfXRaFcrmdbPls5FDgB+rErACpp4BgYdXZoDds2RITDgQ==--kpoxQbOswL3cInhK--r+dB3hJHvjfUH1EBNzBLSg==
|
||||
0EWG0dpq/qELmTCqAgzEL2BZH7JCNFe6DDIynyKE06qiBCYhHs5+fMjmpzN0uwz43tqAAKJdhO/hZY4jXmTpxu+LSjwrUKAlxsWvSGu4vHEbJ5Fe+BzhnS84OFse6ma9akUAHaed3gt31wtrt2Y4AbSPedNvriqfYln7cvpgWbvjTgtEbHrcNMfjCBnaXXdO3n1zILunILgLiV7oBW0qurIrl2xOc4mbj4AqVAIElyh0md9fFtuBfsaRj2U9x/+7McbgTFODhHfeqoErEw7fc1RBFrNi2YNuHBSSqegQ6WtWbwq1Yg2Juv/Lw3g4IIdWadJsW3TdTMMiwmBMzOikx3lNX1Z399glvGNFVnJfBubKf6BxvFfAQ85PBzOZPl+/PTs=--GY44JMs5ZO1/eL6G--EhxEWuitiex6eHROpPQamw==
|
||||
@@ -1,16 +1,16 @@
|
||||
require "test_helper"
|
||||
|
||||
class Signup::AccountsControllerTest < ActionDispatch::IntegrationTest
|
||||
test "new at a tenanted domain" do
|
||||
test "new under a tenanted domain redirects to the root" do
|
||||
get new_signup_account_url
|
||||
|
||||
assert_redirected_to root_url
|
||||
end
|
||||
|
||||
test "new at an untenanted domain" do
|
||||
test "new under an untenanted domain is OK" do
|
||||
integration_session.host = "example.com" # no subdomain
|
||||
|
||||
get new_signup_account_url
|
||||
get new_signup_account_url, headers: auth_headers
|
||||
|
||||
assert_response :success
|
||||
end
|
||||
@@ -18,7 +18,9 @@ class Signup::AccountsControllerTest < ActionDispatch::IntegrationTest
|
||||
test "create with invalid params" do
|
||||
integration_session.host = "example.com" # no subdomain
|
||||
|
||||
post signup_accounts_url, params: { signup: { full_name: "Jim", email_address: "jim@example.com", password: "", company_name: "" } }
|
||||
post signup_accounts_url,
|
||||
headers: auth_headers,
|
||||
params: { signup: { full_name: "Jim", email_address: "jim@example.com", password: "", company_name: "" } }
|
||||
|
||||
assert_response :unprocessable_entity
|
||||
assert_select "div.alert--error", text: /you need to choose a password/i
|
||||
@@ -29,7 +31,15 @@ class Signup::AccountsControllerTest < ActionDispatch::IntegrationTest
|
||||
|
||||
assert_difference -> { SignalId::Identity.count }, +1 do
|
||||
assert_difference -> { SignalId::Account.count }, +1 do
|
||||
post signup_accounts_url, params: { signup: { full_name: "Jim", email_address: "jim@example.com", password: SecureRandom.hex(12), company_name: "signup-accounts-controller-test-1" } }
|
||||
post signup_accounts_url, headers: auth_headers,
|
||||
params: {
|
||||
signup: {
|
||||
full_name: "Jim",
|
||||
email_address: "jim@example.com",
|
||||
password: SecureRandom.hex(12),
|
||||
company_name: "signup-accounts-controller-test-1"
|
||||
}
|
||||
}
|
||||
end
|
||||
end
|
||||
|
||||
@@ -42,7 +52,9 @@ class Signup::AccountsControllerTest < ActionDispatch::IntegrationTest
|
||||
|
||||
identity = signal_identities(:david)
|
||||
|
||||
post signup_accounts_url, params: { signup: { email_address: identity.email_address, company_name: "signup-accounts-controller-test-2" } }
|
||||
post signup_accounts_url, headers: auth_headers,
|
||||
params: { signup: { email_address: identity.email_address, company_name: "signup-accounts-controller-test-2" } }
|
||||
|
||||
assert_authentication_requested_for identity
|
||||
|
||||
assert_no_difference -> { SignalId::Identity.count } do
|
||||
@@ -59,20 +71,38 @@ class Signup::AccountsControllerTest < ActionDispatch::IntegrationTest
|
||||
end
|
||||
end
|
||||
|
||||
def assert_authentication_requested_for(identity)
|
||||
assert_response :redirect
|
||||
assert_match(/#{Regexp.escape(Launchpad.url("/authenticate", login_hint: identity.email_address))}.*&purpose=signup/, redirect_to_url)
|
||||
test "actions require HTTP basic authentication while we're in internal-only mode" do
|
||||
integration_session.host = "example.com" # no subdomain
|
||||
|
||||
get new_signup_account_url
|
||||
|
||||
assert_response :unauthorized
|
||||
end
|
||||
|
||||
def authenticate_via_launchpad_as(identity)
|
||||
get signup_session_url, params: { sig: identity.perishable_signature }
|
||||
assert_equal identity.id, session[:signup]["identity_id"]
|
||||
assert_redirected_to new_signup_completion_url
|
||||
post signup_completions_url
|
||||
end
|
||||
private
|
||||
def auth_headers
|
||||
{
|
||||
"HTTP_AUTHORIZATION" => ActionController::HttpAuthentication::Basic.encode_credentials(
|
||||
Rails.application.credentials.dig(:account_signup_http_basic_auth, :name),
|
||||
Rails.application.credentials.dig(:account_signup_http_basic_auth, :password)
|
||||
)
|
||||
}
|
||||
end
|
||||
|
||||
def assert_redirected_to_account(signal_account = SignalId::Account.last)
|
||||
assert_response :redirect
|
||||
assert_match(/#{Regexp.escape(signal_account.url("/session/launchpad"))}.*&sig=/, redirect_to_url)
|
||||
end
|
||||
def assert_authentication_requested_for(identity)
|
||||
assert_response :redirect
|
||||
assert_match(/#{Regexp.escape(Launchpad.url("/authenticate", login_hint: identity.email_address))}.*&purpose=signup/, redirect_to_url)
|
||||
end
|
||||
|
||||
def authenticate_via_launchpad_as(identity)
|
||||
get signup_session_url, headers: auth_headers, params: { sig: identity.perishable_signature }
|
||||
assert_equal identity.id, session[:signup]["identity_id"]
|
||||
assert_redirected_to new_signup_completion_url
|
||||
post signup_completions_url, headers: auth_headers
|
||||
end
|
||||
|
||||
def assert_redirected_to_account(signal_account = SignalId::Account.last)
|
||||
assert_response :redirect
|
||||
assert_match(/#{Regexp.escape(signal_account.url("/session/launchpad"))}.*&sig=/, redirect_to_url)
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user