mirror of
1
Fork 0

[BUG] First user created through reverse proxy should be admin

- Currently users created through the reverse proxy aren't created
trough the normal route of `createAndHandleCreatedUser` as this does a
lot of other routines which aren't necessary for the reverse proxy auth,
however one routine is important to have: the first created user should
be an admin. This patch adds that code
- Adds unit test.
- Resolves #4437
This commit is contained in:
Gusted 2024-07-17 15:54:57 +02:00
parent 3b8ac4388a
commit 0692cc2cc1
No known key found for this signature in database
GPG Key ID: FD821B732837125F
2 changed files with 72 additions and 0 deletions

View File

@ -164,6 +164,11 @@ func (r *ReverseProxy) newUser(req *http.Request) *user_model.User {
IsActive: optional.Some(true),
}
// The first user created should be an admin.
if user_model.CountUsers(req.Context(), nil) == 0 {
user.IsAdmin = true
}
if err := user_model.CreateUser(req.Context(), user, &overwriteDefault); err != nil {
// FIXME: should I create a system notice?
log.Error("CreateUser: %v", err)

View File

@ -0,0 +1,67 @@
// Copyright 2024 The Forgejo Authors. All rights reserved.
// SPDX-License-Identifier: MIT
package auth
import (
"net/http"
"testing"
"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/unittest"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/test"
"github.com/stretchr/testify/require"
)
func TestReverseProxyAuth(t *testing.T) {
defer test.MockVariableValue(&setting.Service.EnableReverseProxyEmail, true)()
defer test.MockVariableValue(&setting.Service.EnableReverseProxyFullName, true)()
defer test.MockVariableValue(&setting.Service.EnableReverseProxyFullName, true)()
require.NoError(t, unittest.PrepareTestDatabase())
require.NoError(t, db.TruncateBeans(db.DefaultContext, &user_model.User{}))
require.EqualValues(t, 0, user_model.CountUsers(db.DefaultContext, nil))
t.Run("First user should be admin", func(t *testing.T) {
req, err := http.NewRequest("GET", "/", nil)
require.NoError(t, err)
req.Header.Add(setting.ReverseProxyAuthUser, "Edgar")
req.Header.Add(setting.ReverseProxyAuthFullName, "Edgar Allan Poe")
req.Header.Add(setting.ReverseProxyAuthEmail, "edgar@example.org")
rp := &ReverseProxy{}
user := rp.newUser(req)
require.EqualValues(t, 1, user_model.CountUsers(db.DefaultContext, nil))
unittest.AssertExistsAndLoadBean(t, &user_model.User{Email: "edgar@example.org", Name: "Edgar", LowerName: "edgar", FullName: "Edgar Allan Poe", IsAdmin: true})
require.EqualValues(t, "edgar@example.org", user.Email)
require.EqualValues(t, "Edgar", user.Name)
require.EqualValues(t, "edgar", user.LowerName)
require.EqualValues(t, "Edgar Allan Poe", user.FullName)
require.True(t, user.IsAdmin)
})
t.Run("Second user shouldn't be admin", func(t *testing.T) {
req, err := http.NewRequest("GET", "/", nil)
require.NoError(t, err)
req.Header.Add(setting.ReverseProxyAuthUser, " Gusted ")
req.Header.Add(setting.ReverseProxyAuthFullName, "❤‿❤")
req.Header.Add(setting.ReverseProxyAuthEmail, "gusted@example.org")
rp := &ReverseProxy{}
user := rp.newUser(req)
require.EqualValues(t, 2, user_model.CountUsers(db.DefaultContext, nil))
unittest.AssertExistsAndLoadBean(t, &user_model.User{Email: "gusted@example.org", Name: "Gusted", LowerName: "gusted", FullName: "❤‿❤"}, "is_admin = false")
require.EqualValues(t, "gusted@example.org", user.Email)
require.EqualValues(t, "Gusted", user.Name)
require.EqualValues(t, "gusted", user.LowerName)
require.EqualValues(t, "❤‿❤", user.FullName)
require.False(t, user.IsAdmin)
})
}