Commit 918d04d6 authored by jplang's avatar jplang

Adds a configuration setting to enable sudo mode, disabled by default (#19851).

git-svn-id: https://svn.redmine.org/redmine/trunk@14336 e93f8b46-1217-0410-a6f0-8f06a7374b81
parent 4913bcbc
......@@ -170,6 +170,13 @@ default:
# same secret token on each machine.
#secret_token: 'change it to a long random string'
# Requires users to re-enter their password for sensitive actions (editing
# of account data, project memberships, application settings, user, group,
# role, auth source management and project deletion).
# Disabled by default.
#
#sudo_mode: true
# Absolute path (e.g. /usr/bin/convert, c:/im/convert.exe) to
# the ImageMagick's `convert` binary. Used to generate attachment thumbnails.
#imagemagick_convert_command:
......
......@@ -202,7 +202,7 @@ module Redmine
end
def self.possible?
!disabled? && User.current.logged?
enabled? && User.current.logged?
end
# Turn off sudo mode (never require password entry).
......@@ -215,10 +215,9 @@ module Redmine
RequestStore.store[:sudo_mode_disabled] = nil
end
def self.disabled?
!!RequestStore.store[:sudo_mode_disabled]
def self.enabled?
Redmine::Configuration['sudo_mode'] && !RequestStore.store[:sudo_mode_disabled]
end
end
end
......@@ -22,7 +22,6 @@ class AuthSourcesControllerTest < ActionController::TestCase
def setup
@request.session[:user_id] = 1
Redmine::SudoMode.disable!
end
def test_index
......
......@@ -22,7 +22,6 @@ class EmailAddressesControllerTest < ActionController::TestCase
def setup
User.current = nil
Redmine::SudoMode.disable!
end
def test_index_with_no_additional_emails
......
......@@ -22,7 +22,6 @@ class GroupsControllerTest < ActionController::TestCase
def setup
@request.session[:user_id] = 1
Redmine::SudoMode.disable!
end
def test_index
......
......@@ -23,7 +23,6 @@ class MembersControllerTest < ActionController::TestCase
def setup
User.current = nil
@request.session[:user_id] = 2
Redmine::SudoMode.disable!
end
def test_new
......
......@@ -23,7 +23,6 @@ class MyControllerTest < ActionController::TestCase
def setup
@request.session[:user_id] = 2
Redmine::SudoMode.disable!
end
def test_index
......
......@@ -28,7 +28,6 @@ class ProjectsControllerTest < ActionController::TestCase
def setup
@request.session[:user_id] = nil
Setting.default_language = 'en'
Redmine::SudoMode.disable!
end
def test_index_by_anonymous_should_not_show_private_projects
......
......@@ -23,7 +23,6 @@ class RolesControllerTest < ActionController::TestCase
def setup
User.current = nil
@request.session[:user_id] = 1 # admin
Redmine::SudoMode.disable!
end
def test_index
......
......@@ -24,7 +24,6 @@ class SettingsControllerTest < ActionController::TestCase
def setup
User.current = nil
@request.session[:user_id] = 1 # admin
Redmine::SudoMode.disable!
end
def test_index
......
......@@ -30,7 +30,6 @@ class UsersControllerTest < ActionController::TestCase
def setup
User.current = nil
@request.session[:user_id] = 1 # admin
Redmine::SudoMode.disable!
end
def test_index
......
......@@ -26,14 +26,6 @@ class AdminTest < Redmine::IntegrationTest
:members,
:enabled_modules
def setup
Redmine::SudoMode.enable!
end
def teardown
Redmine::SudoMode.disable!
end
def test_add_user
log_user("admin", "admin")
get "/users/new"
......@@ -44,15 +36,6 @@ class AdminTest < Redmine::IntegrationTest
:lastname => "Smith", :mail => "psmith@somenet.foo",
:language => "en", :password => "psmith09",
:password_confirmation => "psmith09" }
assert_response :success
assert_nil User.find_by_login("psmith")
post "/users",
:user => { :login => "psmith", :firstname => "Paul",
:lastname => "Smith", :mail => "psmith@somenet.foo",
:language => "en", :password => "psmith09",
:password_confirmation => "psmith09" },
:sudo_password => 'admin'
user = User.find_by_login("psmith")
assert_kind_of User, user
......
......@@ -4,11 +4,31 @@ class SudoTest < Redmine::IntegrationTest
fixtures :projects, :members, :member_roles, :roles, :users
def setup
Redmine::SudoMode.enable!
Redmine::SudoMode.stubs(:enabled?).returns(true)
end
def teardown
Redmine::SudoMode.disable!
def test_add_user
log_user("admin", "admin")
get "/users/new"
assert_response :success
post "/users",
:user => { :login => "psmith", :firstname => "Paul",
:lastname => "Smith", :mail => "psmith@somenet.foo",
:language => "en", :password => "psmith09",
:password_confirmation => "psmith09" }
assert_response :success
assert_nil User.find_by_login("psmith")
post "/users",
:user => { :login => "psmith", :firstname => "Paul",
:lastname => "Smith", :mail => "psmith@somenet.foo",
:language => "en", :password => "psmith09",
:password_confirmation => "psmith09" },
:sudo_password => 'admin'
assert_response 302
user = User.find_by_login("psmith")
assert_kind_of User, user
end
def test_create_member_xhr
......
......@@ -33,6 +33,8 @@ include ObjectHelpers
require 'net/ldap'
require 'mocha/setup'
Redmine::SudoMode.disable!
class ActionView::TestCase
helper :application
include ApplicationHelper
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment