Adds a configuration setting to enable sudo mode, disabled by default (#19851).

author Jean-Philippe Lang <jp_lang@yahoo.fr>

Fri, 19 Jun 2015 19:42:49 +0000 (19:42 +0000)

committer Jean-Philippe Lang <jp_lang@yahoo.fr>

Fri, 19 Jun 2015 19:42:49 +0000 (19:42 +0000)
author Jean-Philippe Lang <jp_lang@yahoo.fr>
Fri, 19 Jun 2015 19:42:49 +0000 (19:42 +0000)
committer Jean-Philippe Lang <jp_lang@yahoo.fr>
Fri, 19 Jun 2015 19:42:49 +0000 (19:42 +0000)
diff --git a/config/configuration.yml.example b/config/configuration.yml.example

index e6a8c6e2035da50ff3ec79db212aba15d96dfc3c..1ce65e31dd63ae56a649810bcb4d9a634c929470 100644 (file)
--- a/config/configuration.yml.example
+++ b/config/configuration.yml.example
@@ -170,6 +170,13 @@ default:
    # same secret token on each machine.
    #secret_token: 'change it to a long random string'
  
+  # Requires users to re-enter their password for sensitive actions (editing
+  # of account data, project memberships, application settings, user, group,
+  # role, auth source management and project deletion).
+  # Disabled by default.
+  #
+  #sudo_mode: true
+
    # Absolute path (e.g. /usr/bin/convert, c:/im/convert.exe) to
    # the ImageMagick's `convert` binary. Used to generate attachment thumbnails.
    #imagemagick_convert_command:
diff --git a/lib/redmine/sudo_mode.rb b/lib/redmine/sudo_mode.rb

index 3197fe11b5149b02159a7df5bedf4aa9f942c52d..afbbba5eb239d36f75e8f544e5270c91949fd1f7 100644 (file)
--- a/lib/redmine/sudo_mode.rb
+++ b/lib/redmine/sudo_mode.rb
@@ -202,7 +202,7 @@ module Redmine
      end
  
      def self.possible?
-      !disabled? && User.current.logged?
+      enabled? && User.current.logged?
      end
  
      # Turn off sudo mode (never require password entry).
@@ -215,10 +215,9 @@ module Redmine
        RequestStore.store[:sudo_mode_disabled] = nil
      end
  
-    def self.disabled?
-      !!RequestStore.store[:sudo_mode_disabled]
+    def self.enabled?
+      Redmine::Configuration['sudo_mode'] && !RequestStore.store[:sudo_mode_disabled]
      end
-
    end
  end
  
diff --git a/test/functional/auth_sources_controller_test.rb b/test/functional/auth_sources_controller_test.rb

index 580624ec05d0fb5e655a59c2a18184c088043a88..7e15ee8a39100ced88e1d6f16a68643b5e73d775 100644 (file)
--- a/test/functional/auth_sources_controller_test.rb
+++ b/test/functional/auth_sources_controller_test.rb
@@ -22,7 +22,6 @@ class AuthSourcesControllerTest < ActionController::TestCase
  
    def setup
      @request.session[:user_id] = 1
-    Redmine::SudoMode.disable!
    end
  
    def test_index
diff --git a/test/functional/email_addresses_controller_test.rb b/test/functional/email_addresses_controller_test.rb

index 88bad24e71922e8f35645141f8a3ea650c11651a..7c52d9c1d98347038982ca4f37609a618133eea6 100644 (file)
--- a/test/functional/email_addresses_controller_test.rb
+++ b/test/functional/email_addresses_controller_test.rb
@@ -22,7 +22,6 @@ class EmailAddressesControllerTest < ActionController::TestCase
  
    def setup
      User.current = nil
-    Redmine::SudoMode.disable!
    end
  
    def test_index_with_no_additional_emails
diff --git a/test/functional/groups_controller_test.rb b/test/functional/groups_controller_test.rb

index c928e24a3da410a5319bcfd254869d58f8729e21..7bce2af56b4a22147f8fc6ff588c3fd12a6d16ba 100644 (file)
--- a/test/functional/groups_controller_test.rb
+++ b/test/functional/groups_controller_test.rb
@@ -22,7 +22,6 @@ class GroupsControllerTest < ActionController::TestCase
  
    def setup
      @request.session[:user_id] = 1
-    Redmine::SudoMode.disable!
    end
  
    def test_index
diff --git a/test/functional/members_controller_test.rb b/test/functional/members_controller_test.rb

index 197158c358f79e624eac4bfea698cc40604a867c..5bad287452cec70b9a46020d8f8e66bf54044e7b 100644 (file)
--- a/test/functional/members_controller_test.rb
+++ b/test/functional/members_controller_test.rb
@@ -23,7 +23,6 @@ class MembersControllerTest < ActionController::TestCase
    def setup
      User.current = nil
      @request.session[:user_id] = 2
-    Redmine::SudoMode.disable!
    end
  
    def test_new
diff --git a/test/functional/my_controller_test.rb b/test/functional/my_controller_test.rb

index c2eee6e7331b4a55ba58515bb840a7412f7b1e9f..5a7b33940d67abed43296670a564109d7c00aed0 100644 (file)
--- a/test/functional/my_controller_test.rb
+++ b/test/functional/my_controller_test.rb
@@ -23,7 +23,6 @@ class MyControllerTest < ActionController::TestCase
  
    def setup
      @request.session[:user_id] = 2
-    Redmine::SudoMode.disable!
    end
  
    def test_index
diff --git a/test/functional/projects_controller_test.rb b/test/functional/projects_controller_test.rb

index 1bfa200408c5de347c935a93fbcb42f074d8ca4f..2efb98ccdedb1a6e53c4ae94a212561a96d1f0bc 100644 (file)
--- a/test/functional/projects_controller_test.rb
+++ b/test/functional/projects_controller_test.rb
@@ -28,7 +28,6 @@ class ProjectsControllerTest < ActionController::TestCase
    def setup
      @request.session[:user_id] = nil
      Setting.default_language = 'en'
-    Redmine::SudoMode.disable!
    end
  
    def test_index_by_anonymous_should_not_show_private_projects
diff --git a/test/functional/roles_controller_test.rb b/test/functional/roles_controller_test.rb

index 21073f832e824eb4496f07cdcbfd32cf71314f3f..b5c80f2e909dc8781c0915afdc014b0ec63b23f3 100644 (file)
--- a/test/functional/roles_controller_test.rb
+++ b/test/functional/roles_controller_test.rb
@@ -23,7 +23,6 @@ class RolesControllerTest < ActionController::TestCase
    def setup
      User.current = nil
      @request.session[:user_id] = 1 # admin
-    Redmine::SudoMode.disable!
    end
  
    def test_index
diff --git a/test/functional/settings_controller_test.rb b/test/functional/settings_controller_test.rb

index aeefa8f988609fd5b615502b607e966f6aaa4a26..de5fddd8af7d81008fa3ede97567123b54c26df3 100644 (file)
--- a/test/functional/settings_controller_test.rb
+++ b/test/functional/settings_controller_test.rb
@@ -24,7 +24,6 @@ class SettingsControllerTest < ActionController::TestCase
    def setup
      User.current = nil
      @request.session[:user_id] = 1 # admin
-    Redmine::SudoMode.disable!
    end
  
    def test_index
diff --git a/test/functional/users_controller_test.rb b/test/functional/users_controller_test.rb

index d6d18dc19a69346f7465ad4d2b930e8096c493c8..b34c80945e4c658008a06fdd32e22e87cfd29f7c 100644 (file)
--- a/test/functional/users_controller_test.rb
+++ b/test/functional/users_controller_test.rb
@@ -30,7 +30,6 @@ class UsersControllerTest < ActionController::TestCase
    def setup
      User.current = nil
      @request.session[:user_id] = 1 # admin
-    Redmine::SudoMode.disable!
    end
  
    def test_index
diff --git a/test/integration/admin_test.rb b/test/integration/admin_test.rb

index ef95cc9df25432e0323a2894fbbed8d36712f19f..402d0ed3a117ce58b76bf8165f7870b763b26bc3 100644 (file)
--- a/test/integration/admin_test.rb
+++ b/test/integration/admin_test.rb
@@ -26,14 +26,6 @@ class AdminTest < Redmine::IntegrationTest
             :members,
             :enabled_modules
  
-  def setup
-    Redmine::SudoMode.enable!
-  end
-
-  def teardown
-    Redmine::SudoMode.disable!
-  end
-
    def test_add_user
      log_user("admin", "admin")
      get "/users/new"
@@ -44,15 +36,6 @@ class AdminTest < Redmine::IntegrationTest
                      :lastname => "Smith", :mail => "psmith@somenet.foo",
                      :language => "en", :password => "psmith09",
                      :password_confirmation => "psmith09" }
-    assert_response :success
-    assert_nil User.find_by_login("psmith")
-
-    post "/users",
-         :user => { :login => "psmith", :firstname => "Paul",
-                    :lastname => "Smith", :mail => "psmith@somenet.foo",
-                    :language => "en", :password => "psmith09",
-                    :password_confirmation => "psmith09" },
-         :sudo_password => 'admin'
  
      user = User.find_by_login("psmith")
      assert_kind_of User, user
diff --git a/test/integration/sudo_test.rb b/test/integration/sudo_test.rb

index 13ccd0b96911fddfcfc09070a41949daa3257477..3bccd84a28c16932d34bc9a569ea45cb84b289c7 100644 (file)
--- a/test/integration/sudo_test.rb
+++ b/test/integration/sudo_test.rb
@@ -4,11 +4,31 @@ class SudoTest < Redmine::IntegrationTest
    fixtures :projects, :members, :member_roles, :roles, :users
  
    def setup
-    Redmine::SudoMode.enable!
+    Redmine::SudoMode.stubs(:enabled?).returns(true)
    end
  
-  def teardown
-    Redmine::SudoMode.disable!
+  def test_add_user
+    log_user("admin", "admin")
+    get "/users/new"
+    assert_response :success
+    post "/users",
+         :user => { :login => "psmith", :firstname => "Paul",
+                    :lastname => "Smith", :mail => "psmith@somenet.foo",
+                    :language => "en", :password => "psmith09",
+                    :password_confirmation => "psmith09" }
+    assert_response :success
+    assert_nil User.find_by_login("psmith")
+
+    post "/users",
+         :user => { :login => "psmith", :firstname => "Paul",
+                    :lastname => "Smith", :mail => "psmith@somenet.foo",
+                    :language => "en", :password => "psmith09",
+                    :password_confirmation => "psmith09" },
+         :sudo_password => 'admin'
+    assert_response 302
+
+    user = User.find_by_login("psmith")
+    assert_kind_of User, user
    end
  
    def test_create_member_xhr
diff --git a/test/test_helper.rb b/test/test_helper.rb

index d163c10b279970c7089cbdc7f2f396d67c8d6f84..be4e68e180d21f128b87ed2e87c5766aa5634f02 100644 (file)
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@@ -33,6 +33,8 @@ include ObjectHelpers
  require 'net/ldap'
  require 'mocha/setup'
  
+Redmine::SudoMode.disable!
+
  class ActionView::TestCase
    helper :application
    include ApplicationHelper
author	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Fri, 19 Jun 2015 19:42:49 +0000 (19:42 +0000)
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Fri, 19 Jun 2015 19:42:49 +0000 (19:42 +0000)
config/configuration.yml.example		patch \| blob \| history
lib/redmine/sudo_mode.rb		patch \| blob \| history
test/functional/auth_sources_controller_test.rb		patch \| blob \| history
test/functional/email_addresses_controller_test.rb		patch \| blob \| history
test/functional/groups_controller_test.rb		patch \| blob \| history
test/functional/members_controller_test.rb		patch \| blob \| history
test/functional/my_controller_test.rb		patch \| blob \| history
test/functional/projects_controller_test.rb		patch \| blob \| history
test/functional/roles_controller_test.rb		patch \| blob \| history
test/functional/settings_controller_test.rb		patch \| blob \| history
test/functional/users_controller_test.rb		patch \| blob \| history
test/integration/admin_test.rb		patch \| blob \| history
test/integration/sudo_test.rb		patch \| blob \| history
test/test_helper.rb		patch \| blob \| history