SONAR-7254 Update rails authentication to take into account user.local

3 files changed, 10 insertions, 4 deletions

diff --git a/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/users_controller.rb b/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/users_controller.rb
index 7a0729b623a..40221c6465f 100644
--- a/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/users_controller.rb
+++ b/server/sonar-web/src/main/webapp/WEB-INF/app/controllers/users_controller.rb
@@ -68,6 +68,7 @@ class UsersController < ApplicationController
     user = User.new(params[:user])
     user.external_identity = user.login
     user.external_identity_provider = 'sonarqube'
+    user.user_local = true
     default_group_name=java_facade.getSettings().getString('sonar.defaultGroup')
     default_group=Group.find_by_name(default_group_name)
     user.groups<<default_group if default_group
diff --git a/server/sonar-web/src/main/webapp/WEB-INF/app/models/user.rb b/server/sonar-web/src/main/webapp/WEB-INF/app/models/user.rb
index a619978a305..4d3c4dca84d 100644
--- a/server/sonar-web/src/main/webapp/WEB-INF/app/models/user.rb
+++ b/server/sonar-web/src/main/webapp/WEB-INF/app/models/user.rb
@@ -61,8 +61,8 @@ class User < ActiveRecord::Base
   # HACK HACK HACK -- how to do attr_accessible from here?
   # prevents a user from submitting a crafted form that bypasses activation
   # anything else you want your user to change should be added here.
-  attr_accessible :login, :email, :name, :password, :password_confirmation, :external_identity, :external_identity_provider
-  attr_accessor :token_authenticated, :external_identity, :external_identity_provider
+  attr_accessible :login, :email, :name, :password, :password_confirmation, :external_identity, :external_identity_provider, :user_local
+  attr_accessor :token_authenticated, :external_identity, :external_identity_provider, :user_local
 
   ####
   # As now dates are saved in long they should be no more automatically managed by Rails
@@ -93,6 +93,10 @@ class User < ActiveRecord::Base
     write_attribute :external_identity_provider, value
   end
 
+  def user_local=(value)
+    write_attribute :user_local, value
+  end
+
   # SCM accounts should also contain login and email
   def full_scm_accounts
     new_scm_accounts = self.scm_accounts.split(/\r?\n/).reject { |c| c.empty? } if self.scm_accounts
diff --git a/server/sonar-web/src/main/webapp/WEB-INF/lib/need_authentication.rb b/server/sonar-web/src/main/webapp/WEB-INF/lib/need_authentication.rb
index b3fb607fa07..e6c0bd18d87 100644
--- a/server/sonar-web/src/main/webapp/WEB-INF/lib/need_authentication.rb
+++ b/server/sonar-web/src/main/webapp/WEB-INF/lib/need_authentication.rb
@@ -49,8 +49,8 @@ class PluginRealm
   end
 
   def authenticate?(username, password, servlet_request)
-    local_users = Api::Utils.java_facade.getSettings().getStringArray('sonar.security.localUsers')
-    if local_users.include? username
+    countUserLocal = User.count('id', :conditions => ['login=? and user_local=?', username, true])
+    if countUserLocal > 0
       local_auth(username, password)
     else
       auth(username, password, servlet_request)
@@ -134,6 +134,7 @@ class PluginRealm
         user = User.new(:login => username, :name => username, :email => '', :created_at => now, :updated_at => now)
         user.external_identity = username
         user.external_identity_provider = 'sonarqube'
+        user.user_local = false
 
         if details
           user.name = details.getName()