mirror of
https://github.com/we-promise/sure.git
synced 2026-04-08 06:44:52 +00:00
b23711ae0d
* Add configuration and logic for dynamic SSO provider support and stricter JIT account creation - Introduced `config/auth.yml` for centralized auth configuration and documentation. - Added support for multiple SSO providers, including Google, GitHub, and OpenID Connect. - Implemented stricter JIT SSO account creation modes (`create_and_link` vs `link_only`). - Enabled optional restriction of JIT creation by allowed email domains. - Enhanced OmniAuth initializer for dynamic provider setup and better configurability. - Refined login UI to handle local login disabling and emergency super-admin override. - Updated account creation flow to respect JIT mode and domain checks. - Added tests for SSO account creation, login form visibility, and emergency overrides. # Conflicts: # app/controllers/sessions_controller.rb * remove non-translation * Refactor authentication views to use translation keys and update locale files - Extracted hardcoded strings in `oidc_accounts/link.html.erb` and `sessions/new.html.erb` into translation keys for better localization support. - Added missing translations for English and Spanish in `sessions` and `oidc_accounts` locale files. * Enhance OmniAuth provider configuration and refine local login override logic - Updated OmniAuth initializer to support dynamic provider configuration with `name` and scoped parameters for Google and GitHub. - Improved local login logic to enforce stricter handling of super-admin override when local login is disabled. - Added test for invalid super-admin override credentials. * Document Google sign-in configuration for local development and self-hosted environments --------- Co-authored-by: Josh Waldrep <joshua.waldrep5+github@gmail.com>
52 lines
1.9 KiB
Ruby
52 lines
1.9 KiB
Ruby
require "test_helper"
|
|
|
|
class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
|
|
setup do
|
|
@user = users(:family_admin)
|
|
end
|
|
|
|
test "new" do
|
|
get new_password_reset_path
|
|
assert_response :ok
|
|
end
|
|
|
|
test "create" do
|
|
assert_enqueued_emails 1 do
|
|
post password_reset_path, params: { email: @user.email }
|
|
assert_redirected_to new_password_reset_url(step: "pending")
|
|
end
|
|
end
|
|
|
|
test "edit" do
|
|
get edit_password_reset_path(token: @user.generate_token_for(:password_reset))
|
|
assert_response :ok
|
|
end
|
|
|
|
test "update" do
|
|
patch password_reset_path(token: @user.generate_token_for(:password_reset)),
|
|
params: { user: { password: "password", password_confirmation: "password" } }
|
|
assert_redirected_to new_session_url
|
|
end
|
|
|
|
test "all actions redirect when password features are disabled" do
|
|
AuthConfig.stubs(:password_features_enabled?).returns(false)
|
|
|
|
get new_password_reset_path
|
|
assert_redirected_to new_session_path
|
|
assert_equal "Password reset via Sure is disabled. Please reset your password through your identity provider.", flash[:alert]
|
|
|
|
post password_reset_path, params: { email: @user.email }
|
|
assert_redirected_to new_session_path
|
|
assert_equal "Password reset via Sure is disabled. Please reset your password through your identity provider.", flash[:alert]
|
|
|
|
get edit_password_reset_path(token: @user.generate_token_for(:password_reset))
|
|
assert_redirected_to new_session_path
|
|
assert_equal "Password reset via Sure is disabled. Please reset your password through your identity provider.", flash[:alert]
|
|
|
|
patch password_reset_path(token: @user.generate_token_for(:password_reset)),
|
|
params: { user: { password: "password", password_confirmation: "password" } }
|
|
assert_redirected_to new_session_path
|
|
assert_equal "Password reset via Sure is disabled. Please reset your password through your identity provider.", flash[:alert]
|
|
end
|
|
end
|