diff --git a/config/configuration.yml.example b/config/configuration.yml.example index e6a8c6e..1ce65e3 100644 --- a/config/configuration.yml.example +++ b/config/configuration.yml.example @@ -170,6 +170,13 @@ default: # same secret token on each machine. #secret_token: 'change it to a long random string' + # Requires users to re-enter their password for sensitive actions (editing + # of account data, project memberships, application settings, user, group, + # role, auth source management and project deletion). + # Disabled by default. + # + #sudo_mode: true + # Absolute path (e.g. /usr/bin/convert, c:/im/convert.exe) to # the ImageMagick's `convert` binary. Used to generate attachment thumbnails. #imagemagick_convert_command: diff --git a/lib/redmine/sudo_mode.rb b/lib/redmine/sudo_mode.rb index 3197fe1..afbbba5 100644 --- a/lib/redmine/sudo_mode.rb +++ b/lib/redmine/sudo_mode.rb @@ -202,7 +202,7 @@ module Redmine end def self.possible? - !disabled? && User.current.logged? + enabled? && User.current.logged? end # Turn off sudo mode (never require password entry). @@ -215,10 +215,9 @@ module Redmine RequestStore.store[:sudo_mode_disabled] = nil end - def self.disabled? - !!RequestStore.store[:sudo_mode_disabled] + def self.enabled? + Redmine::Configuration['sudo_mode'] && !RequestStore.store[:sudo_mode_disabled] end - end end diff --git a/test/functional/auth_sources_controller_test.rb b/test/functional/auth_sources_controller_test.rb index 580624e..7e15ee8 100644 --- a/test/functional/auth_sources_controller_test.rb +++ b/test/functional/auth_sources_controller_test.rb @@ -22,7 +22,6 @@ class AuthSourcesControllerTest < ActionController::TestCase def setup @request.session[:user_id] = 1 - Redmine::SudoMode.disable! end def test_index diff --git a/test/functional/email_addresses_controller_test.rb b/test/functional/email_addresses_controller_test.rb index 88bad24..7c52d9c 100644 --- a/test/functional/email_addresses_controller_test.rb +++ b/test/functional/email_addresses_controller_test.rb @@ -22,7 +22,6 @@ class EmailAddressesControllerTest < ActionController::TestCase def setup User.current = nil - Redmine::SudoMode.disable! end def test_index_with_no_additional_emails diff --git a/test/functional/groups_controller_test.rb b/test/functional/groups_controller_test.rb index c928e24..7bce2af 100644 --- a/test/functional/groups_controller_test.rb +++ b/test/functional/groups_controller_test.rb @@ -22,7 +22,6 @@ class GroupsControllerTest < ActionController::TestCase def setup @request.session[:user_id] = 1 - Redmine::SudoMode.disable! end def test_index diff --git a/test/functional/members_controller_test.rb b/test/functional/members_controller_test.rb index 197158c..5bad287 100644 --- a/test/functional/members_controller_test.rb +++ b/test/functional/members_controller_test.rb @@ -23,7 +23,6 @@ class MembersControllerTest < ActionController::TestCase def setup User.current = nil @request.session[:user_id] = 2 - Redmine::SudoMode.disable! end def test_new diff --git a/test/functional/my_controller_test.rb b/test/functional/my_controller_test.rb index c2eee6e..5a7b339 100644 --- a/test/functional/my_controller_test.rb +++ b/test/functional/my_controller_test.rb @@ -23,7 +23,6 @@ class MyControllerTest < ActionController::TestCase def setup @request.session[:user_id] = 2 - Redmine::SudoMode.disable! end def test_index diff --git a/test/functional/projects_controller_test.rb b/test/functional/projects_controller_test.rb index 1bfa200..2efb98c 100644 --- a/test/functional/projects_controller_test.rb +++ b/test/functional/projects_controller_test.rb @@ -28,7 +28,6 @@ class ProjectsControllerTest < ActionController::TestCase def setup @request.session[:user_id] = nil Setting.default_language = 'en' - Redmine::SudoMode.disable! end def test_index_by_anonymous_should_not_show_private_projects diff --git a/test/functional/roles_controller_test.rb b/test/functional/roles_controller_test.rb index 21073f8..b5c80f2 100644 --- a/test/functional/roles_controller_test.rb +++ b/test/functional/roles_controller_test.rb @@ -23,7 +23,6 @@ class RolesControllerTest < ActionController::TestCase def setup User.current = nil @request.session[:user_id] = 1 # admin - Redmine::SudoMode.disable! end def test_index diff --git a/test/functional/settings_controller_test.rb b/test/functional/settings_controller_test.rb index aeefa8f..de5fddd 100644 --- a/test/functional/settings_controller_test.rb +++ b/test/functional/settings_controller_test.rb @@ -24,7 +24,6 @@ class SettingsControllerTest < ActionController::TestCase def setup User.current = nil @request.session[:user_id] = 1 # admin - Redmine::SudoMode.disable! end def test_index diff --git a/test/functional/users_controller_test.rb b/test/functional/users_controller_test.rb index d6d18dc..b34c809 100644 --- a/test/functional/users_controller_test.rb +++ b/test/functional/users_controller_test.rb @@ -30,7 +30,6 @@ class UsersControllerTest < ActionController::TestCase def setup User.current = nil @request.session[:user_id] = 1 # admin - Redmine::SudoMode.disable! end def test_index diff --git a/test/integration/admin_test.rb b/test/integration/admin_test.rb index ef95cc9..402d0ed 100644 --- a/test/integration/admin_test.rb +++ b/test/integration/admin_test.rb @@ -26,14 +26,6 @@ class AdminTest < Redmine::IntegrationTest :members, :enabled_modules - def setup - Redmine::SudoMode.enable! - end - - def teardown - Redmine::SudoMode.disable! - end - def test_add_user log_user("admin", "admin") get "/users/new" @@ -44,15 +36,6 @@ class AdminTest < Redmine::IntegrationTest :lastname => "Smith", :mail => "psmith@somenet.foo", :language => "en", :password => "psmith09", :password_confirmation => "psmith09" } - assert_response :success - assert_nil User.find_by_login("psmith") - - post "/users", - :user => { :login => "psmith", :firstname => "Paul", - :lastname => "Smith", :mail => "psmith@somenet.foo", - :language => "en", :password => "psmith09", - :password_confirmation => "psmith09" }, - :sudo_password => 'admin' user = User.find_by_login("psmith") assert_kind_of User, user diff --git a/test/integration/sudo_test.rb b/test/integration/sudo_test.rb index 13ccd0b..3bccd84 100644 --- a/test/integration/sudo_test.rb +++ b/test/integration/sudo_test.rb @@ -4,11 +4,31 @@ class SudoTest < Redmine::IntegrationTest fixtures :projects, :members, :member_roles, :roles, :users def setup - Redmine::SudoMode.enable! + Redmine::SudoMode.stubs(:enabled?).returns(true) end - def teardown - Redmine::SudoMode.disable! + def test_add_user + log_user("admin", "admin") + get "/users/new" + assert_response :success + post "/users", + :user => { :login => "psmith", :firstname => "Paul", + :lastname => "Smith", :mail => "psmith@somenet.foo", + :language => "en", :password => "psmith09", + :password_confirmation => "psmith09" } + assert_response :success + assert_nil User.find_by_login("psmith") + + post "/users", + :user => { :login => "psmith", :firstname => "Paul", + :lastname => "Smith", :mail => "psmith@somenet.foo", + :language => "en", :password => "psmith09", + :password_confirmation => "psmith09" }, + :sudo_password => 'admin' + assert_response 302 + + user = User.find_by_login("psmith") + assert_kind_of User, user end def test_create_member_xhr diff --git a/test/test_helper.rb b/test/test_helper.rb index d163c10..be4e68e 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -33,6 +33,8 @@ include ObjectHelpers require 'net/ldap' require 'mocha/setup' +Redmine::SudoMode.disable! + class ActionView::TestCase helper :application include ApplicationHelper