backoffice: close backoffice if an IdP is defined (#10440)
This commit is contained in:
parent
8fd46311a5
commit
43d0336bb4
|
@ -100,6 +100,12 @@ def test_empty_site(pub):
|
|||
resp = get_app(pub).get('/backoffice/')
|
||||
resp = resp.click('Settings', index=0)
|
||||
|
||||
def test_empty_site_but_idp_settings(pub):
|
||||
pub.cfg['idp'] = {'xxx': {}}
|
||||
pub.write_cfg()
|
||||
resp = get_app(pub).get('/backoffice/')
|
||||
assert resp.location == 'http://example.net/login/?next=http%3A%2F%2Fexample.net%2Fbackoffice%2F'
|
||||
|
||||
def test_with_user(pub):
|
||||
create_superuser(pub)
|
||||
resp = get_app(pub).get('/backoffice/', status=302)
|
||||
|
@ -3994,10 +4000,12 @@ def test_settings_auth(pub):
|
|||
|
||||
@pytest.mark.skipif('lasso is None')
|
||||
def test_settings_idp(pub):
|
||||
pub.user_class.wipe() # makes sure there are no users
|
||||
# create admin session
|
||||
create_superuser(pub)
|
||||
app = login(get_app(pub))
|
||||
|
||||
pub.cfg['identification'] = {'methods': ['idp']}
|
||||
pub.write_cfg()
|
||||
app = get_app(pub)
|
||||
app.get('/saml/metadata', status=404)
|
||||
resp = app.get('/backoffice/settings/')
|
||||
resp = resp.click(href='identification/idp/')
|
||||
|
|
|
@ -139,6 +139,10 @@ class RootDirectory(BackofficeRootDirectory):
|
|||
'Please login.'))
|
||||
if not user.can_go_in_backoffice():
|
||||
raise errors.AccessForbiddenError()
|
||||
else:
|
||||
# empty site
|
||||
if get_cfg('idp'): # but already configured for IdP
|
||||
raise errors.AccessUnauthorizedError()
|
||||
|
||||
get_response().filter['in_backoffice'] = True
|
||||
|
||||
|
|
Loading…
Reference in New Issue