fix cross-shard-trusted-logins refs #6883

test plan: * log in with site admin credentials at an account on a different shard Change-Id: Ibdb26b345b409cbbd61cfdb45af563e8cdd0c138 Reviewed-on: https://gerrit.instructure.com/8075 Tested-by: Hudson <hudson@instructure.com> Reviewed-by: Tom Metge <tom@instructure.com> Reviewed-by: Jacob Fugal <jacob@instructure.com>
2012-01-13 15:08:03 -07:00 · 2012-01-13 15:08:03 -07:00 · 7dac720e62
parent 16cf731b2d
commit 7dac720e62
3 changed files with 28 additions and 8 deletions
--- a/app/controllers/pseudonym_sessions_controller.rb
+++ b/app/controllers/pseudonym_sessions_controller.rb
@ -125,9 +125,11 @@ class PseudonymSessionsController < ApplicationController
    end

    if !found && params[:pseudonym_session]
-      valid_alternatives = Pseudonym.trusted_by(@domain_root_account).custom_find_by_unique_id(params[:pseudonym_session][:unique_id], :all).select {|p|
-        p.valid_arbitrary_credentials?(params[:pseudonym_session][:password])
-      }
+      valid_alternatives = Shard.partition_by_shard(@domain_root_account.trusted_account_ids) do |account_ids|
+        Pseudonym.active.by_unique_id(params[:pseudonym_session][:unique_id]).find(:all, :conditions => { :account_id => account_ids }).select {|p|
+          p.valid_arbitrary_credentials?(params[:pseudonym_session][:password])
+        }
+      end
      # only log them in if these credentials match a single user
      if valid_alternatives.map(&:user).uniq.length == 1
        # prefer a pseudonym from Site Admin if possible, otherwise just choose one
--- a/app/models/account.rb
+++ b/app/models/account.rb
@ -1053,6 +1053,11 @@ class Account < ActiveRecord::Base
    root_account.grants_right?(user, session, :manage_user_logins)
  end

+  def trusted_account_ids
+    return [] if !root_account? || self == Account.site_admin
+    [ Account.site_admin.id ]
+  end
+
  named_scope :root_accounts, :conditions => {:root_account_id => nil}
  named_scope :processing_sis_batch, :conditions => ['accounts.current_sis_batch_id IS NOT NULL'], :order => :updated_at
  named_scope :name_like, lambda { |name|
--- a/spec/controllers/pseudonym_sessions_controller_spec.rb
+++ b/spec/controllers/pseudonym_sessions_controller_spec.rb
@ -16,7 +16,7 @@
 # with this program. If not, see <http://www.gnu.org/licenses/>.
 #

-require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
+require File.expand_path(File.dirname(__FILE__) + '/../sharding_spec_helper')

 describe PseudonymSessionsController do

@ -71,12 +71,9 @@ describe PseudonymSessionsController do
  end

  context "trusted logins" do
-    before do
-      Pseudonym.stubs(:trusted_by).with(Account.default).returns(Pseudonym.scoped({}))
-    end
-
    it "should login for a pseudonym from a different account" do
      account = Account.create!
+      Account.any_instance.stubs(:trusted_account_ids).returns([account.id])
      user_with_pseudonym(:username => 'jt@instructure.com', :active_all => 1, :password => 'qwerty', :account => account)
      post 'create', :pseudonym_session => { :unique_id => 'jt@instructure.com', :password => 'qwerty'}
      response.should redirect_to(dashboard_url(:login_success => 1))
@ -95,12 +92,28 @@ describe PseudonymSessionsController do
    it "should not login for multiple users with identical pseudonyms" do
      account1 = Account.create!
      account2 = Account.create!
+      Account.any_instance.stubs(:trusted_account_ids).returns([account1.id, account2.id])
      user_with_pseudonym(:username => 'jt@instructure.com', :active_all => 1, :password => 'qwerty', :account => account1)
      user_with_pseudonym(:username => 'jt@instructure.com', :active_all => 1, :password => 'qwerty', :account => account2)
      post 'create', :pseudonym_session => { :unique_id => 'jt@instructure.com', :password => 'qwerty'}
      response.should_not be_success
      response.should render_template('pseudonym_sessions/new')
    end
+
+    context "sharding" do
+      it_should_behave_like "sharding"
+
+      it "should login for a user from a different shard" do
+        user_with_pseudonym(:username => 'jt@instructure.com', :active_all => 1, :password => 'qwerty', :account => Account.site_admin)
+        @shard1.activate do
+          account = Account.create!
+          HostUrl.stubs(:default_domain_root_account).returns(account)
+          post 'create', :pseudonym_session => { :unique_id => 'jt@instructure.com', :password => 'qwerty' }
+          response.should redirect_to(dashboard_url(:login_success => 1))
+          assigns[:pseudonym].should == @pseudonym
+        end
+      end
+    end
  end

  context "merging" do