update spec

2025-12-30 07:39:43 -06:00 · 2025-10-10 02:17:57 +01:00
parent 5dcc5dc635
commit c218323f47
7 changed files with 44 additions and 4 deletions
--- a/app/controllers/accounts/stack_managers_controller.rb
+++ b/app/controllers/accounts/stack_managers_controller.rb
@@ -12,6 +12,11 @@ module Accounts

      # If the user is not having an email domain end in the
      # portainer stack url, don't log them out, just return a different unauthorized.
+      if !stack_manager.is_user?(current_user)
+        head :method_not_allowed
+        return
+      end
+
      if stack_manager.stack.client.authenticated?
        head :ok
      else
--- a/app/javascript/controllers/stack_manager/badge_controller.js
+++ b/app/javascript/controllers/stack_manager/badge_controller.js
@@ -5,7 +5,7 @@ const AUTHENTICATION_VERIFICATION_METHOD = "authentication";
 const URL_VERIFICATION_METHOD = "url";

 export default class extends Controller {
-  static targets = [ "message", "verifyUrlSuccess", "verifyUrlError", "verifyUrlLoading" ]
+  static targets = [ "message", "verifyUrlSuccess", "verifyUrlError", "verifyUrlLoading", "verifyUrlNotAllowed" ]

  static values = {
    verificationMethod: String,
@@ -27,6 +27,8 @@ export default class extends Controller {
      this.logout();
    } else if (result === PortainerChecker.STATUS_OK) {
      this.verifyUrlSuccessTarget.classList.remove('hidden')
+    } else if (result === PortainerChecker.STATUS_NOT_ALLOWED) {
+      this.verifyUrlNotAllowedTarget.classList.remove('hidden')
    } else {
      this.verifyUrlErrorTarget.classList.remove('hidden')
    }
--- a/app/javascript/utils/portainer.js
+++ b/app/javascript/utils/portainer.js
@@ -1,6 +1,7 @@
 export class PortainerChecker {
  static STATUS_OK = "ok";
  static STATUS_UNAUTHORIZED = "unauthorized";
+  static STATUS_NOT_ALLOWED = "not_allowed";
  static STATUS_ERROR = "error";

  csrfToken() {
@@ -24,6 +25,10 @@ export class PortainerChecker {
      return PortainerChecker.STATUS_UNAUTHORIZED;
    }

+    if (response.status === 405) {
+      return PortainerChecker.STATUS_NOT_ALLOWED;
+    }
+
    if (response.status === 502) {
      return PortainerChecker.STATUS_ERROR;
    }
--- a/app/views/devise/sessions/_portainer_badge.html.erb
+++ b/app/views/devise/sessions/_portainer_badge.html.erb
@@ -27,6 +27,13 @@
        >
          <iconify-icon icon="lucide:alert-circle" width="12" height="12" class="text-red-400 opacity-80 group-hover/badge:opacity-100 transition-opacity duration-200"></iconify-icon>
        </div>
+        <div
+          class="tooltip tooltip-bottom flex hidden"
+          data-tip="Your current login does not have access to this stack manager. Please logout and login with your portainer username and password."
+          data-stack-manager--badge-target="verifyUrlNotAllowed"
+        >
+          <iconify-icon icon="lucide:alert-circle" width="12" height="12" class="text-red-400 opacity-80 group-hover/badge:opacity-100 transition-opacity duration-200"></iconify-icon>
+        </div>
        <iconify-icon
          icon="lucide:loader-2"
          width="12"
--- a/lib/portainer/stack.rb
+++ b/lib/portainer/stack.rb
@@ -12,7 +12,7 @@ class Portainer::Stack
  end

  def connect(user, allow_anonymous: false)
-    access_token = if stack_manager.access_token.present? && !enable_role_based_access_control
+    access_token = if stack_manager.access_token.present? && !stack_manager.enable_role_based_access_control
      stack_manager.access_token
    elsif stack_manager.access_token.present? && allow_anonymous
      stack_manager.access_token
--- a/spec/actions/projects/create_spec.rb
+++ b/spec/actions/projects/create_spec.rb
@@ -90,7 +90,7 @@ RSpec.describe Projects::Create do

    context 'in cloud mode' do
      before do
-        allow(Rails.application.config).to receive(:local_mode).and_return(false)
+        allow(Rails.application.config).to receive(:cloud_mode).and_return(true)
      end

      it 'validates with github and registers webhooks' do
@@ -105,7 +105,7 @@ RSpec.describe Projects::Create do

    context 'in local mode' do
      before do
-        allow(Rails.application.config).to receive(:local_mode).and_return(true)
+        allow(Rails.application.config).to receive(:cloud_mode).and_return(false)
      end

      it 'validates with github and does not register webhooks' do
--- a/spec/models/stack_manager_spec.rb
+++ b/spec/models/stack_manager_spec.rb
@@ -107,4 +107,25 @@ RSpec.describe StackManager, type: :model do
      expect(stack_manager.provider_url).to eq(invalid_url)
    end
  end
+
+  describe '#domain_host' do
+    it 'returns the host' do
+      stack_manager = build(:stack_manager, provider_url: 'https://portainer.example.com:9443')
+      expect(stack_manager.domain_host).to eq('portainer.example.com')
+    end
+  end
+
+  describe '#is_user?' do
+    let(:stack_manager) { build(:stack_manager, provider_url: 'https://portainer.example.com') }
+
+    it 'returns true when user email ends with domain host' do
+      user = double('User', email: 'john@portainer.example.com')
+      expect(stack_manager.is_user?(user)).to be true
+    end
+
+    it 'returns false when user email does not end with domain host' do
+      user = double('User', email: 'john@otherdomain.com')
+      expect(stack_manager.is_user?(user)).to be false
+    end
+  end
 end