fix(auth): use micronaut only for detect if ldap is enabled (#735)

changed condition to display Login Form to be visible when LDAP is enabled within Micronaut instead of "LDAP to Akhq mapping" class Co-authored-by: Julien Chanaud <[email protected]>
tchiotludo · Jun 14, 2021 · 0a02ee4 · 0a02ee4
1 parent 717ba81
commit 0a02ee4
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 8 deletions.
diff --git a/src/main/java/org/akhq/configs/Ldap.java b/src/main/java/org/akhq/configs/Ldap.java
@@ -13,8 +13,4 @@ public class Ldap {
     private String defaultGroup;
     private List<GroupMapping> groups = new ArrayList<>();
     private List<UserMapping> users = new ArrayList<>();
-
-    public boolean isEnabled() {
-        return StringUtils.hasText(defaultGroup) || !getGroups().isEmpty() || !getUsers().isEmpty();
-    }
 }
diff --git a/src/main/java/org/akhq/controllers/AkhqController.java b/src/main/java/org/akhq/controllers/AkhqController.java
@@ -1,5 +1,6 @@
 package org.akhq.controllers;
 
+import io.micronaut.configuration.security.ldap.configuration.LdapConfiguration;
 import io.micronaut.context.ApplicationContext;
 import io.micronaut.core.annotation.Introspected;
 import io.micronaut.http.HttpResponse;
@@ -31,9 +32,6 @@ public class AkhqController extends AbstractController {
     @Inject
     private ApplicationContext applicationContext;
 
-    @Inject
-    private Ldap ldap;
-
     @Inject
     private SecurityProperties securityProperties;
 
@@ -69,7 +67,9 @@ public AuthDefinition auths() {
 
         if (applicationContext.containsBean(SecurityService.class)) {
             authDefinition.loginEnabled = true;
-            authDefinition.formEnabled = securityProperties.getBasicAuth().size() > 0 || ldap.isEnabled();
+            // Display login form if there are LocalUsers OR Ldap is enabled
+            authDefinition.formEnabled = securityProperties.getBasicAuth().size() > 0 ||
+                    applicationContext.containsBean(LdapConfiguration.class);
         }
 
         if (oidc.isEnabled()) {

diff --git a/src/test/java/org/akhq/controllers/AkhqControllerTest.java b/src/test/java/org/akhq/controllers/AkhqControllerTest.java
@@ -32,6 +32,7 @@ void auth() {
         );
 
         assertTrue(result.isLoginEnabled());
+        assertTrue(result.isFormEnabled());
     }
 
     @Test

diff --git a/src/test/java/org/akhq/modules/OidcAuthenticationProviderTest.java b/src/test/java/org/akhq/modules/OidcAuthenticationProviderTest.java
@@ -14,6 +14,7 @@
 import io.micronaut.test.extensions.junit5.annotation.MicronautTest;
 import io.reactivex.Flowable;
 import lombok.extern.slf4j.Slf4j;
+import org.akhq.controllers.AkhqController;
 import org.junit.jupiter.api.Test;
 import org.mockito.ArgumentMatchers;
 import org.mockito.Mockito;
@@ -46,6 +47,9 @@ public class OidcAuthenticationProviderTest {
     @Inject
     DefaultOpenIdProviderMetadata defaultOpenIdProviderMetadata;
 
+    @Inject
+    AkhqController akhqController;
+
     @Named("oidc")
     @MockBean(TokenEndpointClient.class)
     TokenEndpointClient tokenEndpointClient() {
@@ -230,4 +234,13 @@ public void failure() {
         assertThat(authenticationException.getResponse(), instanceOf(AuthenticationFailed.class));
         assertFalse(authenticationException.getResponse().isAuthenticated());
     }
+
+    @Test
+    void noLoginForm(){
+        AkhqController.AuthDefinition actual = akhqController.auths();
+
+        assertTrue(actual.isLoginEnabled(), "Login must be enabled with OIDC");
+        assertFalse(actual.isFormEnabled(), "Login Form must not be active if only OIDC is enabled");
+        assertFalse(actual.getOidcAuths().isEmpty());
+    }
 }
-Original file line number
+Diff line change
@@ Expand Up / @@ -32,6 +32,7 @@ void auth() { @@
             );
             assertTrue(result.isLoginEnabled());
+            assertTrue(result.isFormEnabled());
         }
         @Test
@@ Expand Down @@