Revert broken features in 2.11 (#3067)

* Revert broken features * Missing test case

Revert broken features in 2.11 (#3067)
37a66dcc · Ahmad Farhat · GitHub · 964d7468 · 37a66dcc · 37a66dcc
Unverified Commit 37a66dcc authored Jan 13, 2022 by Ahmad Farhat Committed by GitHub Jan 13, 2022
--- a/app/controllers/password_resets_controller.rb
+++ b/app/controllers/password_resets_controller.rb
@@ -19,7 +19,6 @@
 class PasswordResetsController < ApplicationController
  include Emailer
-  before_action :disable_password_reset, unless: -> { Rails.configuration.enable_email_verification }
  before_action :find_user, only: [:edit, :update]
  before_action :check_expiration, only: [:edit, :update]
@@ -83,11 +82,6 @@ class PasswordResetsController < ApplicationController
    redirect_to new_password_reset_url, alert: I18n.t("expired_reset_token") if @user.password_reset_expired?
  end
-  # Redirects to 404 if emails are not enabled
-  def disable_password_reset
-    redirect_to '/404'
-  end
  # Checks that the captcha passed is valid
  def valid_captcha
    return true unless Rails.configuration.recaptcha_enabled

--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -67,9 +67,6 @@ class SessionsController < ApplicationController
    user = User.include_deleted.find_by(email: session_params[:email].downcase)
-    # Check if account is locked out due to too many attempts
-    return redirect_to(signin_path, alert: I18n.t("login_page.locked_out")) if user.locked_out?
    is_super_admin = user&.has_role? :super_admin
    # Scope user to domain if the user is not a super admin
@@ -84,7 +81,6 @@ class SessionsController < ApplicationController
    # Check correct password was entered
    unless user.try(:authenticate, session_params[:password])
      logger.info "Support: #{session_params[:email]} login failed."
-      user.update(failed_attempts: user.failed_attempts.to_i + 1, last_failed_attempt: DateTime.now)
      return redirect_to(signin_path, alert: I18n.t("invalid_credentials"))
    end
@@ -142,7 +138,12 @@ flash: { alert: I18n.t("registration.insecure_password") } unless user.secure_pa
    ldap_config[:bind_dn] = ENV['LDAP_BIND_DN']
    ldap_config[:password] = ENV['LDAP_PASSWORD']
    ldap_config[:auth_method] = ENV['LDAP_AUTH']
-    ldap_config[:encryption] = ldap_encryption
+    ldap_config[:encryption] = case ENV['LDAP_METHOD']
+                               when 'ssl'
+                                 'simple_tls'
+                               when 'tls'
+                                 'start_tls'
+                               end
    ldap_config[:base] = ENV['LDAP_BASE']
    ldap_config[:filter] = ENV['LDAP_FILTER']
    ldap_config[:uid] = ENV['LDAP_UID']

--- a/config/application.rb
+++ b/config/application.rb
@@ -182,7 +182,7 @@ module Greenlight
    config.moderator_codes_default = "disabled"
    # Default admin password
-    config.admin_password_default = ENV['ADMIN_PASSWORD'] || 'administrator'
+    config.admin_password_default = ENV['ADMIN_PASSWORD'] || 'Administrator1!'
    # Max avatar image size
    config.max_avatar_size = ENV['MAX_AVATAR_SIZE'].to_i.zero? ? 100_000 : ENV['MAX_AVATAR_SIZE'].to_i

--- a/spec/controllers/password_resets_controller_spec.rb
+++ b/spec/controllers/password_resets_controller_spec.rb
@@ -62,15 +62,6 @@ describe PasswordResetsController, type: :controller do
      end
    end
-    context "does not allow mail notifications" do
-      before { allow(Rails.configuration).to receive(:enable_email_verification).and_return(false) }
-      it "renders a 404 page upon if email notifications are disabled" do
-        get :create
-        expect(response).to redirect_to("/404")
-      end
-    end
    context "reCAPTCHA enabled" do
      before do
        allow(Rails.configuration).to receive(:enable_email_verification).and_return(true)

--- a/spec/controllers/sessions_controller_spec.rb
+++ b/spec/controllers/sessions_controller_spec.rb
@@ -302,39 +302,6 @@ describe SessionsController, type: :controller do
      expect(response).to redirect_to(edit_password_reset_path("reset_token"))
    end
-    context "account lockout due to failed attempts" do
-      it "increases failed_attempts if the credentials are incorrect" do
-        freeze_time do
-          3.times do
-            post :create, params: {
-              session: {
-                email: @user1.email,
-                password: 'invalid',
-              },
-            }
-          end
-          expect(@user1.reload.failed_attempts).to eq(3)
-          expect(@user1.last_failed_attempt).to eq(DateTime.now)
-        end
-      end
-      it "locks out the user if the attempts are > 5 in the past 24 hours" do
-        @user1.update(failed_attempts: 6, last_failed_attempt: 5.minutes.ago)
-        post :create, params: {
-          session: {
-            email: @user1.email,
-            password: 'Example1!',
-          },
-        }
-        expect(@request.session[:user_id]).to be_nil
-        expect(flash[:alert]).to eq(I18n.t("login_page.locked_out"))
-        expect(response).to redirect_to(signin_path)
-      end
-    end
  end
  describe "GET/POST #omniauth" do