diff --git a/Gemfile.lock b/Gemfile.lock index 3054363..21d2683 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -225,6 +225,7 @@ GEM PLATFORMS arm64-darwin-21 arm64-darwin-22 + arm64-darwin-23 x86_64-linux DEPENDENCIES diff --git a/README.md b/README.md index 76ad901..9be561e 100644 --- a/README.md +++ b/README.md @@ -149,7 +149,8 @@ These config options are namespaced in `config.console1984`: | `protected_urls` | The list of URLs corresponding with external systems to protect. | | `session_logger` | The system used to record session data. The default logger is `Console1984::SessionsLogger::Database`. | | `username_resolver` | Configure how the current user is determined for a given console session. The default is `Console1984::Username::EnvResolver.new("CONSOLE_USER")`, which returns the value of the environment variable `CONSOLE_USER`. | - | `ask_for_username_if_empty` | If `true`, the console will ask for a username if it is empty. If `false`, it will raise an error if no username is set. Defaults to `false`. | +| `ask_for_username_if_empty` | If `true`, the console will ask for a username if it is empty. If `false`, it will raise an error if no username is set. Defaults to `false`. | +| `user_authentication` | Can be set to a proc or other callable object that will receive the username as its sole argument. Can be used to implement user authentication and should raise an exception if authentication fails. Defaults to `nil`. | | `production_data_warning` | The text to show when a console session starts. | | `enter_unprotected_encryption_mode_warning` | The text to show when user enters into unprotected mode. | | `enter_protected_mode_warning` | The text to show when user go backs to protected mode. | diff --git a/lib/console1984/config.rb b/lib/console1984/config.rb index a744171..8a92dde 100644 --- a/lib/console1984/config.rb +++ b/lib/console1984/config.rb @@ -13,6 +13,7 @@ class Console1984::Config incinerate incinerate_after incineration_queue protections_config base_record_class + user_authentication debug test_mode ] @@ -56,6 +57,7 @@ def set_defaults self.incinerate_after = 30.days self.incineration_queue = "console1984_incineration" self.ask_for_username_if_empty = false + self.user_authentication = nil self.base_record_class = "::ApplicationRecord" diff --git a/lib/console1984/supervisor.rb b/lib/console1984/supervisor.rb index f789d9b..7fc8511 100644 --- a/lib/console1984/supervisor.rb +++ b/lib/console1984/supervisor.rb @@ -58,7 +58,9 @@ def require_dependencies end def start_session - session_logger.start_session current_username, ask_for_session_reason + username = current_username + Console1984.config.user_authentication&.call username + session_logger.start_session username, ask_for_session_reason end def stop_session diff --git a/test/supervisor_test.rb b/test/supervisor_test.rb index c089da6..de5805b 100644 --- a/test/supervisor_test.rb +++ b/test/supervisor_test.rb @@ -26,4 +26,29 @@ class IncinerationTest < ActiveSupport::TestCase ensure Console1984.config.ask_for_username_if_empty = original end + + test "can start a session if user_authentication is callable" do + original, Console1984.config.user_authentication = Console1984.config.user_authentication, ->(username) { true } + Console1984.username_resolver.username = "jorge" + + assert_nothing_raised do + type_when_prompted "No reason" do + @supervisor.start + end + end + ensure + Console1984.config.user_authentication = original + end + + test "cannot start a session if user_authentication is callable and raises an exception" do + original, Console1984.config.user_authentication = Console1984.config.user_authentication, ->(username) { raise "Authentication failed!" } + Console1984.username_resolver.username = "jorge" + + e = assert_raises RuntimeError do + @supervisor.start + end + assert_equal "Authentication failed!", e.message + ensure + Console1984.config.user_authentication = original + end end