feat: do not allow user_id_only login for admins (#2904)

This commit is contained in:
Vlad Stan 2025-01-23 15:01:54 +02:00 committed by GitHub
parent b6bdf50ed7
commit f845bfe651
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
6 changed files with 115 additions and 29 deletions

View file

@ -12,14 +12,14 @@ from lnbits.app import create_app
from lnbits.core.crud import (
create_wallet,
delete_account,
get_account,
get_account_by_username,
get_payment,
get_user_from_account,
update_payment,
)
from lnbits.core.models import Account, CreateInvoice, PaymentState, User
from lnbits.core.models.users import UpdateSuperuserPassword
from lnbits.core.services import create_user_account, update_wallet_balance
from lnbits.core.views.auth_api import first_install
from lnbits.core.views.payment_api import _api_payments_create_invoice
from lnbits.db import DB_TYPE, SQLITE, Database
from lnbits.settings import AuthMethods, Settings
@ -62,7 +62,15 @@ def run_before_and_after_tests(settings: Settings):
async def app(settings: Settings):
app = create_app()
async with LifespanManager(app) as manager:
settings.first_install = False
settings.first_install = True
await first_install(
UpdateSuperuserPassword(
username="superadmin",
password="secret1234",
password_repeat="secret1234",
)
)
yield manager.app
@ -150,20 +158,14 @@ async def to_user():
yield user
@pytest.fixture()
def from_super_user(from_user: User, settings: Settings):
prev = settings.super_user
settings.super_user = from_user.id
yield from_user
settings.super_user = prev
@pytest.fixture(scope="session")
async def superuser(settings: Settings):
account = await get_account(settings.super_user)
assert account, "Superuser not found"
user = await get_user_from_account(account)
yield user
async def superuser_token(client: AsyncClient):
response = await client.post(
"/api/v1/auth", json={"username": "superadmin", "password": "secret1234"}
)
client.cookies.clear()
yield response.json().get("access_token")
@pytest.fixture(scope="session")
@ -307,3 +309,4 @@ def _settings_cleanup(settings: Settings):
settings.lnbits_service_fee = 0
settings.lnbits_wallet_limit_daily_max_withdraw = 0
settings.lnbits_admin_extensions = []
settings.lnbits_admin_users = []