LDAP: Fix attempted modification of frozen hash (#39571)

This commit is contained in:
David Roetzel 2026-06-23 11:49:40 +02:00 committed by Claire
parent 4f425d9b77
commit b06e9f5a5e
2 changed files with 42 additions and 1 deletions

View File

@ -58,7 +58,7 @@ module User::LdapAuthenticable
if [:simple_tls, :start_tls].include?(Devise.ldap_method)
opts[:encryption] = {
method: Devise.ldap_method,
tls_options: OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.tap { |options| options[:verify_mode] = OpenSSL::SSL::VERIFY_NONE if Devise.ldap_tls_no_verify },
tls_options: OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.dup.tap { |options| options[:verify_mode] = OpenSSL::SSL::VERIFY_NONE if Devise.ldap_tls_no_verify },
}
end

View File

@ -0,0 +1,41 @@
# frozen_string_literal: true
require 'rails_helper'
RSpec.describe User::LdapAuthenticable do
describe '::ldap_options' do
subject { User.ldap_options }
it 'returns a hash' do
expect(subject).to be_a Hash
end
context 'when `Devise.ldap_method` is `simple_tls`' do
before do
Devise.ldap_method = :simple_tls
end
after do
Devise.ldap_method = nil
end
it 'includes `encryption` key' do
expect(subject).to have_key :encryption
end
context 'when `Devise.ldap_tls_no_verify` is set to `true`' do
before do
Devise.ldap_tls_no_verify = true
end
after do
Devise.ldap_tls_no_verify = false
end
it 'sets `verify_mode` correctly' do
expect(subject[:encryption][:tls_options][:verify_mode]).to eq OpenSSL::SSL::VERIFY_NONE
end
end
end
end
end