Create accounts automatically when authenticating from HTTP header (#2087)

* Create accounts automatically when authenticating from HTTP header * Disable password check when header auth is enabled * Formatting * Password change is valid when no password (old or new) is provided * Test suite runs with header auth disabled (mock config) Prevents nil pointer access (panic) while testing password validating logic * Use a constant prefix for autogenerated passwords (header auth case) * Add tests * Add context to log messages Co-authored-by: Deluan <deluan@navidrome.org>
2025-04-03 20:47:35 +03:00 · 2023-01-25 02:18:10 +01:00 · 2023-01-25 02:18:10 +01:00 · 1e24809ed6
commit 1e24809ed6
parent 9721ef8974
4 changed files with 60 additions and 7 deletions
--- a/persistence/user_repository_test.go
+++ b/persistence/user_repository_test.go
@ -6,6 +6,8 @@ import (

 	"github.com/beego/beego/v2/client/orm"
 	"github.com/deluan/rest"
+	"github.com/google/uuid"
+	"github.com/navidrome/navidrome/consts"
 	"github.com/navidrome/navidrome/log"
 	"github.com/navidrome/navidrome/model"
 	"github.com/navidrome/navidrome/tests"
@ -81,6 +83,34 @@ var _ = Describe("UserRepository", func() {
 			Expect(err).To(BeNil())
 		})

+		Context("Autogenerated password (used with Reverse Proxy Authentication)", func() {
+			var user model.User
+			BeforeEach(func() {
+				loggedUser.IsAdmin = false
+				loggedUser.Password = consts.PasswordAutogenPrefix + uuid.NewString()
+			})
+			It("does nothing if passwords are not specified", func() {
+				user = *loggedUser
+				err := validatePasswordChange(&user, loggedUser)
+				Expect(err).To(BeNil())
+			})
+			It("does not requires currentPassword for regular user", func() {
+				user = *loggedUser
+				user.CurrentPassword = ""
+				user.NewPassword = "new"
+				err := validatePasswordChange(&user, loggedUser)
+				Expect(err).ToNot(HaveOccurred())
+			})
+			It("does not requires currentPassword for admin", func() {
+				loggedUser.IsAdmin = true
+				user = *loggedUser
+				user.CurrentPassword = ""
+				user.NewPassword = "new"
+				err := validatePasswordChange(&user, loggedUser)
+				Expect(err).ToNot(HaveOccurred())
+			})
+		})
+
 		Context("Logged User is admin", func() {
 			BeforeEach(func() {
 				loggedUser.IsAdmin = true