Merge pull request #23479 from kbrock/disable_admin

Fryguy · web-flow · commit 6253fa045b37 · 2025-06-12T18:10:41.000-04:00
Ensure authenticator respects local_login_disabled
diff --git a/app/models/authenticator.rb b/app/models/authenticator.rb
@@ -1,6 +1,6 @@
 module Authenticator
   def self.for(config, username = nil)
-    if username == 'admin'
+    if username == 'admin' && !::Settings.authentication.local_login_disabled
       Database.new(config)
     else
       authenticator_class(config[:mode])&.new(config)
diff --git a/spec/models/authenticator_spec.rb b/spec/models/authenticator_spec.rb
@@ -12,6 +12,11 @@
       expect(Authenticator.for({:mode => 'ldap'}, 'admin')).to be_a(Authenticator::Database)
       expect(Authenticator.for({:mode => 'httpd'}, 'admin')).to be_a(Authenticator::Database)
     end
+
+    it "instantiates matching class for admin when local_login_disabled is enabled" do
+      stub_settings_merge(:authentication => {:local_login_disabled => true})
+      expect(Authenticator.for({:mode => 'httpd'}, 'admin')).to be_a(Authenticator::Httpd)
+    end
   end
 
   describe '#authorize' do
