Projet

Général

Profil

0001-WIP-ldap_backend-fix-encoding-errors-during-user-syn.patch

Paul Marillonnet, 11 octobre 2017 19:06

Télécharger (5,37 ko)

Voir les différences: 

Subject: [PATCH] WIP ldap_backend : fix encoding errors during user
 synchronization (#19168)


 src/authentic2/backends/ldap_backend.py | 20 ++++++++++++++++++++
 tests/test_ldap.py                      | 27 +++++++++++++++++++++++++++
 2 files changed, 47 insertions(+)
src/authentic2/backends/ldap_backend.py
319 319 
        # First get our configuration into a standard format
320 320 
        for block in blocks:
321 321 
            cls.update_default(block)
322 
            # python-ldap needs UTF-8 encoded strings
323 
            if isinstance(block.get('base_dn'), unicode):
324 
                block['base_dn'] = block['base_dn'].encode('utf-8')
322 325 
        log.debug('got config %r', blocks)
323 326 
        return blocks
324 327 

  		




  ......




  349
  352
  
    
        utf8_username = smart_bytes(username)

  		




  350
  353
  
    
        utf8_password = smart_bytes(password)

  		




  351
  354
  
    

  		




  
  355
  
    
        # python-ldap needs UTF-8 encoded strings

  		




  
  356
  
    
        for dn_subelement in ('basedn', 'user_basedn', 'user_dn_template'):

  		




  
  357
  
    
            if isinstance(block.get(dn_subelement), unicode):

  		




  
  358
  
    
                block[dn_sublement] = block[dn_subelement].encode('utf-8')

  		




  
  359
  
    

  		




  352
  360
  
    
        for conn in self.get_connections(block):

  		




  353
  361
  
    
            authz_ids = []

  		




  354
  362
  
    
            user_basedn = block.get('user_basedn') or block['basedn']

  		




  ......




  522
  530
  
    
        '''Retrieve group DNs from the LDAP by attributes (memberOf) or by

  		




  523
  531
  
    
           filter.

  		




  524
  532
  
    
        '''

  		




  
  533
  
    
        # python-ldap needs UTF-8 encoded strings

  		




  
  534
  
    
        if isinstance(block.get('group_base_dn'), unicode):

  		




  
  535
  
    
            block['group_base_dn'] = block['group_base_dn'].encode('utf-8')

  		




  525
  536
  
    
        group_base_dn = block.get('group_basedn', block['basedn'])

  		




  526
  537
  
    
        member_of_attribute = block['member_of_attribute']

  		




  527
  538
  
    
        group_filter = block['group_filter']

  		




  ......




  840
  851
  
    
            if conn is None:

  		




  841
  852
  
    
                logger.warning(u'unable to synchronize with LDAP servers %r', block['url'])

  		




  842
  853
  
    
                continue

  		




  
  854
  
    
            # python-ldap needs UTF-8 encoded strings.

  		




  
  855
  
    
            if isinstance(block.get('user_basedn'), unicode):

  		




  
  856
  
    
                block['user_basedn'] = block['user_basedn'].encode('utf-8')

  		




  843
  857
  
    
            user_basedn = block.get('user_basedn') or block['basedn']

  		




  844
  858
  
    
            user_filter = block['sync_ldap_users_filter'] or block['user_filter']

  		




  845
  859
  
    
            user_filter = user_filter.replace('%s', '*')

  		




  ......




  950
  964
  
    
                    auth = handler_class(*sasl_params)

  		




  951
  965
  
    
                    conn.sasl_interactive_bind_s(who, auth)

  		




  952
  966
  
    
                elif block['binddn'] and block['bindpw']:

  		




  
  967
  
    
                    # python-ldap needs UTF-8 encoded strings

  		




  
  968
  
    
                    if isinstance(block.get('binddn'), unicode):

  		




  
  969
  
    
                        block['binddn'] = block['binddn'].encode('utf-8')

  		




  953
  970
  
    
                    conn.bind_s(block['binddn'], block['bindpw'])

  		




  954
  971
  
    
                yield conn

  		




  955
  972
  
    
            except ldap.INVALID_CREDENTIALS:

  		




  ......




  1072
  1089
  
    
                            results = conn.search_s(dn, ldap.SCOPE_BASE)

  		




  1073
  1090
  
    
                        else:

  		




  1074
  1091
  
    
                            ldap_filter = self.external_id_to_filter(external_id, external_id_tuple)

  		




  
  1092
  
    
                            # python-ldap needs UTF-8 encoded strings

  		




  
  1093
  
    
                            if isinstance(block.get('basedn'), unicode):

  		




  
  1094
  
    
                                block['basedn'] = block['basedn'].encode('utf-8')

  		




  1075
  1095
  
    
                            results = conn.search_s(block['basedn'],

  		




  1076
  1096
  
    
                                                    ldap.SCOPE_SUBTREE, ldap_filter)

  		




  1077
  1097
  
    
                            if not results:

  		












  

    
      tests/test_ldap.py
    
  





  99
  99
  
    
    assert not user.check_password(PASS)

  		




  100
  100
  
    
    assert 'password' not in client.session['ldap-data']

  		




  101
  101
  
    

  		




  
  102
  
    
@pytest.mark.django_db

  		




  
  103
  
    
def test_accents_in_dn(slapd, settings, client):

  		




  
  104
  
    
    USERNAME_ACCENTS = u'etienne.michu'

  		




  
  105
  
    
    UID_ACCENTS = 'etienne.michu'

  		




  
  106
  
    
    settings.LDAP_AUTH_SETTINGS = [{

  		




  
  107
  
    
        'url': [slapd.ldap_url],

  		




  
  108
  
    
        'basedn': 'o=entité1',

  		




  
  109
  
    
        'use_tls': False,

  		




  
  110
  
    
    }]

  		




  
  111
  
    
    result = client.post('/login/', {'login-password-submit': '1',

  		




  
  112
  
    
                                     'username': USERNAME_ACCENTS,

  		




  
  113
  
    
                                     'password': PASS}, follow=True)

  		




  
  114
  
    
    assert result.status_code == 200

  		




  
  115
  
    
    assert 'Étienne Michu' in str(result)

  		




  
  116
  
    
    User = get_user_model()

  		




  
  117
  
    
    assert User.objects.count() == 1

  		




  
  118
  
    
    user = User.objects.get()

  		




  
  119
  
    
    assert user.username == u'%s@ldap' % USERNAME_ACCENTS

  		




  
  120
  
    
    assert user.first_name == u'Étienne'

  		




  
  121
  
    
    assert user.last_name == 'Michu'

  		




  
  122
  
    
    assert user.is_active is True

  		




  
  123
  
    
    assert user.is_superuser is False

  		




  
  124
  
    
    assert user.is_staff is False

  		




  
  125
  
    
    assert user.groups.count() == 0

  		




  
  126
  
    
    assert not user.check_password(PASS)

  		




  
  127
  
    
    assert 'password' not in client.session['ldap-data']

  		




  
  128
  
    

  		




  102
  129
  
    

  		




  103
  130
  
    
@pytest.mark.django_db

  		




  104
  131
  
    
def test_simple_with_binddn(slapd, settings, client):

  		




  105
  
  
    
-