0001-ldap_backend-remove-imprecise-role-creation-capabili.patch

Paul Marillonnet, 06 décembre 2017 11:04

Voir les différences: en ligne côte à côte

Subject: [PATCH] ldap_backend: remove imprecise role creation capability
 (#20454)

 src/authentic2/backends/ldap_backend.py | 18 +++++-------------
 tests/test_ldap.py                      | 22 ----------------------
 2 files changed, 5 insertions(+), 35 deletions(-)

             'is_staff': None,
             # create missing group if needed
             'create_group': False,
             # create missing role if needed
             'create_role': False,
             # attributes to retrieve and store with the user object
             'attributes': ['uid'],
             # default value for some attributes
-...
                 except Group.DoesNotExist:
                     return None
         def get_role_by_name(self, block, role_name, create=None):
         def get_role_by_name(self, block, role_name):
             '''Obtain a Django role'''
             if create is None:
                 create = block['create_role']
             if create:
                 role, created = Role.objects.get_or_create(name=role_name)
                 return role
             else:
                 try:
                     return Role.objects.get(name=role_name)
                 except Role.DoesNotExist:
                     return None
             try:
                 return Role.objects.get(name=role_name)
             except Role.DoesNotExist:
                 return None
         def populate_mandatory_groups(self, user, block):
             mandatory_groups = block.get('set_mandatory_groups')

     @pytest.mark.django_db
     def test_create_mandatory_roles(slapd, settings):
         User = get_user_model()
         settings.LDAP_AUTH_SETTINGS = [{
             'url': [slapd.ldap_url],
             'basedn': 'o=orga',
             'use_tls': False,
             'create_group': True,
             'group_mapping': [
                 ('cn=group2,o=orga', ['Group2']),
             ],
             'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))',
             'set_mandatory_roles': ['tech', 'admin'],
             'create_role': True,
         }]
         users = list(ldap_backend.LDAPBackend.get_users())
         assert User.objects.first().roles.count() == 2
     @pytest.mark.django_db
     def test_nocreate_mandatory_roles(slapd, settings):
         User = get_user_model()
         settings.LDAP_AUTH_SETTINGS = [{
-...
             ],
             'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))',
             'set_mandatory_roles': ['tech', 'admin'],
             'create_role': False,
         }]
         list(ldap_backend.LDAPBackend.get_users())
-...
             ],
             'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))',
             'set_mandatory_roles': ['tech', 'admin'],
             'create_role': False,
         }]
         response = app.get('/login/')
         response.form.set('username', USERNAME)
+    -

Projet

Général

Profil

Produits Entr'ouvert » Authentic 2

0001-ldap_backend-remove-imprecise-role-creation-capabili.patch