0001-ldap_backend-skip-authentication-on-wrong-user-filte.patch
src/authentic2/backends/ldap_backend.py | ||
---|---|---|
516 | 516 |
uid, realm = username.rsplit('@', 1) |
517 | 517 |
if realm and block.get('realm') != realm: |
518 | 518 |
continue |
519 |
if '%s' not in block['user_filter']: |
|
520 |
log.error( |
|
521 |
"account name authentication filter doesn't contain '%s'") |
|
522 |
continue |
|
519 | 523 |
user = self.authenticate_block(block, uid, password) |
520 | 524 |
if user is not None: |
521 | 525 |
return user |
tests/test_ldap.py | ||
---|---|---|
817 | 817 |
assert all([user.userexternalid_set.first().external_id |
818 | 818 |
== urlparse.quote(user.username.split('@')[0].encode('utf-8')) |
819 | 819 |
for user in User.objects.all()]) |
820 | ||
821 | ||
822 |
def test_alert_on_wrong_user_filter(slapd, settings, client, db, caplog): |
|
823 |
settings.LDAP_AUTH_SETTINGS = [{ |
|
824 |
'url': [slapd.ldap_url], |
|
825 |
'basedn': u'o=ôrga', |
|
826 |
'use_tls': False, |
|
827 |
'user_filter': '(&(objectClass=user)(sAMAccountName=*)', #wrong |
|
828 | ||
829 |
}] |
|
830 |
with utils.check_log(caplog, "account name authentication filter doesn't contain '%s'"): |
|
831 |
response = client.post('/login/', {'login-password-submit': '1', |
|
832 |
'username': USERNAME, |
|
833 |
'password': PASS}, follow=True) |
|
820 |
- |