0001-ldap_backend-skip-authentication-on-wrong-user-filte.patch
| src/authentic2/backends/ldap_backend.py | ||
|---|---|---|
| 516 | 516 |
uid, realm = username.rsplit('@', 1)
|
| 517 | 517 |
if realm and block.get('realm') != realm:
|
| 518 | 518 |
continue |
| 519 |
if '%s' not in block['user_filter']: |
|
| 520 |
log.error( |
|
| 521 |
"account name authentication filter doesn't contain '%s'") |
|
| 522 |
continue |
|
| 519 | 523 |
user = self.authenticate_block(block, uid, password) |
| 520 | 524 |
if user is not None: |
| 521 | 525 |
return user |
| tests/test_ldap.py | ||
|---|---|---|
| 817 | 817 |
assert all([user.userexternalid_set.first().external_id |
| 818 | 818 |
== urlparse.quote(user.username.split('@')[0].encode('utf-8'))
|
| 819 | 819 |
for user in User.objects.all()]) |
| 820 | ||
| 821 | ||
| 822 |
def test_alert_on_wrong_user_filter(slapd, settings, client, db, caplog): |
|
| 823 |
settings.LDAP_AUTH_SETTINGS = [{
|
|
| 824 |
'url': [slapd.ldap_url], |
|
| 825 |
'basedn': u'o=ôrga', |
|
| 826 |
'use_tls': False, |
|
| 827 |
'user_filter': '(&(objectClass=user)(sAMAccountName=*)', #wrong |
|
| 828 | ||
| 829 |
}] |
|
| 830 |
with utils.check_log(caplog, "account name authentication filter doesn't contain '%s'"): |
|
| 831 |
response = client.post('/login/', {'login-password-submit': '1',
|
|
| 832 |
'username': USERNAME, |
|
| 833 |
'password': PASS}, follow=True) |
|
| 820 |
- |
|