Projet

Général

Profil

0001-ldap-do-not-fail-if-Role.MultipleObjectsReturned-is-.patch

Lauréline Guérin, 28 janvier 2020 16:19

Télécharger (3,55 ko)

Voir les différences: 

Subject: [PATCH] ldap: do not fail if Role.MultipleObjectsReturned is raised
 (#39274)


 src/authentic2/backends/ldap_backend.py |  2 +
 tests/test_ldap.py                      | 63 +++++++++++++++++++++++++
 2 files changed, 65 insertions(+)
src/authentic2/backends/ldap_backend.py
854 854 
                    return Role.objects.get(name=slug, **kwargs), None
855 855 
                except Role.DoesNotExist:
856 856 
                    error = ('role %r does not exist' % role_id)
857 
                except Role.MultipleObjectsReturned:
858 
                    error = 'multiple objects returned, identifier is imprecise'
857 859 
            except Role.MultipleObjectsReturned:
858 860 
                error = 'multiple objects returned, identifier is imprecise'
859 861 
        else:
tests/test_ldap.py
497 497 
    assert User.objects.first().roles.count() == 0
498 498 

  		




  499
  499
  
    

  		




  
  500
  
    
def test_from_slug_set_mandatory_roles(slapd, settings, db):

  		




  
  501
  
    
    from authentic2.a2_rbac.models import Role

  		




  
  502
  
    

  		




  
  503
  
    
    Role.objects.get_or_create(name='Tech', slug='tech')

  		




  
  504
  
    
    Role.objects.get_or_create(name='Admin', slug='admin')

  		




  
  505
  
    
    settings.LDAP_AUTH_SETTINGS = [{

  		




  
  506
  
    
        'url': [slapd.ldap_url],

  		




  
  507
  
    
        'basedn': u'o=ôrga',

  		




  
  508
  
    
        'use_tls': False,

  		




  
  509
  
    
        'create_group': True,

  		




  
  510
  
    
        'group_mapping': [

  		




  
  511
  
    
            [u'cn=group2,o=ôrga', ['Group2']],

  		




  
  512
  
    
        ],

  		




  
  513
  
    
        'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))',

  		




  
  514
  
    
        'set_mandatory_roles': ['tech', 'admin'],

  		




  
  515
  
    
    }]

  		




  
  516
  
    

  		




  
  517
  
    
    list(ldap_backend.LDAPBackend.get_users())

  		




  
  518
  
    
    assert User.objects.first().roles.count() == 2

  		




  
  519
  
    

  		




  
  520
  
    

  		




  
  521
  
    
def test_multiple_slug_set_mandatory_roles(slapd, settings, db):

  		




  
  522
  
    
    from authentic2.a2_rbac.models import Role

  		




  
  523
  
    

  		




  
  524
  
    
    Role.objects.create(name='foo', slug='tech')

  		




  
  525
  
    
    Role.objects.create(name='bar', slug='tech')

  		




  
  526
  
    
    settings.LDAP_AUTH_SETTINGS = [{

  		




  
  527
  
    
        'url': [slapd.ldap_url],

  		




  
  528
  
    
        'basedn': u'o=ôrga',

  		




  
  529
  
    
        'use_tls': False,

  		




  
  530
  
    
        'create_group': True,

  		




  
  531
  
    
        'group_mapping': [

  		




  
  532
  
    
            [u'cn=group2,o=ôrga', ['Group2']],

  		




  
  533
  
    
        ],

  		




  
  534
  
    
        'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))',

  		




  
  535
  
    
        'set_mandatory_roles': ['tech'],

  		




  
  536
  
    
    }]

  		




  
  537
  
    

  		




  
  538
  
    
    list(ldap_backend.LDAPBackend.get_users())

  		




  
  539
  
    
    assert User.objects.first().roles.count() == 0

  		




  
  540
  
    

  		




  
  541
  
    

  		




  
  542
  
    
def test_multiple_name_set_mandatory_roles(slapd, settings, db):

  		




  
  543
  
    
    from authentic2.a2_rbac.models import Role

  		




  
  544
  
    

  		




  
  545
  
    
    Role.objects.create(name='tech', slug='foo')

  		




  
  546
  
    
    Role.objects.create(name='tech', slug='bar')

  		




  
  547
  
    
    settings.LDAP_AUTH_SETTINGS = [{

  		




  
  548
  
    
        'url': [slapd.ldap_url],

  		




  
  549
  
    
        'basedn': u'o=ôrga',

  		




  
  550
  
    
        'use_tls': False,

  		




  
  551
  
    
        'create_group': True,

  		




  
  552
  
    
        'group_mapping': [

  		




  
  553
  
    
            [u'cn=group2,o=ôrga', ['Group2']],

  		




  
  554
  
    
        ],

  		




  
  555
  
    
        'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))',

  		




  
  556
  
    
        'set_mandatory_roles': ['tech'],

  		




  
  557
  
    
    }]

  		




  
  558
  
    

  		




  
  559
  
    
    list(ldap_backend.LDAPBackend.get_users())

  		




  
  560
  
    
    assert User.objects.first().roles.count() == 0

  		




  
  561
  
    

  		




  
  562
  
    

  		




  500
  563
  
    
@pytest.fixture

  		




  501
  564
  
    
def slapd_strict_acl(slapd):

  		




  502
  565
  
    
    # forbid modifications by user themselves

  		




  503
  
  
    
-