Projet

Général

Profil

0001-ldap-do-not-fail-if-Role.MultipleObjectsReturned-is-.patch

Lauréline Guérin, 30 janvier 2020 11:16

Télécharger (4,19 ko)

Voir les différences: 

Subject: [PATCH] ldap: do not fail if Role.MultipleObjectsReturned is raised
 (#39274)


 src/authentic2/backends/ldap_backend.py |  2 +
 tests/test_ldap.py                      | 69 +++++++++++++++++++++++++
 2 files changed, 71 insertions(+)
src/authentic2/backends/ldap_backend.py
855 855 
                    return Role.objects.get(name=slug, **kwargs), None
856 856 
                except Role.DoesNotExist:
857 857 
                    error = ('role %r does not exist' % role_id)
858 
                except Role.MultipleObjectsReturned:
859 
                    error = 'multiple objects returned, identifier is imprecise'
858 860 
            except Role.MultipleObjectsReturned:
859 861 
                error = 'multiple objects returned, identifier is imprecise'
860 862 
        else:
tests/test_ldap.py
32 32 
from django.utils import timezone
33 33 
from django.utils.six.moves.urllib import parse as urlparse
34 34 

  		




  
  35
  
    
from authentic2.models import Service

  		




  35
  36
  
    
from authentic2.a2_rbac.utils import get_default_ou

  		




  36
  37
  
    
from django_rbac.utils import get_ou_model

  		




  37
  38
  
    
from authentic2.backends import ldap_backend

  		




  ......




  497
  498
  
    
    assert User.objects.first().roles.count() == 0

  		




  498
  499
  
    

  		




  499
  500
  
    

  		




  
  501
  
    
def test_from_slug_set_mandatory_roles(slapd, settings, db):

  		




  
  502
  
    
    from authentic2.a2_rbac.models import Role

  		




  
  503
  
    

  		




  
  504
  
    
    Role.objects.get_or_create(name='Tech', slug='tech')

  		




  
  505
  
    
    Role.objects.get_or_create(name='Admin', slug='admin')

  		




  
  506
  
    
    settings.LDAP_AUTH_SETTINGS = [{

  		




  
  507
  
    
        'url': [slapd.ldap_url],

  		




  
  508
  
    
        'basedn': u'o=ôrga',

  		




  
  509
  
    
        'use_tls': False,

  		




  
  510
  
    
        'create_group': True,

  		




  
  511
  
    
        'group_mapping': [

  		




  
  512
  
    
            [u'cn=group2,o=ôrga', ['Group2']],

  		




  
  513
  
    
        ],

  		




  
  514
  
    
        'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))',

  		




  
  515
  
    
        'set_mandatory_roles': ['tech', 'admin'],

  		




  
  516
  
    
    }]

  		




  
  517
  
    

  		




  
  518
  
    
    list(ldap_backend.LDAPBackend.get_users())

  		




  
  519
  
    
    assert User.objects.first().roles.count() == 2

  		




  
  520
  
    

  		




  
  521
  
    

  		




  
  522
  
    
def test_multiple_slug_set_mandatory_roles(slapd, settings, db):

  		




  
  523
  
    
    from authentic2.a2_rbac.models import Role

  		




  
  524
  
    

  		




  
  525
  
    
    service1 = Service.objects.create(name='s1', slug='s1')

  		




  
  526
  
    
    service2 = Service.objects.create(name='s2', slug='s2')

  		




  
  527
  
    
    Role.objects.create(name='foo', slug='tech', service=service1)

  		




  
  528
  
    
    Role.objects.create(name='bar', slug='tech', service=service2)

  		




  
  529
  
    
    settings.LDAP_AUTH_SETTINGS = [{

  		




  
  530
  
    
        'url': [slapd.ldap_url],

  		




  
  531
  
    
        'basedn': u'o=ôrga',

  		




  
  532
  
    
        'use_tls': False,

  		




  
  533
  
    
        'create_group': True,

  		




  
  534
  
    
        'group_mapping': [

  		




  
  535
  
    
            [u'cn=group2,o=ôrga', ['Group2']],

  		




  
  536
  
    
        ],

  		




  
  537
  
    
        'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))',

  		




  
  538
  
    
        'set_mandatory_roles': ['tech'],

  		




  
  539
  
    
    }]

  		




  
  540
  
    

  		




  
  541
  
    
    list(ldap_backend.LDAPBackend.get_users())

  		




  
  542
  
    
    assert User.objects.first().roles.count() == 0

  		




  
  543
  
    

  		




  
  544
  
    

  		




  
  545
  
    
def test_multiple_name_set_mandatory_roles(slapd, settings, db):

  		




  
  546
  
    
    from authentic2.a2_rbac.models import Role

  		




  
  547
  
    

  		




  
  548
  
    
    OU = get_ou_model()

  		




  
  549
  
    
    ou1 = OU.objects.create(name='test1', slug='test1')

  		




  
  550
  
    
    ou2 = OU.objects.create(name='test2', slug='test2')

  		




  
  551
  
    
    Role.objects.create(name='tech', slug='foo', ou=ou1)

  		




  
  552
  
    
    Role.objects.create(name='tech', slug='bar', ou=ou2)

  		




  
  553
  
    
    settings.LDAP_AUTH_SETTINGS = [{

  		




  
  554
  
    
        'url': [slapd.ldap_url],

  		




  
  555
  
    
        'basedn': u'o=ôrga',

  		




  
  556
  
    
        'use_tls': False,

  		




  
  557
  
    
        'create_group': True,

  		




  
  558
  
    
        'group_mapping': [

  		




  
  559
  
    
            [u'cn=group2,o=ôrga', ['Group2']],

  		




  
  560
  
    
        ],

  		




  
  561
  
    
        'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))',

  		




  
  562
  
    
        'set_mandatory_roles': ['tech'],

  		




  
  563
  
    
    }]

  		




  
  564
  
    

  		




  
  565
  
    
    list(ldap_backend.LDAPBackend.get_users())

  		




  
  566
  
    
    assert User.objects.first().roles.count() == 0

  		




  
  567
  
    

  		




  
  568
  
    

  		




  500
  569
  
    
@pytest.fixture

  		




  501
  570
  
    
def slapd_strict_acl(slapd):

  		




  502
  571
  
    
    # forbid modifications by user themselves

  		




  503
  
  
    
-