0001-misc-set-unusable-password-on-federated-users-48136.patch
| src/authentic2/custom_user/migrations/0021_set_unusable_password.py | ||
|---|---|---|
| 1 |
# -*- coding: utf-8 -*- |
|
| 2 |
# Generated by Django 1.11.29 on 2020-11-02 21:52 |
|
| 3 |
from __future__ import unicode_literals |
|
| 4 | ||
| 5 | ||
| 6 |
from django.db import migrations |
|
| 7 |
from django.contrib.auth.models import AbstractUser |
|
| 8 | ||
| 9 | ||
| 10 |
def noop(apps, schema_editor): |
|
| 11 |
pass |
|
| 12 | ||
| 13 | ||
| 14 |
def set_unusable_password(apps, schema_editor): |
|
| 15 |
User = apps.get_model('custom_user', 'User')
|
|
| 16 |
for user in User.objects.filter(password=''): |
|
| 17 |
AbstractUser.set_unusable_password(user) |
|
| 18 |
user.save() |
|
| 19 | ||
| 20 | ||
| 21 |
class Migration(migrations.Migration): |
|
| 22 | ||
| 23 |
dependencies = [ |
|
| 24 |
('custom_user', '0020_deleteduser'),
|
|
| 25 |
] |
|
| 26 | ||
| 27 |
operations = [ |
|
| 28 |
migrations.RunPython(set_unusable_password, noop), |
|
| 29 |
] |
|
| src/authentic2_auth_fc/backends.py | ||
|---|---|---|
| 51 | 51 |
if not user and app_settings.create: |
| 52 | 52 |
User = get_user_model() |
| 53 | 53 |
user = User.objects.create(ou=get_default_ou()) |
| 54 |
user.set_unusable_password() |
|
| 54 | 55 |
try: |
| 55 | 56 |
models.FcAccount.objects.create( |
| 56 | 57 |
user=user, |
| src/authentic2_auth_oidc/backends.py | ||
|---|---|---|
| 241 | 241 |
pass |
| 242 | 242 |
if not user: |
| 243 | 243 |
user = User.objects.create(ou=provider.ou) |
| 244 |
user.set_unusable_password() |
|
| 244 | 245 |
created = True |
| 245 | 246 |
oidc_account, created = models.OIDCAccount.objects.get_or_create( |
| 246 | 247 |
provider=provider, |
| src/authentic2_auth_saml/adapters.py | ||
|---|---|---|
| 65 | 65 | |
| 66 | 66 |
class AuthenticAdapter(DefaultAdapter): |
| 67 | 67 |
def create_user(self, user_class): |
| 68 |
return user_class.objects.create() |
|
| 68 |
user = user_class() |
|
| 69 |
user.set_unusable_password() |
|
| 70 |
user.save() |
|
| 71 |
return user |
|
| 69 | 72 | |
| 70 | 73 |
def finish_create_user(self, idp, saml_attributes, user): |
| 71 | 74 |
try: |
| tests/auth_fc/test_auth_fc.py | ||
|---|---|---|
| 203 | 203 | |
| 204 | 204 | |
| 205 | 205 |
def test_no_password_with_fc_account_can_reset_password(app, db, mailoutbox): |
| 206 |
user = User.objects.create(email='john.doe@example.com') |
|
| 206 |
user = User(email='john.doe@example.com') |
|
| 207 |
user.set_unusable_password() |
|
| 208 |
user.save() |
|
| 207 | 209 |
# No FC account, forbidden to set a password |
| 208 | 210 |
response = app.get('/login/')
|
| 209 | 211 |
response = response.click('Reset it!').maybe_follow()
|
| tests/test_migrations.py | ||
|---|---|---|
| 16 | 16 | |
| 17 | 17 |
import mock |
| 18 | 18 | |
| 19 |
from django.contrib.auth.models import AbstractUser |
|
| 19 | 20 |
from django.db.utils import ProgrammingError |
| 20 | 21 | |
| 21 | 22 | |
| ... | ... | |
| 49 | 50 |
with mock.patch('django.db.backends.postgresql.schema.DatabaseSchemaEditor.execute') as mocked:
|
| 50 | 51 |
mocked.side_effect = programming_error |
| 51 | 52 |
migration.apply([('authentic2', '0028_trigram_unaccent_index')])
|
| 53 | ||
| 54 | ||
| 55 |
def test_migration_custom_user_0021_set_unusable_password(transactional_db, migration): |
|
| 56 |
old_apps = migration.before([('custom_user', '0020_deleteduser')])
|
|
| 57 | ||
| 58 |
User = old_apps.get_model('custom_user', 'User')
|
|
| 59 |
user = User.objects.create() |
|
| 60 |
assert user.password == '' |
|
| 61 | ||
| 62 |
new_apps = migration.apply([('custom_user', '0021_set_unusable_password')])
|
|
| 63 |
User = new_apps.get_model('custom_user', 'User')
|
|
| 64 |
user = User.objects.get() |
|
| 65 |
assert not AbstractUser.has_usable_password(user) |
|
| 52 |
- |
|