0001-ldap-add-method-to-deactivate-orphaned-users-6379.patch

Loïc Dachary, 18 mars 2021 13:36

Voir les différences: en ligne côte à côte

Subject: [PATCH] ldap: add method to deactivate orphaned users (#6379)

Fixes: https://dev.entrouvert.org/issues/6379

License: MIT

 src/authentic2/backends/ldap_backend.py | 20 ++++++++++++++++++++
 tests/test_ldap.py                      | 24 ++++++++++++++++++++++++
 2 files changed, 44 insertions(+)

                     data['dn'] = dn
                     yield backend._return_user(dn, None, conn, block, data)
         @classmethod
         def deactivate_orphaned_users(cls):
             for block in cls.get_config():
                 conn = cls.get_connection(block)
                 if conn is None:
                     continue
                 for eid in UserExternalId.objects.filter(user__is_active=True,
                                                          source=block['realm']):
                     inactive = True
                     for external_id_tuple in map_text(block['external_id_tuples']):
                         ldap_filter = cls.external_id_to_filter(eid.external_id, external_id_tuple)
                         results = conn.search_s(block['basedn'],
                                                 ldap.SCOPE_SUBTREE, ldap_filter)
                         results = cls.normalize_ldap_results(results)
                         if results:
                            inactive = False
                            break
                     if inactive:
                         eid.user.mark_as_inactive()
         @classmethod
         def ad_encoding(cls, s):
             '''Encode a string for AD consumption as a password'''

         assert 'password' not in client.session['ldap-data']
     def test_deactivate_orphaned_users(slapd, settings, client, db):
         settings.LDAP_AUTH_SETTINGS = [{
             'url': [slapd.ldap_url],
             'basedn': u'o=ôrga',
             'use_tls': False,
         }]
         # create users as a side effect
         list(ldap_backend.LDAPBackend.get_users())
         block = settings.LDAP_AUTH_SETTINGS[0]
         assert ldap_backend.UserExternalId.objects.filter(
             user__is_active=False, source=block['realm']).count() == 0
         conn = slapd.get_connection_admin()
         ldif = [(ldap.MOD_DELETE, 'uid', force_bytes(UID.upper()))]
         conn.modify_s(DN, ldif)
         ldap_backend.LDAPBackend.deactivate_orphaned_users()
         assert ldap_backend.UserExternalId.objects.filter(
             user__is_active=False, source=block['realm']).count() == 1
     @pytest.mark.django_db
     def test_simple_with_binddn(slapd, settings, client):
         settings.LDAP_AUTH_SETTINGS = [{
+    -

Projet

Général

Profil

Produits Entr'ouvert » Authentic 2

0001-ldap-add-method-to-deactivate-orphaned-users-6379.patch