Project

General

Profile

0001-ldap-use_controls-defaults-to-False-if-python-ldap-3.patch

Loïc Dachary, 08 April 2021 01:59 PM

Download (3.84 KB)

View differences:

Subject: [PATCH] ldap: use_controls defaults to False if python-ldap < 3.3.1
 (#52190)

Controls prior to python-ldap 3.3.1 are partially implemented because
exceptions do not report information about the controls that may have
triggered the error. To avoid an unexpected behavior, the default for
use_controls is modified to be False if python-ldap 3.3.1.

Tests are added for python-ldap 3.1.0 because it is the version
available in Debian GNU/Linux buster & bullseye.

Discussion: https://listes.entrouvert.com/arc/authentic/2021-03/msg00005.html
Fixes: https://dev.entrouvert.org/issues/52190

License: MIT
 src/authentic2/backends/ldap_backend.py | 13 ++++++++++++-
 tests/test_ldap.py                      | 10 ++++++++++
 tox.ini                                 |  2 ++
 3 files changed, 24 insertions(+), 1 deletion(-)
src/authentic2/backends/ldap_backend.py
35 35
import json
36 36
import logging
37 37
import os
38
from packaging.version import parse as version_parse
38 39
import random
39 40
import time
40 41
import urllib.parse
......
96 97

  
97 98
if PYTHON_LDAP3 is True:
98 99

  
100
    def ldap_implements_controls():
101
        #
102
        # prior to 3.3.1 controls are partially implemented: exceptions do not include
103
        # controls information
104
        #
105
        return version_parse(ldap.__version__) >= version_parse('3.3.1')
106

  
99 107
    class LDAPObject(NativeLDAPObject):
100 108
        def __init__(
101 109
            self,
......
181 189

  
182 190
elif PYTHON_LDAP3 is False:
183 191

  
192
    def ldap_implements_controls():
193
        return False
194

  
184 195
    class LDAPObject(NativeLDAPObject):
185 196
        def simple_bind_s(self, who='', cred='', serverctrls=None, clientctrls=None):
186 197
            who = force_bytes(who)
......
620 631
        # mapping from LDAP attributes to User attributes
621 632
        'user_attributes': [],
622 633
        # https://www.python-ldap.org/en/python-ldap-3.3.0/reference/ldap.html#ldap-controls
623
        'use_controls': True,
634
        'use_controls': ldap_implements_controls(),
624 635
    }
625 636
    _REQUIRED = ('url', 'basedn')
626 637
    _TO_ITERABLE = ('url', 'groupsu', 'groupstaff', 'groupactive')
tests/test_ldap.py
77 77

  
78 78
@pytest.fixture
79 79
def slapd_ppolicy():
80
    if ldap_backend.ldap_implements_controls() is False:
81
        pytest.skip("ldap does not implement controls")
80 82
    with create_slapd() as slapd:
81 83
        conn = slapd.get_connection_admin()
82 84
        assert conn.protocol_version == ldap.VERSION3
......
1653 1655
            }
1654 1656
        ],
1655 1657
    }
1658

  
1659

  
1660
def test_use_controls():
1661
    from packaging.version import parse as version_parse
1662
    if version_parse(ldap.__version__) >= version_parse('3.3.1'):
1663
        assert ldap_backend.LDAPBackend._DEFAULTS['use_controls'] is True
1664
    else:
1665
        assert ldap_backend.LDAPBackend._DEFAULTS['use_controls'] is False
tox.ini
19 19
  authentic-py3-dj111-drf34
20 20
  authentic-py3-dj111-drf39
21 21
  authentic-py3-dj22-drf39
22
  authentic-py3-dj22-drf39-pythonldap310
22 23

  
23 24
[testenv]
24 25
setenv =
......
78 79
  py3: django-filter<2.3
79 80
  drf34: djangorestframework>=3.4,<3.4.1
80 81
  drf39: djangorestframework>=3.9.2,<3.10
82
  pythonldap310: python-ldap==3.1.0
81 83
usedevelop = True
82 84
commands =
83 85
  py2: ./getlasso.sh
84
-