0001-journal_event_types-add-ldap-user-deactivation-52671.patch
src/authentic2/backends/ldap_backend.py | ||
---|---|---|
54 | 54 |
from authentic2.a2_rbac.utils import get_default_ou |
55 | 55 |
from authentic2.backends import is_user_authenticable |
56 | 56 |
from authentic2.compat_lasso import lasso |
57 |
from authentic2.journal_event_types import LdapUserDeactivation |
|
57 | 58 |
from authentic2.ldap_utils import FilterFormatter |
58 | 59 |
from authentic2.middleware import StoreRequestMiddleware |
59 | 60 |
from authentic2.models import UserExternalId |
... | ... | |
1511 | 1512 |
external_id__in=eids, user__is_active=True, source=block['realm'] |
1512 | 1513 |
): |
1513 | 1514 |
eid.user.mark_as_inactive() |
1515 |
LdapUserDeactivation.record(eid.user, 'not-present') |
|
1514 | 1516 |
# Handle users of old sources |
1515 | 1517 |
uei_qs = UserExternalId.objects.exclude(source__in=[block['realm'] for block in cls.get_config()]) |
1516 | 1518 |
for user in User.objects.filter(userexternalid__in=uei_qs): |
1517 | 1519 |
user.mark_as_inactive() |
1520 |
LdapUserDeactivation.record(user, 'old-source') |
|
1518 | 1521 | |
1519 | 1522 |
@classmethod |
1520 | 1523 |
def ad_encoding(cls, s): |
src/authentic2/journal_event_types.py | ||
---|---|---|
346 | 346 |
new_email = event.get_data('email') |
347 | 347 |
old_email = event.get_data('old_email') |
348 | 348 |
return _('email address changed from "{0}" to "{1}"').format(old_email, new_email) |
349 | ||
350 | ||
351 |
class LdapUserDeactivation(EventTypeDefinition): |
|
352 |
name = 'ldap.user.deactivation' |
|
353 |
label = _('user deactivation') |
|
354 | ||
355 |
@classmethod |
|
356 |
def record(cls, user, reason): |
|
357 |
super().record(user=user, data={'reason': reason}) |
|
358 | ||
359 |
@classmethod |
|
360 |
def get_message(cls, event, context): |
|
361 |
reason = event.get_data('reason') |
|
362 |
if reason == 'not-present': |
|
363 |
return _('automatic deactivation because user was not present in LDAP anymore') |
|
364 |
elif reason == 'old-source': |
|
365 |
return _('automatic deactivation because user was from an old LDAP source') |
|
366 |
return super().get_message(event, context) |
tests/test_ldap.py | ||
---|---|---|
254 | 254 | |
255 | 255 |
ldap_backend.LDAPBackend.deactivate_orphaned_users() |
256 | 256 | |
257 |
assert ( |
|
258 |
ldap_backend.UserExternalId.objects.filter(user__is_active=False, source=block['realm']).count() == 1 |
|
259 |
) |
|
257 |
deactivated_user = ldap_backend.UserExternalId.objects.get(user__is_active=False, source=block['realm']) |
|
258 |
utils.assert_event('ldap.user.deactivation', user=deactivated_user.user, reason='not-present') |
|
260 | 259 | |
261 | 260 |
# rename source realm |
262 | 261 |
settings.LDAP_AUTH_SETTINGS = [ |
... | ... | |
264 | 263 |
] |
265 | 264 | |
266 | 265 |
ldap_backend.LDAPBackend.deactivate_orphaned_users() |
267 |
assert (
|
|
268 |
ldap_backend.UserExternalId.objects.filter(user__is_active=False, source=block['realm']).count() == 6
|
|
266 |
deactivated_users = ldap_backend.UserExternalId.objects.filter(
|
|
267 |
user__is_active=False, source=block['realm']
|
|
269 | 268 |
) |
269 |
assert deactivated_users.count() == 6 |
|
270 |
for ldap_user in deactivated_users.exclude(pk=deactivated_user.pk): |
|
271 |
utils.assert_event('ldap.user.deactivation', user=ldap_user.user, reason='old-source') |
|
270 | 272 | |
271 | 273 | |
272 | 274 |
@pytest.mark.django_db |
273 |
- |