0001-journal_event_types-add-ldap-user-deactivation-52671.patch
| src/authentic2/backends/ldap_backend.py | ||
|---|---|---|
| 54 | 54 |
from authentic2.a2_rbac.utils import get_default_ou |
| 55 | 55 |
from authentic2.backends import is_user_authenticable |
| 56 | 56 |
from authentic2.compat_lasso import lasso |
| 57 |
from authentic2.journal_event_types import LdapUserDeactivation |
|
| 57 | 58 |
from authentic2.ldap_utils import FilterFormatter |
| 58 | 59 |
from authentic2.middleware import StoreRequestMiddleware |
| 59 | 60 |
from authentic2.models import UserExternalId |
| ... | ... | |
| 1511 | 1512 |
external_id__in=eids, user__is_active=True, source=block['realm'] |
| 1512 | 1513 |
): |
| 1513 | 1514 |
eid.user.mark_as_inactive() |
| 1515 |
LdapUserDeactivation.record(eid.user, 'not-present') |
|
| 1514 | 1516 |
# Handle users of old sources |
| 1515 | 1517 |
uei_qs = UserExternalId.objects.exclude(source__in=[block['realm'] for block in cls.get_config()]) |
| 1516 | 1518 |
for user in User.objects.filter(userexternalid__in=uei_qs): |
| 1517 | 1519 |
user.mark_as_inactive() |
| 1520 |
LdapUserDeactivation.record(user, 'old-source') |
|
| 1518 | 1521 | |
| 1519 | 1522 |
@classmethod |
| 1520 | 1523 |
def ad_encoding(cls, s): |
| src/authentic2/journal_event_types.py | ||
|---|---|---|
| 346 | 346 |
new_email = event.get_data('email')
|
| 347 | 347 |
old_email = event.get_data('old_email')
|
| 348 | 348 |
return _('email address changed from "{0}" to "{1}"').format(old_email, new_email)
|
| 349 | ||
| 350 | ||
| 351 |
class LdapUserDeactivation(EventTypeDefinition): |
|
| 352 |
name = 'ldap.user.deactivation' |
|
| 353 |
label = _('user deactivation')
|
|
| 354 | ||
| 355 |
@classmethod |
|
| 356 |
def record(cls, user, reason): |
|
| 357 |
super().record(user=user, data={'reason': reason})
|
|
| 358 | ||
| 359 |
@classmethod |
|
| 360 |
def get_message(cls, event, context): |
|
| 361 |
reason = event.get_data('reason')
|
|
| 362 |
if reason == 'not-present': |
|
| 363 |
return _('automatic deactivation because user was not present in LDAP anymore')
|
|
| 364 |
elif reason == 'old-source': |
|
| 365 |
return _('automatic deactivation because user was from an old LDAP source')
|
|
| 366 |
return super().get_message(event, context) |
|
| tests/test_ldap.py | ||
|---|---|---|
| 254 | 254 | |
| 255 | 255 |
ldap_backend.LDAPBackend.deactivate_orphaned_users() |
| 256 | 256 | |
| 257 |
assert ( |
|
| 258 |
ldap_backend.UserExternalId.objects.filter(user__is_active=False, source=block['realm']).count() == 1 |
|
| 259 |
) |
|
| 257 |
deactivated_user = ldap_backend.UserExternalId.objects.get(user__is_active=False, source=block['realm']) |
|
| 258 |
utils.assert_event('ldap.user.deactivation', user=deactivated_user.user, reason='not-present')
|
|
| 260 | 259 | |
| 261 | 260 |
# rename source realm |
| 262 | 261 |
settings.LDAP_AUTH_SETTINGS = [ |
| ... | ... | |
| 264 | 263 |
] |
| 265 | 264 | |
| 266 | 265 |
ldap_backend.LDAPBackend.deactivate_orphaned_users() |
| 267 |
assert (
|
|
| 268 |
ldap_backend.UserExternalId.objects.filter(user__is_active=False, source=block['realm']).count() == 6
|
|
| 266 |
deactivated_users = ldap_backend.UserExternalId.objects.filter(
|
|
| 267 |
user__is_active=False, source=block['realm']
|
|
| 269 | 268 |
) |
| 269 |
assert deactivated_users.count() == 6 |
|
| 270 |
for ldap_user in deactivated_users.exclude(pk=deactivated_user.pk): |
|
| 271 |
utils.assert_event('ldap.user.deactivation', user=ldap_user.user, reason='old-source')
|
|
| 270 | 272 | |
| 271 | 273 | |
| 272 | 274 |
@pytest.mark.django_db |
| 273 |
- |
|