0001-ldap-record-user-reactivation-in-journal-54170.patch
src/authentic2/backends/ldap_backend.py | ||
---|---|---|
1468 | 1468 |
return self._return_django_user(dn, username, password, conn, block, attributes) |
1469 | 1469 | |
1470 | 1470 |
def _return_django_user(self, dn, username, password, conn, block, attributes): |
1471 |
from authentic2.manager.journal_event_types import ManagerUserActivation |
|
1472 | ||
1471 | 1473 |
user = self.lookup_existing_user(username, block, attributes) |
1472 | 1474 |
if user: |
1473 | 1475 |
log.debug('found existing user %r', user) |
... | ... | |
1485 | 1487 | |
1486 | 1488 |
if not user.is_active and user.deactivation_reason and user.deactivation_reason.startswith('ldap-'): |
1487 | 1489 |
user.mark_as_active() |
1490 |
ldap_uri = conn.get_option(ldap.OPT_URI) |
|
1491 |
ManagerUserActivation.record(target_user=user, reason='ldap-reactivation', origin=ldap_uri) |
|
1488 | 1492 | |
1489 | 1493 |
user_login_success(user.get_username()) |
1490 | 1494 |
return user |
src/authentic2/manager/journal_event_types.py | ||
---|---|---|
187 | 187 |
label = _('user activation') |
188 | 188 | |
189 | 189 |
@classmethod |
190 |
def record(cls, user, session, target_user): |
|
191 |
super().record(user=user, session=session, references=[target_user]) |
|
190 |
def record(cls, target_user, user=None, session=None, origin=None, reason=None): |
|
191 |
data = {'origin': origin, 'reason': reason} |
|
192 |
super().record(user=user, session=session, references=[target_user], data=data) |
|
192 | 193 | |
193 | 194 |
@classmethod |
194 | 195 |
def get_message(cls, event, context): |
195 | 196 |
(user,) = event.get_typed_references(User) |
197 |
reason = event.get_data('reason') |
|
196 | 198 |
if context and context == user: |
197 |
return _('activation by administrator') |
|
199 |
if reason == 'ldap-reactivation': |
|
200 |
return _('automatic activation because the associated LDAP account reappeared') |
|
201 |
else: |
|
202 |
return _('activation by administrator') |
|
198 | 203 |
elif user: |
199 |
return _('activation of user "%s"') % user.get_full_name() |
|
204 |
if reason == 'ldap-reactivation': |
|
205 |
return ( |
|
206 |
_('automatic activation of user "%s" because the associated LDAP account reappeared') |
|
207 |
% user.get_full_name() |
|
208 |
) |
|
209 |
else: |
|
210 |
return _('activation of user "%s"') % user.get_full_name() |
|
200 | 211 |
return super().get_message(event, context) |
201 | 212 | |
202 | 213 |
tests/test_ldap.py | ||
---|---|---|
312 | 312 |
).count() |
313 | 313 |
== 1 |
314 | 314 |
) |
315 |
assert ( |
|
316 |
User.objects.filter( |
|
317 |
is_active=True, deactivation_reason__isnull=True, deactivation__isnull=True |
|
318 |
).count() |
|
319 |
== 4 |
|
315 |
reactivated_users = User.objects.filter( |
|
316 |
is_active=True, deactivation_reason__isnull=True, deactivation__isnull=True |
|
320 | 317 |
) |
318 |
assert reactivated_users.count() == 4 |
|
321 | 319 |
assert User.objects.filter(is_active=False).count() == 2 |
322 | 320 |
assert User.objects.count() == 6 |
323 | 321 | |
322 |
for user in reactivated_users: |
|
323 |
utils.assert_event( |
|
324 |
'manager.user.activation', |
|
325 |
target_user=user, |
|
326 |
reason='ldap-reactivation', |
|
327 |
origin=slapd.ldap_url, |
|
328 |
) |
|
329 | ||
324 | 330 | |
325 | 331 |
@pytest.mark.django_db |
326 | 332 |
def test_simple_with_binddn(slapd, settings, client): |
tests/test_manager_journal.py | ||
---|---|---|
261 | 261 |
target_user=user, |
262 | 262 |
reason='ldap-old-source', |
263 | 263 |
) |
264 |
make( |
|
265 |
'manager.user.activation', |
|
266 |
target_user=user, |
|
267 |
reason='ldap-reactivation', |
|
268 |
) |
|
264 | 269 | |
265 | 270 |
# verify we created at least one event for each type |
266 | 271 |
assert set(Event.objects.values_list("type__name", flat=True)) == set(_registry) |
... | ... | |
564 | 569 |
'user': '-', |
565 | 570 |
'message': 'automatic deactivation of user "Johnny doe" because the associated LDAP source has been deleted', |
566 | 571 |
}, |
572 |
{ |
|
573 |
'message': 'automatic activation of user "Johnny doe" because the associated LDAP account reappeared', |
|
574 |
'timestamp': 'Jan. 2, 2020, 7 p.m.', |
|
575 |
'type': 'manager.user.activation', |
|
576 |
'user': '-', |
|
577 |
}, |
|
567 | 578 |
] |
568 | 579 | |
569 | 580 | |
... | ... | |
761 | 772 |
'user': '-', |
762 | 773 |
'message': 'automatic deactivation because the associated LDAP source has been deleted', |
763 | 774 |
}, |
775 |
{ |
|
776 |
'message': 'automatic activation because the associated LDAP account reappeared', |
|
777 |
'timestamp': 'Jan. 2, 2020, 7 p.m.', |
|
778 |
'type': 'manager.user.activation', |
|
779 |
'user': '-', |
|
780 |
}, |
|
764 | 781 |
] |
765 | 782 | |
766 | 783 | |
767 |
- |