Projet

Général

Profil

0001-ldap-record-user-reactivation-in-journal-54170.patch

Valentin Deniaud, 25 mai 2021 15:35

Télécharger (5,75 ko)

Voir les différences: 

Subject: [PATCH] ldap: record user reactivation in journal (#54170)


 src/authentic2/backends/ldap_backend.py       |  4 ++++
 src/authentic2/manager/journal_event_types.py | 19 +++++++++++++++----
 tests/test_ldap.py                            | 16 +++++++++++-----
 tests/test_manager_journal.py                 | 17 +++++++++++++++++
 4 files changed, 47 insertions(+), 9 deletions(-)
src/authentic2/backends/ldap_backend.py
1468 1468 
        return self._return_django_user(dn, username, password, conn, block, attributes)
1469 1469 

  		




  1470
  1470
  
    
    def _return_django_user(self, dn, username, password, conn, block, attributes):

  		




  
  1471
  
    
        from authentic2.manager.journal_event_types import ManagerUserActivation

  		




  
  1472
  
    

  		




  1471
  1473
  
    
        user = self.lookup_existing_user(username, block, attributes)

  		




  1472
  1474
  
    
        if user:

  		




  1473
  1475
  
    
            log.debug('found existing user %r', user)

  		




  ......




  1485
  1487
  
    

  		




  1486
  1488
  
    
        if not user.is_active and user.deactivation_reason and user.deactivation_reason.startswith('ldap-'):

  		




  1487
  1489
  
    
            user.mark_as_active()

  		




  
  1490
  
    
            ldap_uri = conn.get_option(ldap.OPT_URI)

  		




  
  1491
  
    
            ManagerUserActivation.record(target_user=user, reason='ldap-reactivation', origin=ldap_uri)

  		




  1488
  1492
  
    

  		




  1489
  1493
  
    
        user_login_success(user.get_username())

  		




  1490
  1494
  
    
        return user

  		












  

    
      src/authentic2/manager/journal_event_types.py
    
  





  187
  187
  
    
    label = _('user activation')

  		




  188
  188
  
    

  		




  189
  189
  
    
    @classmethod

  		




  190
  
  
    
    def record(cls, user, session, target_user):

  		




  191
  
  
    
        super().record(user=user, session=session, references=[target_user])

  		




  
  190
  
    
    def record(cls, target_user, user=None, session=None, origin=None, reason=None):

  		




  
  191
  
    
        data = {'origin': origin, 'reason': reason}

  		




  
  192
  
    
        super().record(user=user, session=session, references=[target_user], data=data)

  		




  192
  193
  
    

  		




  193
  194
  
    
    @classmethod

  		




  194
  195
  
    
    def get_message(cls, event, context):

  		




  195
  196
  
    
        (user,) = event.get_typed_references(User)

  		




  
  197
  
    
        reason = event.get_data('reason')

  		




  196
  198
  
    
        if context and context == user:

  		




  197
  
  
    
            return _('activation by administrator')

  		




  
  199
  
    
            if reason == 'ldap-reactivation':

  		




  
  200
  
    
                return _('automatic activation because the associated LDAP account reappeared')

  		




  
  201
  
    
            else:

  		




  
  202
  
    
                return _('activation by administrator')

  		




  198
  203
  
    
        elif user:

  		




  199
  
  
    
            return _('activation of user "%s"') % user.get_full_name()

  		




  
  204
  
    
            if reason == 'ldap-reactivation':

  		




  
  205
  
    
                return (

  		




  
  206
  
    
                    _('automatic activation of user "%s" because the associated LDAP account reappeared')

  		




  
  207
  
    
                    % user.get_full_name()

  		




  
  208
  
    
                )

  		




  
  209
  
    
            else:

  		




  
  210
  
    
                return _('activation of user "%s"') % user.get_full_name()

  		




  200
  211
  
    
        return super().get_message(event, context)

  		




  201
  212
  
    

  		




  202
  213
  
    

  		












  

    
      tests/test_ldap.py
    
  





  312
  312
  
    
        ).count()

  		




  313
  313
  
    
        == 1

  		




  314
  314
  
    
    )

  		




  315
  
  
    
    assert (

  		




  316
  
  
    
        User.objects.filter(

  		




  317
  
  
    
            is_active=True, deactivation_reason__isnull=True, deactivation__isnull=True

  		




  318
  
  
    
        ).count()

  		




  319
  
  
    
        == 4

  		




  
  315
  
    
    reactivated_users = User.objects.filter(

  		




  
  316
  
    
        is_active=True, deactivation_reason__isnull=True, deactivation__isnull=True

  		




  320
  317
  
    
    )

  		




  
  318
  
    
    assert reactivated_users.count() == 4

  		




  321
  319
  
    
    assert User.objects.filter(is_active=False).count() == 2

  		




  322
  320
  
    
    assert User.objects.count() == 6

  		




  323
  321
  
    

  		




  
  322
  
    
    for user in reactivated_users:

  		




  
  323
  
    
        utils.assert_event(

  		




  
  324
  
    
            'manager.user.activation',

  		




  
  325
  
    
            target_user=user,

  		




  
  326
  
    
            reason='ldap-reactivation',

  		




  
  327
  
    
            origin=slapd.ldap_url,

  		




  
  328
  
    
        )

  		




  
  329
  
    

  		




  324
  330
  
    

  		




  325
  331
  
    
@pytest.mark.django_db

  		




  326
  332
  
    
def test_simple_with_binddn(slapd, settings, client):

  		












  

    
      tests/test_manager_journal.py
    
  





  261
  261
  
    
        target_user=user,

  		




  262
  262
  
    
        reason='ldap-old-source',

  		




  263
  263
  
    
    )

  		




  
  264
  
    
    make(

  		




  
  265
  
    
        'manager.user.activation',

  		




  
  266
  
    
        target_user=user,

  		




  
  267
  
    
        reason='ldap-reactivation',

  		




  
  268
  
    
    )

  		




  264
  269
  
    

  		




  265
  270
  
    
    # verify we created at least one event for each type

  		




  266
  271
  
    
    assert set(Event.objects.values_list("type__name", flat=True)) == set(_registry)

  		




  ......




  564
  569
  
    
            'user': '-',

  		




  565
  570
  
    
            'message': 'automatic deactivation of user "Johnny doe" because the associated LDAP source has been deleted',

  		




  566
  571
  
    
        },

  		




  
  572
  
    
        {

  		




  
  573
  
    
            'message': 'automatic activation of user "Johnny doe" because the associated LDAP account reappeared',

  		




  
  574
  
    
            'timestamp': 'Jan. 2, 2020, 7 p.m.',

  		




  
  575
  
    
            'type': 'manager.user.activation',

  		




  
  576
  
    
            'user': '-',

  		




  
  577
  
    
        },

  		




  567
  578
  
    
    ]

  		




  568
  579
  
    

  		




  569
  580
  
    

  		




  ......




  761
  772
  
    
            'user': '-',

  		




  762
  773
  
    
            'message': 'automatic deactivation because the associated LDAP source has been deleted',

  		




  763
  774
  
    
        },

  		




  
  775
  
    
        {

  		




  
  776
  
    
            'message': 'automatic activation because the associated LDAP account reappeared',

  		




  
  777
  
    
            'timestamp': 'Jan. 2, 2020, 7 p.m.',

  		




  
  778
  
    
            'type': 'manager.user.activation',

  		




  
  779
  
    
            'user': '-',

  		




  
  780
  
    
        },

  		




  764
  781
  
    
    ]

  		




  765
  782
  
    

  		




  766
  783
  
    

  		




  767
  
  
    
-