0001-ldap-do-not-crash-if-password-change-is-not-allowed-.patch
| src/authentic2/backends/ldap_backend.py | ||
|---|---|---|
| 479 | 479 |
except ldap.STRONG_AUTH_REQUIRED: |
| 480 | 480 |
log.warning('ldap: set_password failed, STRONG_AUTH_REQUIRED')
|
| 481 | 481 |
return |
| 482 |
except (ldap.UNWILLING_TO_PERFORM, ldap.INSUFFICIENT_ACCESS): |
|
| 483 |
log.warning('ldap: set_password failed, password change not allowed')
|
|
| 484 |
return |
|
| 482 | 485 |
self._current_password = new_password |
| 483 | 486 |
self.keep_password_in_session(new_password) |
| 484 | 487 |
if self.block['keep_password']: |
| tests/test_ldap.py | ||
|---|---|---|
| 1247 | 1247 |
client.session.flush() |
| 1248 | 1248 | |
| 1249 | 1249 | |
| 1250 |
def test_set_password(slapd, settings, db): |
|
| 1250 |
def test_set_password(slapd, settings, db, caplog):
|
|
| 1251 | 1251 |
settings.LDAP_AUTH_SETTINGS = [ |
| 1252 | 1252 |
{
|
| 1253 | 1253 |
'url': [slapd.ldap_url], |
| ... | ... | |
| 1263 | 1263 |
user2 = authenticate(username='etienne.michu', password='àbon') |
| 1264 | 1264 |
assert user.pk == user2.pk |
| 1265 | 1265 | |
| 1266 |
with mock.patch( |
|
| 1267 |
'authentic2.backends.ldap_backend.LDAPBackend.modify_password', side_effect=ldap.UNWILLING_TO_PERFORM |
|
| 1268 |
): |
|
| 1269 |
user.set_password('passé')
|
|
| 1270 |
assert 'password change not allowed' in caplog.text |
|
| 1271 | ||
| 1266 | 1272 | |
| 1267 | 1273 |
def test_login_ppolicy_pwdMaxFailure(slapd_ppolicy, settings, db, app): |
| 1268 | 1274 |
settings.LDAP_AUTH_SETTINGS = [ |
| 1269 |
- |
|