0001-ldap-do-not-crash-if-password-change-is-not-allowed-.patch
src/authentic2/backends/ldap_backend.py | ||
---|---|---|
479 | 479 |
except ldap.STRONG_AUTH_REQUIRED: |
480 | 480 |
log.warning('ldap: set_password failed, STRONG_AUTH_REQUIRED') |
481 | 481 |
return |
482 |
except (ldap.UNWILLING_TO_PERFORM, ldap.INSUFFICIENT_ACCESS): |
|
483 |
log.warning('ldap: set_password failed, password change not allowed') |
|
484 |
return |
|
482 | 485 |
self._current_password = new_password |
483 | 486 |
self.keep_password_in_session(new_password) |
484 | 487 |
if self.block['keep_password']: |
tests/test_ldap.py | ||
---|---|---|
1247 | 1247 |
client.session.flush() |
1248 | 1248 | |
1249 | 1249 | |
1250 |
def test_set_password(slapd, settings, db): |
|
1250 |
def test_set_password(slapd, settings, db, caplog):
|
|
1251 | 1251 |
settings.LDAP_AUTH_SETTINGS = [ |
1252 | 1252 |
{ |
1253 | 1253 |
'url': [slapd.ldap_url], |
... | ... | |
1263 | 1263 |
user2 = authenticate(username='etienne.michu', password='àbon') |
1264 | 1264 |
assert user.pk == user2.pk |
1265 | 1265 | |
1266 |
with mock.patch( |
|
1267 |
'authentic2.backends.ldap_backend.LDAPBackend.modify_password', side_effect=ldap.UNWILLING_TO_PERFORM |
|
1268 |
): |
|
1269 |
user.set_password('passé') |
|
1270 |
assert 'password change not allowed' in caplog.text |
|
1271 | ||
1266 | 1272 | |
1267 | 1273 |
def test_login_ppolicy_pwdMaxFailure(slapd_ppolicy, settings, db, app): |
1268 | 1274 |
settings.LDAP_AUTH_SETTINGS = [ |
1269 |
- |