0001-a2_rbac-disable-required-attributes-check-at-OU-leve.patch
src/authentic2/a2_rbac/migrations/0026_organizationalunit_check_required_on_login_attributes.py | ||
---|---|---|
1 |
# Generated by Django 2.2.19 on 2021-12-02 10:11 |
|
2 | ||
3 |
from django.db import migrations, models |
|
4 | ||
5 | ||
6 |
class Migration(migrations.Migration): |
|
7 | ||
8 |
dependencies = [ |
|
9 |
('a2_rbac', '0025_auto_20210622_1132'), |
|
10 |
] |
|
11 | ||
12 |
operations = [ |
|
13 |
migrations.AddField( |
|
14 |
model_name='organizationalunit', |
|
15 |
name='check_required_on_login_attributes', |
|
16 |
field=models.BooleanField( |
|
17 |
blank=True, default=True, verbose_name='Check required on login attributes' |
|
18 |
), |
|
19 |
), |
|
20 |
] |
src/authentic2/a2_rbac/models.py | ||
---|---|---|
73 | 73 | |
74 | 74 |
show_username = models.BooleanField(blank=True, default=True, verbose_name=_('Show username')) |
75 | 75 | |
76 |
check_required_on_login_attributes = models.BooleanField( |
|
77 |
blank=True, default=True, verbose_name=_('Check required on login attributes') |
|
78 |
) |
|
79 | ||
76 | 80 |
admin_perms = GenericRelation('Permission', content_type_field='target_ct', object_id_field='target_id') |
77 | 81 | |
78 | 82 |
user_can_reset_password = models.NullBooleanField( |
src/authentic2/manager/forms.py | ||
---|---|---|
629 | 629 |
'email_is_unique', |
630 | 630 |
'validate_emails', |
631 | 631 |
'show_username', |
632 |
'check_required_on_login_attributes', |
|
632 | 633 |
'user_can_reset_password', |
633 | 634 |
'user_add_password_policy', |
634 | 635 |
'clean_unused_accounts_alert', |
src/authentic2/middleware.py | ||
---|---|---|
152 | 152 |
if user.is_superuser: |
153 | 153 |
return None |
154 | 154 | |
155 |
if user.ou and not user.ou.check_required_on_login_attributes: |
|
156 |
return None |
|
157 | ||
155 | 158 |
missing = user.get_missing_required_on_login_attributes() |
156 | 159 |
if missing: |
157 | 160 |
return 'profile_required_edit' |
tests/middlewares/test_required_on_login_restriction.py | ||
---|---|---|
34 | 34 |
resp = resp.follow() |
35 | 35 |
assert 'A2_OPENED_SESSION' in app.cookies |
36 | 36 |
assert 'les conditions générales d\'utilisation\xa0:\nTrue' in resp.pyquery.text() |
37 | ||
38 | ||
39 |
def test_superuser(app_factory, db, cgu_attribute, settings, superuser): |
|
40 |
app = app_factory('example.com') |
|
41 |
settings.A2_OPENED_SESSION_COOKIE_DOMAIN = 'example.com' |
|
42 |
settings.ALLOWED_HOSTS = ['example.com'] |
|
43 | ||
44 |
resp = login(app, superuser, path='/accounts/') |
|
45 |
assert 'Your account' in resp.text |
|
46 | ||
47 | ||
48 |
def test_check_disabled_at_ou_level(app_factory, db, cgu_attribute, settings, simple_user): |
|
49 |
app = app_factory('example.com') |
|
50 |
settings.A2_OPENED_SESSION_COOKIE_DOMAIN = 'example.com' |
|
51 |
settings.ALLOWED_HOSTS = ['example.com'] |
|
52 | ||
53 |
simple_user.ou.check_required_on_login_attributes = False |
|
54 |
simple_user.ou.save() |
|
55 | ||
56 |
resp = login(app, simple_user, path='/accounts/') |
|
57 |
assert 'Your account' in resp.text |
|
37 |
- |