Projet

Général

Profil

0001-ldap-add-an-enabled-option-60493.patch

Paul Marillonnet, 11 janvier 2022 11:24

Télécharger (2,8 ko)

Voir les différences: 

Subject: [PATCH 1/2] ldap: add an 'enabled' option (#60493)


 src/authentic2/backends/ldap_backend.py |  4 +++
 tests/test_ldap.py                      | 36 +++++++++++++++++++++++++
 2 files changed, 40 insertions(+)
src/authentic2/backends/ldap_backend.py
517 517 
        # https://www.python-ldap.org/en/python-ldap-3.3.0/reference/ldap.html#ldap-controls
518 518 
        'use_controls': False,
519 519 
        'ppolicy_dn': '',
520 
        # is the directory enabled? it can disabled e.g. for debugging purposes
521 
        'enabled': True,
520 522 
    }
521 523 
    _REQUIRED = ('url', 'basedn')
522 524 
    _TO_ITERABLE = ('url', 'groupsu', 'groupstaff', 'groupactive')
......
603 605 

  		




  604
  606
  
    
        # Now we can try to authenticate

  		




  605
  607
  
    
        for block in config:

  		




  
  608
  
    
            if not block.get('enabled', True):

  		




  
  609
  
    
                continue

  		




  606
  610
  
    
            uid = username

  		




  607
  611
  
    
            # if ou is provided, ignore LDAP server for other OU

  		




  608
  612
  
    
            if ou:

  		












  

    
      tests/test_ldap.py
    
  





  2208
  2208
  
    

  		




  2209
  2209
  
    
    assert 'Base ldapsearch command' not in ldap_config_text

  		




  2210
  2210
  
    
    assert 'Error while attempting to connect to LDAP server' in ldap_config_text

  		




  
  2211
  
    

  		




  
  2212
  
    

  		




  
  2213
  
    
def test_explicitely_enabled(slapd, settings, client, db):

  		




  
  2214
  
    
    settings.LDAP_AUTH_SETTINGS = [

  		




  
  2215
  
    
        {

  		




  
  2216
  
    
            'url': [slapd.ldap_url],

  		




  
  2217
  
    
            'basedn': 'o=ôrga',

  		




  
  2218
  
    
            'use_tls': False,

  		




  
  2219
  
    
            'attributes': ['jpegPhoto'],

  		




  
  2220
  
    
            'enabled': True,

  		




  
  2221
  
    
        }

  		




  
  2222
  
    
    ]

  		




  
  2223
  
    
    result = client.post(

  		




  
  2224
  
    
        '/login/', {'login-password-submit': '1', 'username': USERNAME, 'password': PASS}, follow=True

  		




  
  2225
  
    
    )

  		




  
  2226
  
    
    assert result.status_code == 200

  		




  
  2227
  
    
    assert force_bytes('Étienne Michu') in result.content

  		




  
  2228
  
    
    assert User.objects.count() == 1

  		




  
  2229
  
    

  		




  
  2230
  
    

  		




  
  2231
  
    
def test_disabled(slapd, settings, client, db):

  		




  
  2232
  
    
    settings.LDAP_AUTH_SETTINGS = [

  		




  
  2233
  
    
        {

  		




  
  2234
  
    
            'url': [slapd.ldap_url],

  		




  
  2235
  
    
            'basedn': 'o=ôrga',

  		




  
  2236
  
    
            'use_tls': False,

  		




  
  2237
  
    
            'attributes': ['jpegPhoto'],

  		




  
  2238
  
    
            'enabled': False,

  		




  
  2239
  
    
        }

  		




  
  2240
  
    
    ]

  		




  
  2241
  
    
    result = client.post(

  		




  
  2242
  
    
        '/login/', {'login-password-submit': '1', 'username': USERNAME, 'password': PASS}, follow=True

  		




  
  2243
  
    
    )

  		




  
  2244
  
    
    assert result.status_code == 200

  		




  
  2245
  
    
    assert force_bytes('Étienne Michu') not in result.content

  		




  
  2246
  
    
    assert User.objects.count() == 0

  		




  2211
  
  
    
-