0001-ldap_backend-search-mandatory-roles-in-default-ou-wh.patch
src/authentic2/backends/ldap_backend.py | ||
---|---|---|
981 | 981 |
except Role.DoesNotExist: |
982 | 982 |
error = 'role %r does not exist' % role_id |
983 | 983 |
except Role.MultipleObjectsReturned: |
984 |
error = 'multiple objects returned, identifier is imprecise' |
|
984 |
default_ou = get_default_ou() |
|
985 |
kwargs.pop('ou', None) |
|
986 |
try: |
|
987 |
return Role.objects.get(name=slug, ou=default_ou, **kwargs), None |
|
988 |
except Role.DoesNotExist: |
|
989 |
error = 'multiple objects returned none of which belongs to default ou, identifier is imprecise' |
|
990 |
except Role.MultipleObjectsReturned: |
|
991 |
error = 'multiple objects returned, identifier is imprecise' |
|
985 | 992 |
except Role.MultipleObjectsReturned: |
986 | 993 |
error = 'multiple objects returned, identifier is imprecise' |
987 | 994 |
else: |
tests/test_ldap.py | ||
---|---|---|
2332 | 2332 |
assert len(caplog.records) == 6 |
2333 | 2333 |
assert all(record.levelname == 'ERROR' for record in caplog.records) |
2334 | 2334 |
assert all('unable to build an external_id' in record.message for record in caplog.records) |
2335 | ||
2336 | ||
2337 |
def test_mandatory_roles_ambiguity_fallback_on_default_ou(db, rf, slapd, client, settings, caplog, ou1): |
|
2338 |
settings.LDAP_AUTH_SETTINGS = [ |
|
2339 |
{ |
|
2340 |
'url': [slapd.ldap_url], |
|
2341 |
'basedn': 'o=ôrga', |
|
2342 |
'use_tls': False, |
|
2343 |
'attributes': ['jpegPhoto'], |
|
2344 |
'set_mandatory_roles': ['Ambiguous role'], |
|
2345 |
} |
|
2346 |
] |
|
2347 | ||
2348 |
default_ou = get_default_ou() |
|
2349 |
Role.objects.create(name='Ambiguous role', ou=default_ou) |
|
2350 |
Role.objects.create(name='Ambiguous role', ou=ou1) |
|
2351 |
result = client.post( |
|
2352 |
'/login/', {'login-password-submit': '1', 'username': USERNAME, 'password': PASS}, follow=True |
|
2353 |
) |
|
2354 |
assert result.status_code == 200 |
|
2355 |
assert force_bytes('Étienne Michu') in result.content |
|
2356 |
assert User.objects.count() == 1 |
|
2357 |
user = User.objects.get() |
|
2358 |
role = user.roles.get(name='Ambiguous role') |
|
2359 |
assert role.ou == default_ou |
|
2335 |
- |