Projet

Général

Profil

0001-ldap_backend-search-mandatory-roles-in-default-ou-wh.patch

Paul Marillonnet, 15 avril 2022 10:56

Télécharger (2,92 ko)

Voir les différences: 

Subject: [PATCH] ldap_backend: search mandatory roles in default ou when
 ambiguous (#63942)


 src/authentic2/backends/ldap_backend.py |  9 ++++++++-
 tests/test_ldap.py                      | 25 +++++++++++++++++++++++++
 2 files changed, 33 insertions(+), 1 deletion(-)
src/authentic2/backends/ldap_backend.py
981 981 
                except Role.DoesNotExist:
982 982 
                    error = 'role %r does not exist' % role_id
983 983 
                except Role.MultipleObjectsReturned:
984 
                    error = 'multiple objects returned, identifier is imprecise'
984 
                    default_ou = get_default_ou()
985 
                    kwargs.pop('ou', None)
986 
                    try:
987 
                        return Role.objects.get(name=slug, ou=default_ou, **kwargs), None
988 
                    except Role.DoesNotExist:
989 
                        error = 'multiple objects returned none of which belongs to default ou, identifier is imprecise'
990 
                    except Role.MultipleObjectsReturned:
991 
                        error = 'multiple objects returned, identifier is imprecise'
985 992 
            except Role.MultipleObjectsReturned:
986 993 
                error = 'multiple objects returned, identifier is imprecise'
987 994 
        else:
tests/test_ldap.py
2332 2332 
    assert len(caplog.records) == 6
2333 2333 
    assert all(record.levelname == 'ERROR' for record in caplog.records)
2334 2334 
    assert all('unable to build an external_id' in record.message for record in caplog.records)
2335 

  		




  
  2336
  
    

  		




  
  2337
  
    
def test_mandatory_roles_ambiguity_fallback_on_default_ou(db, rf, slapd, client, settings, caplog, ou1):

  		




  
  2338
  
    
    settings.LDAP_AUTH_SETTINGS = [

  		




  
  2339
  
    
        {

  		




  
  2340
  
    
            'url': [slapd.ldap_url],

  		




  
  2341
  
    
            'basedn': 'o=ôrga',

  		




  
  2342
  
    
            'use_tls': False,

  		




  
  2343
  
    
            'attributes': ['jpegPhoto'],

  		




  
  2344
  
    
            'set_mandatory_roles': ['Ambiguous role'],

  		




  
  2345
  
    
        }

  		




  
  2346
  
    
    ]

  		




  
  2347
  
    

  		




  
  2348
  
    
    default_ou = get_default_ou()

  		




  
  2349
  
    
    Role.objects.create(name='Ambiguous role', ou=default_ou)

  		




  
  2350
  
    
    Role.objects.create(name='Ambiguous role', ou=ou1)

  		




  
  2351
  
    
    result = client.post(

  		




  
  2352
  
    
        '/login/', {'login-password-submit': '1', 'username': USERNAME, 'password': PASS}, follow=True

  		




  
  2353
  
    
    )

  		




  
  2354
  
    
    assert result.status_code == 200

  		




  
  2355
  
    
    assert force_bytes('Étienne Michu') in result.content

  		




  
  2356
  
    
    assert User.objects.count() == 1

  		




  
  2357
  
    
    user = User.objects.get()

  		




  
  2358
  
    
    role = user.roles.get(name='Ambiguous role')

  		




  
  2359
  
    
    assert role.ou == default_ou

  		




  2335
  
  
    
-