Projet

Général

Profil

0001-ldap_backend-search-mandatory-roles-in-default-ou-wh.patch

Paul Marillonnet, 15 avril 2022 11:34

Télécharger (4,52 ko)

Voir les différences: 

Subject: [PATCH] ldap_backend: search mandatory roles in default ou when
 ambiguous (#63942)


 src/authentic2/backends/ldap_backend.py | 15 ++++++++
 tests/test_ldap.py                      | 50 +++++++++++++++++++++++++
 2 files changed, 65 insertions(+)
src/authentic2/backends/ldap_backend.py
973 973 
                except ValueError:
974 974 
                    pass
975 975 
        if slug:
976 
            default_ou = get_default_ou()
976 977 
            try:
977 978 
                return Role.objects.get(slug=slug, **kwargs), None
978 979 
            except Role.DoesNotExist:
......
982 983 
                    error = 'role %r does not exist' % role_id
983 984 
                except Role.MultipleObjectsReturned:
984 985 
                    error = 'multiple objects returned, identifier is imprecise'
986 
                    if 'ou__slug' not in kwargs:
987 
                        try:
988 
                            return Role.objects.get(name=slug, ou=default_ou, **kwargs), None
989 
                        except Role.DoesNotExist:
990 
                            error = 'multiple objects returned none of which belongs to default ou, role *name* is ambiguous'
991 
                        except Role.MultipleObjectsReturned:
992 
                            pass
985 993 
            except Role.MultipleObjectsReturned:
986 994 
                error = 'multiple objects returned, identifier is imprecise'
995 
                if 'ou__slug' not in kwargs:
996 
                    try:
997 
                        return Role.objects.get(slug=slug, ou=default_ou, **kwargs), None
998 
                    except Role.DoesNotExist:
999 
                        error = 'multiple objects returned none of which belongs to default ou, role *slug* is ambiguous'
1000 
                    except Role.MultipleObjectsReturned:
1001 
                        pass
987 1002 
        else:
988 1003 
            error = (
989 1004 
                'invalid role identifier must be slug, (slug, ou__slug) or (slug, ou__slug, service__slug)'
tests/test_ldap.py
2337 2337 
    assert len(caplog.records) == 6
2338 2338 
    assert all(record.levelname == 'ERROR' for record in caplog.records)
2339 2339 
    assert all('unable to build an external_id' in record.message for record in caplog.records)
2340 

  		




  
  2341
  
    

  		




  
  2342
  
    
def test_mandatory_role_slug_ambiguity_fallback_on_default_ou(db, rf, slapd, client, settings, caplog, ou1):

  		




  
  2343
  
    
    settings.LDAP_AUTH_SETTINGS = [

  		




  
  2344
  
    
        {

  		




  
  2345
  
    
            'url': [slapd.ldap_url],

  		




  
  2346
  
    
            'basedn': 'o=ôrga',

  		




  
  2347
  
    
            'use_tls': False,

  		




  
  2348
  
    
            'attributes': ['jpegPhoto'],

  		




  
  2349
  
    
            'set_mandatory_roles': ['ambiguous-role'],

  		




  
  2350
  
    
        }

  		




  
  2351
  
    
    ]

  		




  
  2352
  
    

  		




  
  2353
  
    
    default_ou = get_default_ou()

  		




  
  2354
  
    
    Role.objects.create(slug='ambiguous-role', ou=default_ou)

  		




  
  2355
  
    
    Role.objects.create(slug='ambiguous-role', ou=ou1)

  		




  
  2356
  
    
    result = client.post(

  		




  
  2357
  
    
        '/login/', {'login-password-submit': '1', 'username': USERNAME, 'password': PASS}, follow=True

  		




  
  2358
  
    
    )

  		




  
  2359
  
    
    assert result.status_code == 200

  		




  
  2360
  
    
    assert force_bytes('Étienne Michu') in result.content

  		




  
  2361
  
    
    assert User.objects.count() == 1

  		




  
  2362
  
    
    user = User.objects.get()

  		




  
  2363
  
    
    role = user.roles.get(slug='ambiguous-role')

  		




  
  2364
  
    
    assert role.ou == default_ou

  		




  
  2365
  
    

  		




  
  2366
  
    

  		




  
  2367
  
    
def test_mandatory_role_name_ambiguity_fallback_on_default_ou(db, rf, slapd, client, settings, caplog, ou1):

  		




  
  2368
  
    
    settings.LDAP_AUTH_SETTINGS = [

  		




  
  2369
  
    
        {

  		




  
  2370
  
    
            'url': [slapd.ldap_url],

  		




  
  2371
  
    
            'basedn': 'o=ôrga',

  		




  
  2372
  
    
            'use_tls': False,

  		




  
  2373
  
    
            'attributes': ['jpegPhoto'],

  		




  
  2374
  
    
            'set_mandatory_roles': ['Ambiguous role'],

  		




  
  2375
  
    
        }

  		




  
  2376
  
    
    ]

  		




  
  2377
  
    

  		




  
  2378
  
    
    default_ou = get_default_ou()

  		




  
  2379
  
    
    Role.objects.create(name='Ambiguous role', ou=default_ou)

  		




  
  2380
  
    
    Role.objects.create(name='Ambiguous role', ou=ou1)

  		




  
  2381
  
    
    result = client.post(

  		




  
  2382
  
    
        '/login/', {'login-password-submit': '1', 'username': USERNAME, 'password': PASS}, follow=True

  		




  
  2383
  
    
    )

  		




  
  2384
  
    
    assert result.status_code == 200

  		




  
  2385
  
    
    assert force_bytes('Étienne Michu') in result.content

  		




  
  2386
  
    
    assert User.objects.count() == 1

  		




  
  2387
  
    
    user = User.objects.get()

  		




  
  2388
  
    
    role = user.roles.get(name='Ambiguous role')

  		




  
  2389
  
    
    assert role.ou == default_ou

  		




  2340
  
  
    
-