2493 |
2493 |
user = User.objects.get()
|
2494 |
2494 |
role = user.roles.get(name='Ambiguous role')
|
2495 |
2495 |
assert role.ou == default_ou
|
|
2496 |
|
|
2497 |
|
|
2498 |
def test_authenticate_no_authentication(slapd, settings, client, db):
|
|
2499 |
settings.LDAP_AUTH_SETTINGS = [
|
|
2500 |
{
|
|
2501 |
'url': [slapd.ldap_url],
|
|
2502 |
'basedn': 'o=ôrga',
|
|
2503 |
'use_tls': False,
|
|
2504 |
'attributes': ['jpegPhoto'],
|
|
2505 |
'authentication': False,
|
|
2506 |
}
|
|
2507 |
]
|
|
2508 |
result = client.post(
|
|
2509 |
'/login/', {'login-password-submit': '1', 'username': USERNAME, 'password': PASS}, follow=True
|
|
2510 |
)
|
|
2511 |
assert result.status_code == 200
|
|
2512 |
assert force_bytes('Étienne Michu') not in result.content
|
|
2513 |
assert User.objects.count() == 0
|
|
2514 |
|
|
2515 |
|
|
2516 |
def test_get_users_no_sync_ldap_users(slapd, settings, db, monkeypatch, caplog):
|
|
2517 |
from django.contrib.auth.models import Group
|
|
2518 |
|
|
2519 |
settings.LDAP_AUTH_SETTINGS = [
|
|
2520 |
{
|
|
2521 |
'url': [slapd.ldap_url],
|
|
2522 |
'basedn': 'o=ôrga',
|
|
2523 |
'use_tls': False,
|
|
2524 |
'create_group': True,
|
|
2525 |
'group_mapping': [
|
|
2526 |
['cn=group2,o=ôrga', ['Group2']],
|
|
2527 |
],
|
|
2528 |
'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))',
|
|
2529 |
'group_to_role_mapping': [
|
|
2530 |
['cn=unknown,o=dn', ['Role2']],
|
|
2531 |
],
|
|
2532 |
'lookups': ['external_id', 'username'],
|
|
2533 |
'sync_ldap_users': False,
|
|
2534 |
}
|
|
2535 |
]
|
|
2536 |
assert Group.objects.count() == 0
|
|
2537 |
assert User.objects.count() == 0
|
|
2538 |
users = list(ldap_backend.LDAPBackend.get_users())
|
|
2539 |
assert len(users) == 0
|
|
2540 |
assert User.objects.count() == 0
|
|
2541 |
assert Group.objects.count() == 0
|
|
2542 |
|
|
2543 |
|
|
2544 |
def test_deactivate_orphaned_users_when_no_sync_ldap_users(slapd, settings, client, db, app, superuser):
|
|
2545 |
settings.LDAP_AUTH_SETTINGS = [
|
|
2546 |
{
|
|
2547 |
'url': [slapd.ldap_url],
|
|
2548 |
'basedn': 'o=ôrga',
|
|
2549 |
'use_tls': False,
|
|
2550 |
}
|
|
2551 |
]
|
|
2552 |
utils.login(app, superuser)
|
|
2553 |
|
|
2554 |
# create users as a side effect
|
|
2555 |
users = list(ldap_backend.LDAPBackend.get_users())
|
|
2556 |
block = settings.LDAP_AUTH_SETTINGS[0]
|
|
2557 |
assert (
|
|
2558 |
ldap_backend.UserExternalId.objects.filter(user__is_active=False, source=block['realm']).count() == 0
|
|
2559 |
)
|
|
2560 |
resp = app.get('/manage/users/%s/' % users[0].pk)
|
|
2561 |
assert 'Deactivated' not in resp.text
|
|
2562 |
|
|
2563 |
conn = slapd.get_connection_admin()
|
|
2564 |
conn.delete_s(DN)
|
|
2565 |
|
|
2566 |
settings.LDAP_AUTH_SETTINGS = [
|
|
2567 |
{
|
|
2568 |
'url': [slapd.ldap_url],
|
|
2569 |
'basedn': 'o=ôrga',
|
|
2570 |
'use_tls': False,
|
|
2571 |
'sync_ldap_users': False,
|
|
2572 |
}
|
|
2573 |
]
|
|
2574 |
|
|
2575 |
ldap_backend.LDAPBackend.deactivate_orphaned_users()
|
|
2576 |
|
|
2577 |
deactivated_user = ldap_backend.UserExternalId.objects.get(
|
|
2578 |
user__is_active=False,
|
|
2579 |
source=block['realm'],
|
|
2580 |
user__deactivation__isnull=False,
|
|
2581 |
user__deactivation_reason__startswith='ldap-',
|
|
2582 |
)
|
|
2583 |
utils.assert_event(
|
|
2584 |
'manager.user.deactivation',
|
|
2585 |
target_user=deactivated_user.user,
|
|
2586 |
reason='ldap-not-present',
|
|
2587 |
origin=slapd.ldap_url,
|
|
2588 |
)
|
|
2589 |
resp = app.get('/manage/users/%s/' % deactivated_user.user.pk)
|
|
2590 |
assert 'Deactivated' in resp.text
|
|
2591 |
assert 'associated LDAP account does not exist anymore' in resp.text
|
2496 |
|
-
|