0001-ldap-remove-check-hostname-option-69470.patch
passerelle/apps/ldap/migrations/0002_remove_resource_ldap_tls_check_hostname.py | ||
---|---|---|
1 |
# Generated by Django 2.2.26 on 2022-09-22 23:48 |
|
2 | ||
3 |
from django.db import migrations |
|
4 | ||
5 | ||
6 |
class Migration(migrations.Migration): |
|
7 | ||
8 |
dependencies = [ |
|
9 |
('ldap', '0001_initial'), |
|
10 |
] |
|
11 | ||
12 |
operations = [ |
|
13 |
migrations.RemoveField( |
|
14 |
model_name='resource', |
|
15 |
name='ldap_tls_check_hostname', |
|
16 |
), |
|
17 |
] |
passerelle/apps/ldap/models.py | ||
---|---|---|
66 | 66 |
blank=True, |
67 | 67 |
validators=[forms.validate_certificate], |
68 | 68 |
) |
69 |
ldap_tls_check_hostname = models.BooleanField( |
|
70 |
verbose_name=_('TLS check hostname'), |
|
71 |
default=True, |
|
72 |
blank=True, |
|
73 |
) |
|
74 | 69 |
ldap_tls_check_cert = models.BooleanField( |
75 | 70 |
verbose_name=_('TLS check certificate'), |
76 | 71 |
default=True, |
... | ... | |
123 | 118 |
conn = ldap.initialize(self.ldap_url) |
124 | 119 |
conn.set_option(ldap.OPT_TIMEOUT, 5) |
125 | 120 |
conn.set_option(ldap.OPT_NETWORK_TIMEOUT, 5) |
126 |
if self.ldap_tls_check_hostname: |
|
127 |
conn.set_option(ldap.OPT_X_TLS_REQUIRE_SAN, ldap.OPT_X_TLS_DEMAND) |
|
128 |
else: |
|
129 |
conn.set_option(ldap.OPT_X_TLS_REQUIRE_SAN, ldap.OPT_X_TLS_NEVER) |
|
130 | 121 |
if self.ldap_tls_check_cert: |
131 | 122 |
conn.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND) |
132 | 123 |
else: |
tests/ldap/test_manager.py | ||
---|---|---|
118 | 118 |
'content': 'LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRRGpHd3VmYm5LSzIxdU8KVGx0d3E5allqek0rSzh2cGhhZll3bUtacEJCSTNNTEQvdzg2WlU4dVl3aHZlVnhtUEowVkZwMzVGUEZsK2U2OApJSW11Y2FzYnVFNndrMTZkTXN0VFM2QTMvSkRYenIxd3pUdHIyMk5MTXZzMExQMGZVMGdyWDVCd0d4TVRGenZ0CjA1YW5CWWoxT09waGhFdjdON0hlYVh4eDJweERzRkJSREVDOERoUlRyY016WWI3azdkMFR1WHk2L0lGUlRlUmIKK3lFZktGL0I1WTFjN3doZGNpTzhOODlpUTZ5TnpwNmZhUVV5djZ3UTFKUXFCOE1xUFA5VE9ySkxzc0Z2aTJRawpBdGt6eEEvbnBWNUFBYlVsa1hZbmIvTFZHb0Y4Z1pFZ1NSaWhvZHlQcFFCTmxyWEZ4bU15NXN2UGVpMUUxaHhGCmNva3hoWVp0QWdNQkFBRUNnZ0VBT1VaSTJCeHlwckpMbE1nT0o0d3ZVKzVKYmhSOWlKYzhqVjM0bitiUWRJKzQKVHRXMGNYVzdVbWVIYVJXaVIrWmhkMEFNOXhSaERPYkxYb2FXTW5oWVB0VnNndnVua04yT2lhTTQ5T1d0WWIreAo1eERiTzRoSXNsNVpHLzk4bHJuYUtaWWdSeVdNMmZPeUdYaVROZXdmYmppOFkzdUo3Z0ZOeWxtd0dNYVpRamhyCllOYXFORVY3VnMybjdvRVJ4cXpLRzk5NDdvQkF4MmhwbW9hVzZlTXlYY1dsMm92N2lIcEpTS1VCS2hvKzVQV2MKSjczMW5vME9zR3VTKzNqSGEvMG5aWHJUOG5LbWVteURNZFNmV210VHY2NTlML2d1RkluWnBIUGZGVkxmNTZ2YwpKNnpiL0l6RUpWK05oN0NmQnNNYkhsVFlCZVVGbFJXc3k5dDcwK09ad1FLQmdRRDNKNGFWTjR2SmhYWDF6RGdMCmRWQWN6d0xHS1hZMzhCb0JqT2VSdFZoWEhzNXAvZU5JcWVaMlliWXdCQnkzbkw0MTRVbjdncWI5ZkR0ZzBpM24KNW1RSU9XaHZwSVlVeHR3SVBnWXd6dW14eHAvbjdYZFU0QlBEYnhlalp4a3VDN0FSNWJCMzRwd0pBSnZXUkdFZgowWDFUeEpscVVMaGlaNmcxOE8zUzBvaUp0d0tCZ1FEck85Uk9hajZra3hqWUhtbGpCWklYWGhkS0RjbjBBcVBpCncyMEFhYWZ4MG94TlFBb3E4R3R1MjJaMVFId1JkQmVVSndxQ2JtSFZDQ3diTWYvNTY4ekZBQU51VDliS01lNlgKSjBwMG5URGl5bjh3OU1mZHVGdUc0Y1VNbjRvSzZkSXVZbHNjZ3VvUFFDdlFkY2l3RytkanF3VHJIaWI1VEVibQpqZUtFa1kyQSt3S0JnUUR2WHQrd3kyQmVxQnpNRjZNOExiMk9lVXdWZ25pVnlyeFZQaFBWZ2s1eDZrcytTb0FECmsxRzYyLzNvMlVLNjdsc21zZkRHWUE2OXVNR0ZqMnFZakFIY0dVVzF3eUY5SS9CZEp6MDFybUNXSm1vZTVWWEsKNVU4ZTNBeUgzTVY5WENLRjR2Q2IyK1VGcndvL1puQ3VzV1Z4YVJxdzVrYitQNmlodlp1SXNSRStWd0tCZ1FDNwoyZHVCZzNiakZsVVF3YmlIU3p1UFRhUnJqdmRuMVhQcTh3Vm8vdmNQTm9TMGJCK3lpcXhBcXhUM0xiZm1lRDhjCklORlR0N0tJM1MzYnllSVJReTBUWlI5WVNJbk9qbkZxWkFZaGVpWS85bFg4VW40Sm9kLzFwdllsVG9KK2xKczAKVDNkVEhYaXRGU0hvSnlkTSsvdWNyRVlSUE5NQzR0Yjc1dkt0eTA2bFlRS0JnUUN4NDkrZzVrUWFhUlorNHBzdworZW9sTXBBd0tEa3BLNWdZZW42T3NyVDhtNGhweFRtdGl0ZU1zSDVBdmIvZnhxb0pXTE9qaE40RW5FWlRNSnpyCkx5R29Lc1R2N3JoWndoUnpuRTE1ck96eG1sZFdyY0NrbDdER3VNMkdjS2dndWhDWUY3VTdLQSt2VUNlcUNFMEgKTEEyZ3JrWStUeEZwZzFwd1lkRjFoZWttVHc9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==', # pylint: disable=line-too-long |
119 | 119 |
}, |
120 | 120 |
'ldap_tls_cacert': None, |
121 |
'ldap_tls_check_hostname': True, |
|
122 | 121 |
'ldap_tls_check_cert': True, |
123 | 122 |
'ldap_url': 'ldap://localhost.entrouvert.org:52271', |
124 | 123 |
'log_level': 'INFO', |
tests/ldap/test_search_endpoint.py | ||
---|---|---|
68 | 68 |
'id_attribute': 'uid', |
69 | 69 |
}, |
70 | 70 |
) |
71 |
assert response.json == { |
|
72 |
'data': [{'disabled': True, 'id': '', 'text': 'Directory server is unavailable'}], |
|
73 |
'err': 1, |
|
74 |
'err_class': 'directory-server-unavailable', |
|
75 |
'err_desc': '{\'result\': -1, \'desc\': "Can\'t contact LDAP server", ' |
|
76 |
"'errno': 107, 'ctrls': [], 'info': 'Transport endpoint is not " |
|
77 |
"connected'}", |
|
78 |
} |
|
71 |
assert response.json['err'] == 1 |
|
72 |
assert response.json['data'] == [{'disabled': True, 'id': '', 'text': 'Directory server is unavailable'}] |
|
73 |
assert response.json['err_class'] == 'directory-server-unavailable' |
|
74 |
assert "'info': 'Transport endpoint is not connected'" in response.json['err_desc'] |
|
75 |
assert "'errno': 107" in response.json['err_desc'] |
|
76 |
assert "'desc': \"Can't contact LDAP server\"" in response.json['err_desc'] |
|
79 | 77 | |
80 | 78 | |
81 | 79 |
def test_q(app, resource, ldap_server): |
tox.ini | ||
---|---|---|
47 | 47 |
zeep<3.3 |
48 | 48 |
codestyle: pre-commit |
49 | 49 |
ldaptools |
50 |
python-ldap<=3.2 |
|
50 | 51 |
commands = |
51 | 52 |
./get_wcs.sh |
52 | 53 |
py.test {posargs: --numprocesses {env:NUMPROCESSES:1} --dist loadfile {env:FAST:} {env:COVERAGE:} {env:JUNIT:} tests/} |
53 |
- |