0001-manage-do-not-crash-while-trying-to-impersonate-stal.patch

Paul Marillonnet, 23 septembre 2022 11:24

Voir les différences: en ligne côte à côte

Subject: [PATCH] manage: do not crash while trying to impersonate stale ldap
 user (#62868)

 src/authentic2/views.py    |  4 ++--
 tests/test_user_manager.py | 28 +++++++++++++++++++++++++++-
 2 files changed, 29 insertions(+), 3 deletions(-)

             if not user:
                 raise Http404
             # LDAP ad-hoc behaviour
             if user.userexternalid_set.exists():
                 user = utils_misc.authenticate(request, user=user)
             if user.userexternalid_set.exists() and not utils_misc.authenticate(request, user=user):
                 raise Http404(_('Logging in to Publik as stale LDAP user is not allowed.'))
             return utils_misc.simulate_authentication(request, user, 'su')

     from django.contrib.contenttypes.models import ContentType
     from django.urls import reverse
     from webtest import Upload
     from webtest.app import AppError
     from authentic2.a2_rbac.models import OrganizationalUnit as OU
     from authentic2.a2_rbac.models import Permission, Role
-...
     from authentic2.apps.journal.models import Event
     from authentic2.custom_user.models import User
     from authentic2.manager import user_import
     from authentic2.models import Attribute, AttributeValue
     from authentic2.models import Attribute, AttributeValue, UserExternalId
     from authentic2.utils import misc as utils_misc
     from authentic2_idp_oidc.models import OIDCAuthorization, OIDCClient
     from django_rbac.models import VIEW_OP
     from django_rbac.utils import get_operation
-...
         assert new_app.session['_auth_user_id'] == str(simple_user.pk)
     def test_su_permission_ldap_user_authn_failed(app, app_factory, superuser, simple_user, monkeypatch):
         external_id = UserExternalId(
             user=simple_user,
             source='ldap',
             external_id='abc',
+        )
         external_id.save()
         simple_user.userexternalid_set.set([external_id])
         resp = login(app, superuser, '/manage/users/%s/' % simple_user.pk)
         su_view_url = resp.pyquery('button[name="su"]')[0].get('data-url')
         resp = app.get(su_view_url)
         anchors = resp.pyquery('a#su-link')
         su_url = anchors[0].get('href')
         new_app = app_factory()
         def patched_authenticate(request, user=None):
             return None
         monkeypatch.setattr(utils_misc, 'authenticate', patched_authenticate)
         with pytest.raises(AppError) as exc_info:
             new_app.get(su_url).follow()
         assert exc_info.match('Bad response: 404 Not Found')
     def import_csv(csv_content, app):
         response = app.get('/manage/users/')
         response = response.click('Import users')
+    -

Projet

Général

Profil

Produits Entr'ouvert » Authentic 2

0001-manage-do-not-crash-while-trying-to-impersonate-stal.patch