From 0a880ddde47dfb108bca6b91e637a705c434709f Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Thu, 1 Apr 2021 17:06:39 +0200
Subject: [PATCH] utils: set LDAP auth backend when resetting password of an
 LDAP account (#52638)

---
 src/authentic2/utils/__init__.py | 15 ++++++++-------
 tests/test_ldap.py               |  5 +++++
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/src/authentic2/utils/__init__.py b/src/authentic2/utils/__init__.py
index aedf9ee5..2c3e515a 100644
--- a/src/authentic2/utils/__init__.py
+++ b/src/authentic2/utils/__init__.py
@@ -1150,13 +1150,14 @@ def same_origin(url1, url2):
     return True
 
 
-def simulate_authentication(
-    request, user, method, backend='authentic2.backends.models_backend.ModelBackend', service=None, **kwargs
-):
-    '''Simulate a normal login by forcing a backend attribute on the user instance'''
-    # do not modify the passed user
-    user = copy.deepcopy(user)
-    user.backend = backend
+def simulate_authentication(request, user, method, backend=None, service=None, **kwargs):
+    '''Simulate a normal login by eventually forcing a backend attribute on the
+       user instance'''
+    if not getattr(user, 'backend', None) and not backend:
+        backend = 'authentic2.backends.models_backend.ModelBackend'
+    if backend:
+        user = copy.deepcopy(user)
+        user.backend = backend
     return login(request, user, method, service=service, record=False, **kwargs)
 
 
diff --git a/tests/test_ldap.py b/tests/test_ldap.py
index edc4b9a6..615c3d25 100644
--- a/tests/test_ldap.py
+++ b/tests/test_ldap.py
@@ -878,6 +878,9 @@ def reset_password_ldap_user(settings, app):
     response.form['new_password1'] = new_password
     response.form['new_password2'] = new_password
     response = response.form.submit(status=302).maybe_follow()
+    assert app.session['_auth_user_backend'] == 'authentic2.backends.ldap_backend.LDAPBackendPasswordLost'
+    template_user = response.context['user']
+    assert 'carlicense' in template_user.get_attributes(object(), {})
     # logout
     response = response.click('Logout').maybe_follow()
     return new_password
@@ -891,6 +894,7 @@ def test_reset_password_ldap_user(slapd, settings, app, db):
             'bindpw': force_text(slapd.root_bind_password),
             'basedn': u'o=ôrga',
             'use_tls': False,
+            'attributes': ['uid', 'carLicense'],
         }
     ]
     new_password = reset_password_ldap_user(settings, app)
@@ -1291,6 +1295,7 @@ def test_login_ppolicy_pwdExpireWarning(slapd_ppolicy, settings, app, db, caplog
             'bindpw': force_text(slapd_ppolicy.root_bind_password),
             'basedn': u'o=ôrga',
             'use_tls': False,
+            'attributes': ['carLicense'],
         }
     ]
 
-- 
2.30.1