Bug #5399
Store LDAP users password in session
100%
Description
- some LDAP attributes could be only readable by the User and not the identity which Authentic use to bind to the LDAP with the user credentials (service user),
- user's passwords are usually only modifiable by the user himself.
Currently the password is stored after successful authentication using the Django cache framework using a cache named 'ldap' if it exists and otherwise the default cache. They must use a shared cache (file, SQL, memcache but not locmem, the default). As the cache subsystem is not usually configured like that it makes using LDAP more difficult than necessary.
The provided patch add a middleware to keep the request around in a thread local variable and use it from the LDAPUser subclass of Django's User to retrieve the request session and store LDAP credentials. As session are always stored in a shared cache (default is SQL) it resolves the described problem of initial configuration by not needing it anymore.
Fichiers
Révisions associées
Store LDAP users passwords in request.session instead of using the Django cache (fixes #5399)
Historique
Mis à jour par Benjamin Dauvergne il y a plus de 9 ans
- Fichier
0001-Add-a-middleware-to-store-the-current-request-in-a-t.patchsupprimé
Mis à jour par Benjamin Dauvergne il y a plus de 9 ans
- Fichier 0001-Add-a-middleware-to-store-the-current-request-in-a-t.patch ajouté
Mis à jour par Frédéric Péters il y a plus de 9 ans
Wouldn't it be more appropriate to reuse the code from #5281 to get access to the request object of the current thread?
In ldap_backend.py, what justifies moving the get/set_cached_password code outside? It doesn't look unused anywhere else; as it is it adds un unncessary depth to the flow, imo.
Mis à jour par Benjamin Dauvergne il y a plus de 9 ans
- Fichier
0002-Store-LDAP-users-passwords-in-request.session-instea.patchsupprimé
Mis à jour par Benjamin Dauvergne il y a plus de 9 ans
- Fichier
0001-Add-a-middleware-to-store-the-current-request-in-a-t.patchsupprimé
Mis à jour par Benjamin Dauvergne il y a plus de 9 ans
- Fichier 0001-middleware-add-middleware-to-keep-request-in-thread-.patch 0001-middleware-add-middleware-to-keep-request-in-thread-.patch ajouté
- Fichier 0002-Store-LDAP-users-passwords-in-request.session-instea.patch 0002-Store-LDAP-users-passwords-in-request.session-instea.patch ajouté
Now with the same middleware as #5281 and indirection through set/get_cached_password removed.
Mis à jour par Benjamin Dauvergne il y a plus de 9 ans
- Statut changé de En cours à Résolu (à déployer)
- % réalisé changé de 0 à 100
Appliqué par commit e95a732644c45258e339ffcd14422ed1a9e77566.
Mis à jour par Benjamin Dauvergne il y a plus de 9 ans
- Statut changé de Résolu (à déployer) à Fermé
Add middleware to keep request in thread local storage (refs #5281, refs #5399)