misc: set unusable password on federated users (#48136)
This commit is contained in:
parent
8b89b7cadc
commit
7e013975f7
|
@ -0,0 +1,29 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
# Generated by Django 1.11.29 on 2020-11-02 21:52
|
||||
from __future__ import unicode_literals
|
||||
|
||||
|
||||
from django.db import migrations
|
||||
from django.contrib.auth.models import AbstractUser
|
||||
|
||||
|
||||
def noop(apps, schema_editor):
|
||||
pass
|
||||
|
||||
|
||||
def set_unusable_password(apps, schema_editor):
|
||||
User = apps.get_model('custom_user', 'User')
|
||||
for user in User.objects.filter(password=''):
|
||||
AbstractUser.set_unusable_password(user)
|
||||
user.save()
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
('custom_user', '0020_deleteduser'),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.RunPython(set_unusable_password, noop),
|
||||
]
|
|
@ -51,6 +51,7 @@ class FcBackend(ModelBackend):
|
|||
if not user and app_settings.create:
|
||||
User = get_user_model()
|
||||
user = User.objects.create(ou=get_default_ou())
|
||||
user.set_unusable_password()
|
||||
try:
|
||||
models.FcAccount.objects.create(
|
||||
user=user,
|
||||
|
|
|
@ -241,6 +241,7 @@ class OIDCBackend(ModelBackend):
|
|||
pass
|
||||
if not user:
|
||||
user = User.objects.create(ou=provider.ou)
|
||||
user.set_unusable_password()
|
||||
created = True
|
||||
oidc_account, created = models.OIDCAccount.objects.get_or_create(
|
||||
provider=provider,
|
||||
|
|
|
@ -65,7 +65,10 @@ class SamlConditionContextProxy(object):
|
|||
|
||||
class AuthenticAdapter(DefaultAdapter):
|
||||
def create_user(self, user_class):
|
||||
return user_class.objects.create()
|
||||
user = user_class()
|
||||
user.set_unusable_password()
|
||||
user.save()
|
||||
return user
|
||||
|
||||
def finish_create_user(self, idp, saml_attributes, user):
|
||||
try:
|
||||
|
|
|
@ -203,7 +203,9 @@ def test_requests_proxies_support(settings, app):
|
|||
|
||||
|
||||
def test_no_password_with_fc_account_can_reset_password(app, db, mailoutbox):
|
||||
user = User.objects.create(email='john.doe@example.com')
|
||||
user = User(email='john.doe@example.com')
|
||||
user.set_unusable_password()
|
||||
user.save()
|
||||
# No FC account, forbidden to set a password
|
||||
response = app.get('/login/')
|
||||
response = response.click('Reset it!').maybe_follow()
|
||||
|
|
|
@ -16,6 +16,7 @@
|
|||
|
||||
import mock
|
||||
|
||||
from django.contrib.auth.models import AbstractUser
|
||||
from django.db.utils import ProgrammingError
|
||||
|
||||
|
||||
|
@ -49,3 +50,16 @@ def test_migration_0028_trigram_unaccent_index(transactional_db, migration):
|
|||
with mock.patch('django.db.backends.postgresql.schema.DatabaseSchemaEditor.execute') as mocked:
|
||||
mocked.side_effect = programming_error
|
||||
migration.apply([('authentic2', '0028_trigram_unaccent_index')])
|
||||
|
||||
|
||||
def test_migration_custom_user_0021_set_unusable_password(transactional_db, migration):
|
||||
old_apps = migration.before([('custom_user', '0020_deleteduser')])
|
||||
|
||||
User = old_apps.get_model('custom_user', 'User')
|
||||
user = User.objects.create()
|
||||
assert user.password == ''
|
||||
|
||||
new_apps = migration.apply([('custom_user', '0021_set_unusable_password')])
|
||||
User = new_apps.get_model('custom_user', 'User')
|
||||
user = User.objects.get()
|
||||
assert not AbstractUser.has_usable_password(user)
|
||||
|
|
Loading…
Reference in New Issue