views: use LDAPBackendPasswordLost to switch to LDAP account (#43585)
This commit is contained in:
parent
aa0e769602
commit
c70f205987
|
@ -1362,6 +1362,9 @@ class SuView(View):
|
|||
user = switch_user.resolve_token(uuid)
|
||||
if not user:
|
||||
raise Http404
|
||||
# LDAP ad-hoc behaviour
|
||||
if user.userexternalid_set.exists():
|
||||
user = utils.authenticate(request, user=user)
|
||||
return utils.simulate_authentication(request, user, 'su')
|
||||
|
||||
|
||||
|
|
|
@ -36,7 +36,7 @@ from authentic2.a2_rbac.models import Role
|
|||
from authentic2.a2_rbac.utils import get_default_ou
|
||||
from authentic2.backends import ldap_backend
|
||||
from authentic2.models import Service
|
||||
from authentic2.utils import authenticate
|
||||
from authentic2.utils import authenticate, switch_user
|
||||
from django_rbac.utils import get_ou_model
|
||||
|
||||
from . import utils
|
||||
|
@ -1653,3 +1653,25 @@ def test_config_to_lowercase():
|
|||
}
|
||||
],
|
||||
}
|
||||
|
||||
|
||||
def test_switch_user_ldap_user(slapd, settings, app, db):
|
||||
settings.LDAP_AUTH_SETTINGS = [
|
||||
{
|
||||
'url': [slapd.ldap_url],
|
||||
'binddn': force_text(slapd.root_bind_dn),
|
||||
'bindpw': force_text(slapd.root_bind_password),
|
||||
'basedn': u'o=ôrga',
|
||||
'use_tls': False,
|
||||
'attributes': ['carLicense'],
|
||||
}
|
||||
]
|
||||
# get all users
|
||||
management.call_command('sync-ldap-users', verbosity=2)
|
||||
|
||||
user = User.objects.get(username=USERNAME + '@ldap')
|
||||
url = switch_user.build_url(user)
|
||||
response = app.get(url).follow()
|
||||
assert app.session['_auth_user_backend'] == 'authentic2.backends.ldap_backend.LDAPBackendPasswordLost'
|
||||
template_user = response.context['user']
|
||||
assert 'carlicense' in template_user.get_attributes(object(), {})
|
||||
|
|
Loading…
Reference in New Issue