backends: cast username to unicode (fixes #31206)
This commit is contained in:
parent
c720648330
commit
36787b5340
|
@ -6,7 +6,10 @@ except ImportError:
|
|||
ldap = None
|
||||
|
||||
from django.core.exceptions import ImproperlyConfigured
|
||||
from django.utils import six
|
||||
|
||||
from django_kerberos.backends import KerberosBackend
|
||||
|
||||
from authentic2.backends.ldap_backend import LDAPBackend
|
||||
from authentic2.ldap_utils import FilterFormatter
|
||||
|
||||
|
@ -72,6 +75,7 @@ class A2LdapKerberosBackend(LDAPBackend):
|
|||
return user
|
||||
|
||||
def authenticate_block(self, block, username, realm, logger):
|
||||
username = six.text_type(username)
|
||||
if not block['principal_filter']:
|
||||
return
|
||||
if block['limit_to_realm'] and realm != block['realm']:
|
||||
|
|
|
@ -4,8 +4,6 @@ import pytest
|
|||
from ldaptools.slapd import Slapd
|
||||
|
||||
|
||||
pytestmark = pytest.mark.django_db
|
||||
|
||||
@pytest.fixture
|
||||
def slapd(request, settings):
|
||||
slapd = Slapd(ldap_url=getattr(request, 'param', None))
|
||||
|
@ -27,20 +25,22 @@ uid: john.doe@entrouvert.com
|
|||
]
|
||||
return slapd
|
||||
|
||||
def test_authenticate_no_principal_filter(slapd):
|
||||
|
||||
def test_authenticate_no_principal_filter(slapd, db):
|
||||
from authentic2_auth_kerberos.backends import A2LdapKerberosBackend
|
||||
|
||||
backend = A2LdapKerberosBackend()
|
||||
assert backend.authenticate(principal='john.doe@ENTROUVERT.COM') is None
|
||||
|
||||
def test_authenticate_success(slapd, settings, django_user_model, caplog):
|
||||
|
||||
def test_authenticate_success(slapd, db, settings, django_user_model, caplog):
|
||||
from authentic2_auth_kerberos.backends import A2LdapKerberosBackend
|
||||
|
||||
User = django_user_model
|
||||
settings.LDAP_AUTH_SETTINGS[0]['principal_filter'] = 'uid={username}'
|
||||
backend = A2LdapKerberosBackend()
|
||||
with caplog.at_level(logging.INFO):
|
||||
assert not backend.authenticate(principal='john.doe@ENTROUVERT.COM') is None
|
||||
assert backend.authenticate(principal='john.doe@ENTROUVERT.COM') is not None
|
||||
user = User.objects.get()
|
||||
assert user.username == 'john.doe@ldap'
|
||||
assert user.email == 'john.doe@example.com'
|
||||
|
@ -54,7 +54,7 @@ def test_authenticate_principal_filter_with_realm(slapd, settings, django_user_m
|
|||
settings.LDAP_AUTH_SETTINGS[0]['principal_filter'] = 'uid={username}@{realm}'
|
||||
backend = A2LdapKerberosBackend()
|
||||
with caplog.at_level(logging.INFO):
|
||||
assert not backend.authenticate(principal='john.doe@ENTROUVERT.COM') is None
|
||||
assert backend.authenticate(principal='john.doe@ENTROUVERT.COM') is not None
|
||||
user = User.objects.get()
|
||||
assert user.username == 'john.doe@ldap'
|
||||
assert user.email == 'john.doe@example.com'
|
||||
|
@ -64,7 +64,6 @@ def test_authenticate_principal_filter_with_realm(slapd, settings, django_user_m
|
|||
def test_authenticate_bad_principal_filter(slapd, settings, django_user_model, caplog):
|
||||
from authentic2_auth_kerberos.backends import A2LdapKerberosBackend
|
||||
|
||||
User = django_user_model
|
||||
settings.LDAP_AUTH_SETTINGS[0]['principal_filter'] = 'uid={user}'
|
||||
backend = A2LdapKerberosBackend()
|
||||
with caplog.at_level(logging.INFO):
|
||||
|
@ -73,10 +72,20 @@ def test_authenticate_bad_principal_filter(slapd, settings, django_user_model, c
|
|||
assert 'principal_filter does not' in caplog.text
|
||||
|
||||
|
||||
def test_authenticate_missing_realm_in_principal_filter(slapd, settings, django_user_model, caplog):
|
||||
from authentic2_auth_kerberos.backends import A2LdapKerberosBackend
|
||||
|
||||
settings.LDAP_AUTH_SETTINGS[0]['principal_filter'] = 'uid={username}'
|
||||
backend = A2LdapKerberosBackend()
|
||||
with caplog.at_level(logging.INFO):
|
||||
assert backend.authenticate(principal='foo.bar@ENTROUVERT.COM') is None
|
||||
assert len(caplog.records) == 1
|
||||
assert 'principal foo.bar@ENTROUVERT.COM not found' in caplog.text
|
||||
|
||||
|
||||
def test_authenticate_limit_to_realm_failure(slapd, settings, django_user_model, caplog):
|
||||
from authentic2_auth_kerberos.backends import A2LdapKerberosBackend
|
||||
|
||||
User = django_user_model
|
||||
settings.LDAP_AUTH_SETTINGS[0]['principal_filter'] = 'uid={username}'
|
||||
settings.LDAP_AUTH_SETTINGS[0]['limit_to_realm'] = True
|
||||
backend = A2LdapKerberosBackend()
|
||||
|
@ -93,18 +102,6 @@ def test_authenticate_limit_to_realm_success(slapd, settings, django_user_model)
|
|||
settings.LDAP_AUTH_SETTINGS[0]['limit_to_realm'] = True
|
||||
settings.LDAP_AUTH_SETTINGS[0]['realm'] = 'ENTROUVERT.COM'
|
||||
backend = A2LdapKerberosBackend()
|
||||
assert not backend.authenticate(principal='john.doe@ENTROUVERT.COM') is None
|
||||
assert backend.authenticate(principal='john.doe@ENTROUVERT.COM') is not None
|
||||
user = User.objects.get()
|
||||
assert user.username == 'john.doe@ENTROUVERT.COM'
|
||||
|
||||
|
||||
def test_authenticate_limit_to_realm_success(slapd, settings, django_user_model, caplog):
|
||||
from authentic2_auth_kerberos.backends import A2LdapKerberosBackend
|
||||
|
||||
User = django_user_model
|
||||
settings.LDAP_AUTH_SETTINGS[0]['principal_filter'] = 'uid={username}'
|
||||
backend = A2LdapKerberosBackend()
|
||||
with caplog.at_level(logging.INFO):
|
||||
assert backend.authenticate(principal='foo.bar@ENTROUVERT.COM') is None
|
||||
assert len(caplog.records) == 1
|
||||
assert 'principal foo.bar@ENTROUVERT.COM not found' in caplog.text
|
||||
|
|
3
tox.ini
3
tox.ini
|
@ -6,7 +6,7 @@
|
|||
|
||||
[tox]
|
||||
toxworkdir = {env:TMPDIR:/tmp}/tox-{env:USER}/authentic2-auth-kerberos/{env:BRANCH_NAME:}
|
||||
envlist = py27-coverage-{dj18,dj111}-{pg,sqlite},pylint
|
||||
envlist = py27-coverage-{dj18,dj111}-{pg,sqlite}-{oldldap,},pylint
|
||||
|
||||
[testenv]
|
||||
whitelist_externals =
|
||||
|
@ -32,6 +32,7 @@ deps =
|
|||
pytest-django
|
||||
ldaptools
|
||||
http://git.entrouvert.org/authentic.git/snapshot/authentic-master.tar.bz2
|
||||
oldldap: python-ldap<3
|
||||
commands =
|
||||
./getlasso.sh
|
||||
py.test {env:COVERAGE:} -o junit_suite_name={envname} --junit-xml=junit-{envname}.xml {posargs:tests}
|
||||
|
|
Loading…
Reference in New Issue