manage: do not crash while trying to impersonate stale ldap user (#62868)
gitea/authentic/pipeline/head Build started...
Details
gitea/authentic/pipeline/head Build started...
Details
This commit is contained in:
parent
4ba89d00b7
commit
07b1fdc98f
|
@ -1604,6 +1604,8 @@ class SuView(View):
|
|||
# LDAP ad-hoc behaviour
|
||||
if user.userexternalid_set.exists():
|
||||
user = utils_misc.authenticate(request, user=user)
|
||||
if not user:
|
||||
raise Http404(_('Logging in to Publik as stale LDAP user is not allowed.'))
|
||||
return utils_misc.simulate_authentication(request, user, 'su')
|
||||
|
||||
|
||||
|
|
|
@ -26,6 +26,7 @@ from django.contrib.auth import get_user_model
|
|||
from django.contrib.contenttypes.models import ContentType
|
||||
from django.urls import reverse
|
||||
from webtest import Upload
|
||||
from webtest.app import AppError
|
||||
|
||||
from authentic2.a2_rbac.models import OrganizationalUnit as OU
|
||||
from authentic2.a2_rbac.models import Permission, Role
|
||||
|
@ -33,7 +34,8 @@ from authentic2.a2_rbac.utils import get_default_ou, get_view_user_perm
|
|||
from authentic2.apps.journal.models import Event
|
||||
from authentic2.custom_user.models import User
|
||||
from authentic2.manager import user_import
|
||||
from authentic2.models import Attribute, AttributeValue
|
||||
from authentic2.models import Attribute, AttributeValue, UserExternalId
|
||||
from authentic2.utils import misc as utils_misc
|
||||
from authentic2_idp_oidc.models import OIDCAuthorization, OIDCClient
|
||||
from django_rbac.models import VIEW_OP
|
||||
from django_rbac.utils import get_operation
|
||||
|
@ -645,6 +647,30 @@ def test_su_superuser_dialog(app, app_factory, superuser, simple_user):
|
|||
assert new_app.session['_auth_user_id'] == str(simple_user.pk)
|
||||
|
||||
|
||||
def test_su_permission_ldap_user_authn_failed(app, app_factory, superuser, simple_user, monkeypatch):
|
||||
external_id = UserExternalId(
|
||||
user=simple_user,
|
||||
source='ldap',
|
||||
external_id='abc',
|
||||
)
|
||||
external_id.save()
|
||||
simple_user.userexternalid_set.set([external_id])
|
||||
resp = login(app, superuser, '/manage/users/%s/' % simple_user.pk)
|
||||
su_view_url = resp.pyquery('button[name="su"]')[0].get('data-url')
|
||||
resp = app.get(su_view_url)
|
||||
anchors = resp.pyquery('a#su-link')
|
||||
su_url = anchors[0].get('href')
|
||||
new_app = app_factory()
|
||||
|
||||
def patched_authenticate(request, user=None):
|
||||
return None
|
||||
|
||||
monkeypatch.setattr(utils_misc, 'authenticate', patched_authenticate)
|
||||
with pytest.raises(AppError) as exc_info:
|
||||
new_app.get(su_url).follow()
|
||||
assert exc_info.match('Bad response: 404 Not Found')
|
||||
|
||||
|
||||
def import_csv(csv_content, app):
|
||||
response = app.get('/manage/users/')
|
||||
response = response.click('Import users')
|
||||
|
|
Loading…
Reference in New Issue