ldap: record user reactivation in journal (#54170)
This commit is contained in:
parent
65d34ade59
commit
b7b9a3babb
|
@ -1468,6 +1468,8 @@ class LDAPBackend(object):
|
||||||
return self._return_django_user(dn, username, password, conn, block, attributes)
|
return self._return_django_user(dn, username, password, conn, block, attributes)
|
||||||
|
|
||||||
def _return_django_user(self, dn, username, password, conn, block, attributes):
|
def _return_django_user(self, dn, username, password, conn, block, attributes):
|
||||||
|
from authentic2.manager.journal_event_types import ManagerUserActivation
|
||||||
|
|
||||||
user = self.lookup_existing_user(username, block, attributes)
|
user = self.lookup_existing_user(username, block, attributes)
|
||||||
if user:
|
if user:
|
||||||
log.debug('found existing user %r', user)
|
log.debug('found existing user %r', user)
|
||||||
|
@ -1485,6 +1487,8 @@ class LDAPBackend(object):
|
||||||
|
|
||||||
if not user.is_active and user.deactivation_reason and user.deactivation_reason.startswith('ldap-'):
|
if not user.is_active and user.deactivation_reason and user.deactivation_reason.startswith('ldap-'):
|
||||||
user.mark_as_active()
|
user.mark_as_active()
|
||||||
|
ldap_uri = conn.get_option(ldap.OPT_URI)
|
||||||
|
ManagerUserActivation.record(target_user=user, reason='ldap-reactivation', origin=ldap_uri)
|
||||||
|
|
||||||
user_login_success(user.get_username())
|
user_login_success(user.get_username())
|
||||||
return user
|
return user
|
||||||
|
|
|
@ -194,16 +194,26 @@ class ManagerUserActivation(EventTypeDefinition):
|
||||||
label = _('user activation')
|
label = _('user activation')
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def record(cls, user, session, target_user):
|
def record(cls, target_user, user=None, session=None, origin=None, reason=None):
|
||||||
super().record(user=user, session=session, references=[target_user])
|
data = {'origin': origin, 'reason': reason}
|
||||||
|
super().record(user=user, session=session, references=[target_user], data=data)
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def get_message(cls, event, context):
|
def get_message(cls, event, context):
|
||||||
(user,) = event.get_typed_references((DeletedUser, User))
|
(user,) = event.get_typed_references((DeletedUser, User))
|
||||||
|
reason = event.get_data('reason')
|
||||||
if context and context == user:
|
if context and context == user:
|
||||||
return _('activation by administrator')
|
if reason == 'ldap-reactivation':
|
||||||
|
return _('automatic activation because the associated LDAP account reappeared')
|
||||||
|
else:
|
||||||
|
return _('activation by administrator')
|
||||||
elif user:
|
elif user:
|
||||||
return _('activation of user "%s"') % user_to_str(user)
|
if reason == 'ldap-reactivation':
|
||||||
|
return _(
|
||||||
|
'automatic activation of user "%s" because the associated LDAP account reappeared'
|
||||||
|
) % user_to_str(user)
|
||||||
|
else:
|
||||||
|
return _('activation of user "%s"') % user_to_str(user)
|
||||||
return super().get_message(event, context)
|
return super().get_message(event, context)
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -312,15 +312,21 @@ def test_deactivate_orphaned_users(slapd, settings, client, db):
|
||||||
).count()
|
).count()
|
||||||
== 1
|
== 1
|
||||||
)
|
)
|
||||||
assert (
|
reactivated_users = User.objects.filter(
|
||||||
User.objects.filter(
|
is_active=True, deactivation_reason__isnull=True, deactivation__isnull=True
|
||||||
is_active=True, deactivation_reason__isnull=True, deactivation__isnull=True
|
|
||||||
).count()
|
|
||||||
== 4
|
|
||||||
)
|
)
|
||||||
|
assert reactivated_users.count() == 4
|
||||||
assert User.objects.filter(is_active=False).count() == 2
|
assert User.objects.filter(is_active=False).count() == 2
|
||||||
assert User.objects.count() == 6
|
assert User.objects.count() == 6
|
||||||
|
|
||||||
|
for user in reactivated_users:
|
||||||
|
utils.assert_event(
|
||||||
|
'manager.user.activation',
|
||||||
|
target_user=user,
|
||||||
|
reason='ldap-reactivation',
|
||||||
|
origin=slapd.ldap_url,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.django_db
|
@pytest.mark.django_db
|
||||||
def test_simple_with_binddn(slapd, settings, client):
|
def test_simple_with_binddn(slapd, settings, client):
|
||||||
|
|
|
@ -261,6 +261,11 @@ def events(db, freezer):
|
||||||
target_user=user,
|
target_user=user,
|
||||||
reason='ldap-old-source',
|
reason='ldap-old-source',
|
||||||
)
|
)
|
||||||
|
make(
|
||||||
|
'manager.user.activation',
|
||||||
|
target_user=user,
|
||||||
|
reason='ldap-reactivation',
|
||||||
|
)
|
||||||
|
|
||||||
# verify we created at least one event for each type
|
# verify we created at least one event for each type
|
||||||
assert set(Event.objects.values_list("type__name", flat=True)) == set(_registry)
|
assert set(Event.objects.values_list("type__name", flat=True)) == set(_registry)
|
||||||
|
@ -564,6 +569,12 @@ def test_global_journal(app, superuser, events):
|
||||||
'user': '-',
|
'user': '-',
|
||||||
'message': 'automatic deactivation of user "Johnny doe" because the associated LDAP source has been deleted',
|
'message': 'automatic deactivation of user "Johnny doe" because the associated LDAP source has been deleted',
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
'message': 'automatic activation of user "Johnny doe" because the associated LDAP account reappeared',
|
||||||
|
'timestamp': 'Jan. 2, 2020, 7 p.m.',
|
||||||
|
'type': 'manager.user.activation',
|
||||||
|
'user': '-',
|
||||||
|
},
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
|
@ -761,6 +772,12 @@ def test_user_journal(app, superuser, events):
|
||||||
'user': '-',
|
'user': '-',
|
||||||
'message': 'automatic deactivation because the associated LDAP source has been deleted',
|
'message': 'automatic deactivation because the associated LDAP source has been deleted',
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
'message': 'automatic activation because the associated LDAP account reappeared',
|
||||||
|
'timestamp': 'Jan. 2, 2020, 7 p.m.',
|
||||||
|
'type': 'manager.user.activation',
|
||||||
|
'user': '-',
|
||||||
|
},
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
|
@ -1019,6 +1036,7 @@ def test_search(app, superuser, events):
|
||||||
|
|
||||||
table_content = [text_content(p) for p in response.pyquery('tbody td.journal-list--message-column')]
|
table_content = [text_content(p) for p in response.pyquery('tbody td.journal-list--message-column')]
|
||||||
assert table_content == [
|
assert table_content == [
|
||||||
|
'automatic activation of user "Johnny doe" because the associated LDAP account reappeared',
|
||||||
'automatic deactivation of user "Johnny doe" because the associated LDAP source has been deleted',
|
'automatic deactivation of user "Johnny doe" because the associated LDAP source has been deleted',
|
||||||
'automatic deactivation of user "Johnny doe" because the associated LDAP account does not exist anymore',
|
'automatic deactivation of user "Johnny doe" because the associated LDAP account does not exist anymore',
|
||||||
'deactivation of user "Johnny doe"',
|
'deactivation of user "Johnny doe"',
|
||||||
|
|
Loading…
Reference in New Issue