ldap: do not fail if Role.MultipleObjectsReturned is raised (#39274)
This commit is contained in:
parent
82532d5bd2
commit
f03e3aae66
|
@ -855,6 +855,8 @@ class LDAPBackend(object):
|
|||
return Role.objects.get(name=slug, **kwargs), None
|
||||
except Role.DoesNotExist:
|
||||
error = ('role %r does not exist' % role_id)
|
||||
except Role.MultipleObjectsReturned:
|
||||
error = 'multiple objects returned, identifier is imprecise'
|
||||
except Role.MultipleObjectsReturned:
|
||||
error = 'multiple objects returned, identifier is imprecise'
|
||||
else:
|
||||
|
|
|
@ -32,6 +32,7 @@ from django.utils.encoding import force_text
|
|||
from django.utils import timezone
|
||||
from django.utils.six.moves.urllib import parse as urlparse
|
||||
|
||||
from authentic2.models import Service
|
||||
from authentic2.a2_rbac.utils import get_default_ou
|
||||
from django_rbac.utils import get_ou_model
|
||||
from authentic2.backends import ldap_backend
|
||||
|
@ -497,6 +498,74 @@ def test_nocreate_mandatory_roles(slapd, settings, db):
|
|||
assert User.objects.first().roles.count() == 0
|
||||
|
||||
|
||||
def test_from_slug_set_mandatory_roles(slapd, settings, db):
|
||||
from authentic2.a2_rbac.models import Role
|
||||
|
||||
Role.objects.get_or_create(name='Tech', slug='tech')
|
||||
Role.objects.get_or_create(name='Admin', slug='admin')
|
||||
settings.LDAP_AUTH_SETTINGS = [{
|
||||
'url': [slapd.ldap_url],
|
||||
'basedn': u'o=ôrga',
|
||||
'use_tls': False,
|
||||
'create_group': True,
|
||||
'group_mapping': [
|
||||
[u'cn=group2,o=ôrga', ['Group2']],
|
||||
],
|
||||
'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))',
|
||||
'set_mandatory_roles': ['tech', 'admin'],
|
||||
}]
|
||||
|
||||
list(ldap_backend.LDAPBackend.get_users())
|
||||
assert User.objects.first().roles.count() == 2
|
||||
|
||||
|
||||
def test_multiple_slug_set_mandatory_roles(slapd, settings, db):
|
||||
from authentic2.a2_rbac.models import Role
|
||||
|
||||
service1 = Service.objects.create(name='s1', slug='s1')
|
||||
service2 = Service.objects.create(name='s2', slug='s2')
|
||||
Role.objects.create(name='foo', slug='tech', service=service1)
|
||||
Role.objects.create(name='bar', slug='tech', service=service2)
|
||||
settings.LDAP_AUTH_SETTINGS = [{
|
||||
'url': [slapd.ldap_url],
|
||||
'basedn': u'o=ôrga',
|
||||
'use_tls': False,
|
||||
'create_group': True,
|
||||
'group_mapping': [
|
||||
[u'cn=group2,o=ôrga', ['Group2']],
|
||||
],
|
||||
'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))',
|
||||
'set_mandatory_roles': ['tech'],
|
||||
}]
|
||||
|
||||
list(ldap_backend.LDAPBackend.get_users())
|
||||
assert User.objects.first().roles.count() == 0
|
||||
|
||||
|
||||
def test_multiple_name_set_mandatory_roles(slapd, settings, db):
|
||||
from authentic2.a2_rbac.models import Role
|
||||
|
||||
OU = get_ou_model()
|
||||
ou1 = OU.objects.create(name='test1', slug='test1')
|
||||
ou2 = OU.objects.create(name='test2', slug='test2')
|
||||
Role.objects.create(name='tech', slug='foo', ou=ou1)
|
||||
Role.objects.create(name='tech', slug='bar', ou=ou2)
|
||||
settings.LDAP_AUTH_SETTINGS = [{
|
||||
'url': [slapd.ldap_url],
|
||||
'basedn': u'o=ôrga',
|
||||
'use_tls': False,
|
||||
'create_group': True,
|
||||
'group_mapping': [
|
||||
[u'cn=group2,o=ôrga', ['Group2']],
|
||||
],
|
||||
'group_filter': '(&(memberUid={uid})(objectClass=posixGroup))',
|
||||
'set_mandatory_roles': ['tech'],
|
||||
}]
|
||||
|
||||
list(ldap_backend.LDAPBackend.get_users())
|
||||
assert User.objects.first().roles.count() == 0
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def slapd_strict_acl(slapd):
|
||||
# forbid modifications by user themselves
|
||||
|
|
Loading…
Reference in New Issue