From 36787b5340f55b1554fa7223ce091c248a4a5a03 Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Thu, 7 Mar 2019 23:09:37 +0100 Subject: [PATCH] backends: cast username to unicode (fixes #31206) --- src/authentic2_auth_kerberos/backends.py | 4 +++ tests/test_ldap_backend.py | 39 +++++++++++------------- tox.ini | 3 +- 3 files changed, 24 insertions(+), 22 deletions(-) diff --git a/src/authentic2_auth_kerberos/backends.py b/src/authentic2_auth_kerberos/backends.py index 8700cb6..2519199 100644 --- a/src/authentic2_auth_kerberos/backends.py +++ b/src/authentic2_auth_kerberos/backends.py @@ -6,7 +6,10 @@ except ImportError: ldap = None from django.core.exceptions import ImproperlyConfigured +from django.utils import six + from django_kerberos.backends import KerberosBackend + from authentic2.backends.ldap_backend import LDAPBackend from authentic2.ldap_utils import FilterFormatter @@ -72,6 +75,7 @@ class A2LdapKerberosBackend(LDAPBackend): return user def authenticate_block(self, block, username, realm, logger): + username = six.text_type(username) if not block['principal_filter']: return if block['limit_to_realm'] and realm != block['realm']: diff --git a/tests/test_ldap_backend.py b/tests/test_ldap_backend.py index 9254a91..15957dd 100644 --- a/tests/test_ldap_backend.py +++ b/tests/test_ldap_backend.py @@ -4,8 +4,6 @@ import pytest from ldaptools.slapd import Slapd -pytestmark = pytest.mark.django_db - @pytest.fixture def slapd(request, settings): slapd = Slapd(ldap_url=getattr(request, 'param', None)) @@ -27,20 +25,22 @@ uid: john.doe@entrouvert.com ] return slapd -def test_authenticate_no_principal_filter(slapd): + +def test_authenticate_no_principal_filter(slapd, db): from authentic2_auth_kerberos.backends import A2LdapKerberosBackend backend = A2LdapKerberosBackend() assert backend.authenticate(principal='john.doe@ENTROUVERT.COM') is None -def test_authenticate_success(slapd, settings, django_user_model, caplog): + +def test_authenticate_success(slapd, db, settings, django_user_model, caplog): from authentic2_auth_kerberos.backends import A2LdapKerberosBackend User = django_user_model settings.LDAP_AUTH_SETTINGS[0]['principal_filter'] = 'uid={username}' backend = A2LdapKerberosBackend() with caplog.at_level(logging.INFO): - assert not backend.authenticate(principal='john.doe@ENTROUVERT.COM') is None + assert backend.authenticate(principal='john.doe@ENTROUVERT.COM') is not None user = User.objects.get() assert user.username == 'john.doe@ldap' assert user.email == 'john.doe@example.com' @@ -54,7 +54,7 @@ def test_authenticate_principal_filter_with_realm(slapd, settings, django_user_m settings.LDAP_AUTH_SETTINGS[0]['principal_filter'] = 'uid={username}@{realm}' backend = A2LdapKerberosBackend() with caplog.at_level(logging.INFO): - assert not backend.authenticate(principal='john.doe@ENTROUVERT.COM') is None + assert backend.authenticate(principal='john.doe@ENTROUVERT.COM') is not None user = User.objects.get() assert user.username == 'john.doe@ldap' assert user.email == 'john.doe@example.com' @@ -64,7 +64,6 @@ def test_authenticate_principal_filter_with_realm(slapd, settings, django_user_m def test_authenticate_bad_principal_filter(slapd, settings, django_user_model, caplog): from authentic2_auth_kerberos.backends import A2LdapKerberosBackend - User = django_user_model settings.LDAP_AUTH_SETTINGS[0]['principal_filter'] = 'uid={user}' backend = A2LdapKerberosBackend() with caplog.at_level(logging.INFO): @@ -73,10 +72,20 @@ def test_authenticate_bad_principal_filter(slapd, settings, django_user_model, c assert 'principal_filter does not' in caplog.text +def test_authenticate_missing_realm_in_principal_filter(slapd, settings, django_user_model, caplog): + from authentic2_auth_kerberos.backends import A2LdapKerberosBackend + + settings.LDAP_AUTH_SETTINGS[0]['principal_filter'] = 'uid={username}' + backend = A2LdapKerberosBackend() + with caplog.at_level(logging.INFO): + assert backend.authenticate(principal='foo.bar@ENTROUVERT.COM') is None + assert len(caplog.records) == 1 + assert 'principal foo.bar@ENTROUVERT.COM not found' in caplog.text + + def test_authenticate_limit_to_realm_failure(slapd, settings, django_user_model, caplog): from authentic2_auth_kerberos.backends import A2LdapKerberosBackend - User = django_user_model settings.LDAP_AUTH_SETTINGS[0]['principal_filter'] = 'uid={username}' settings.LDAP_AUTH_SETTINGS[0]['limit_to_realm'] = True backend = A2LdapKerberosBackend() @@ -93,18 +102,6 @@ def test_authenticate_limit_to_realm_success(slapd, settings, django_user_model) settings.LDAP_AUTH_SETTINGS[0]['limit_to_realm'] = True settings.LDAP_AUTH_SETTINGS[0]['realm'] = 'ENTROUVERT.COM' backend = A2LdapKerberosBackend() - assert not backend.authenticate(principal='john.doe@ENTROUVERT.COM') is None + assert backend.authenticate(principal='john.doe@ENTROUVERT.COM') is not None user = User.objects.get() assert user.username == 'john.doe@ENTROUVERT.COM' - - -def test_authenticate_limit_to_realm_success(slapd, settings, django_user_model, caplog): - from authentic2_auth_kerberos.backends import A2LdapKerberosBackend - - User = django_user_model - settings.LDAP_AUTH_SETTINGS[0]['principal_filter'] = 'uid={username}' - backend = A2LdapKerberosBackend() - with caplog.at_level(logging.INFO): - assert backend.authenticate(principal='foo.bar@ENTROUVERT.COM') is None - assert len(caplog.records) == 1 - assert 'principal foo.bar@ENTROUVERT.COM not found' in caplog.text diff --git a/tox.ini b/tox.ini index 618587f..fb807db 100644 --- a/tox.ini +++ b/tox.ini @@ -6,7 +6,7 @@ [tox] toxworkdir = {env:TMPDIR:/tmp}/tox-{env:USER}/authentic2-auth-kerberos/{env:BRANCH_NAME:} -envlist = py27-coverage-{dj18,dj111}-{pg,sqlite},pylint +envlist = py27-coverage-{dj18,dj111}-{pg,sqlite}-{oldldap,},pylint [testenv] whitelist_externals = @@ -32,6 +32,7 @@ deps = pytest-django ldaptools http://git.entrouvert.org/authentic.git/snapshot/authentic-master.tar.bz2 + oldldap: python-ldap<3 commands = ./getlasso.sh py.test {env:COVERAGE:} -o junit_suite_name={envname} --junit-xml=junit-{envname}.xml {posargs:tests}