backends: cast username to unicode (fixes #31206)
This commit is contained in:
parent
c720648330
commit
36787b5340
|
@ -6,7 +6,10 @@ except ImportError:
|
||||||
ldap = None
|
ldap = None
|
||||||
|
|
||||||
from django.core.exceptions import ImproperlyConfigured
|
from django.core.exceptions import ImproperlyConfigured
|
||||||
|
from django.utils import six
|
||||||
|
|
||||||
from django_kerberos.backends import KerberosBackend
|
from django_kerberos.backends import KerberosBackend
|
||||||
|
|
||||||
from authentic2.backends.ldap_backend import LDAPBackend
|
from authentic2.backends.ldap_backend import LDAPBackend
|
||||||
from authentic2.ldap_utils import FilterFormatter
|
from authentic2.ldap_utils import FilterFormatter
|
||||||
|
|
||||||
|
@ -72,6 +75,7 @@ class A2LdapKerberosBackend(LDAPBackend):
|
||||||
return user
|
return user
|
||||||
|
|
||||||
def authenticate_block(self, block, username, realm, logger):
|
def authenticate_block(self, block, username, realm, logger):
|
||||||
|
username = six.text_type(username)
|
||||||
if not block['principal_filter']:
|
if not block['principal_filter']:
|
||||||
return
|
return
|
||||||
if block['limit_to_realm'] and realm != block['realm']:
|
if block['limit_to_realm'] and realm != block['realm']:
|
||||||
|
|
|
@ -4,8 +4,6 @@ import pytest
|
||||||
from ldaptools.slapd import Slapd
|
from ldaptools.slapd import Slapd
|
||||||
|
|
||||||
|
|
||||||
pytestmark = pytest.mark.django_db
|
|
||||||
|
|
||||||
@pytest.fixture
|
@pytest.fixture
|
||||||
def slapd(request, settings):
|
def slapd(request, settings):
|
||||||
slapd = Slapd(ldap_url=getattr(request, 'param', None))
|
slapd = Slapd(ldap_url=getattr(request, 'param', None))
|
||||||
|
@ -27,20 +25,22 @@ uid: john.doe@entrouvert.com
|
||||||
]
|
]
|
||||||
return slapd
|
return slapd
|
||||||
|
|
||||||
def test_authenticate_no_principal_filter(slapd):
|
|
||||||
|
def test_authenticate_no_principal_filter(slapd, db):
|
||||||
from authentic2_auth_kerberos.backends import A2LdapKerberosBackend
|
from authentic2_auth_kerberos.backends import A2LdapKerberosBackend
|
||||||
|
|
||||||
backend = A2LdapKerberosBackend()
|
backend = A2LdapKerberosBackend()
|
||||||
assert backend.authenticate(principal='john.doe@ENTROUVERT.COM') is None
|
assert backend.authenticate(principal='john.doe@ENTROUVERT.COM') is None
|
||||||
|
|
||||||
def test_authenticate_success(slapd, settings, django_user_model, caplog):
|
|
||||||
|
def test_authenticate_success(slapd, db, settings, django_user_model, caplog):
|
||||||
from authentic2_auth_kerberos.backends import A2LdapKerberosBackend
|
from authentic2_auth_kerberos.backends import A2LdapKerberosBackend
|
||||||
|
|
||||||
User = django_user_model
|
User = django_user_model
|
||||||
settings.LDAP_AUTH_SETTINGS[0]['principal_filter'] = 'uid={username}'
|
settings.LDAP_AUTH_SETTINGS[0]['principal_filter'] = 'uid={username}'
|
||||||
backend = A2LdapKerberosBackend()
|
backend = A2LdapKerberosBackend()
|
||||||
with caplog.at_level(logging.INFO):
|
with caplog.at_level(logging.INFO):
|
||||||
assert not backend.authenticate(principal='john.doe@ENTROUVERT.COM') is None
|
assert backend.authenticate(principal='john.doe@ENTROUVERT.COM') is not None
|
||||||
user = User.objects.get()
|
user = User.objects.get()
|
||||||
assert user.username == 'john.doe@ldap'
|
assert user.username == 'john.doe@ldap'
|
||||||
assert user.email == 'john.doe@example.com'
|
assert user.email == 'john.doe@example.com'
|
||||||
|
@ -54,7 +54,7 @@ def test_authenticate_principal_filter_with_realm(slapd, settings, django_user_m
|
||||||
settings.LDAP_AUTH_SETTINGS[0]['principal_filter'] = 'uid={username}@{realm}'
|
settings.LDAP_AUTH_SETTINGS[0]['principal_filter'] = 'uid={username}@{realm}'
|
||||||
backend = A2LdapKerberosBackend()
|
backend = A2LdapKerberosBackend()
|
||||||
with caplog.at_level(logging.INFO):
|
with caplog.at_level(logging.INFO):
|
||||||
assert not backend.authenticate(principal='john.doe@ENTROUVERT.COM') is None
|
assert backend.authenticate(principal='john.doe@ENTROUVERT.COM') is not None
|
||||||
user = User.objects.get()
|
user = User.objects.get()
|
||||||
assert user.username == 'john.doe@ldap'
|
assert user.username == 'john.doe@ldap'
|
||||||
assert user.email == 'john.doe@example.com'
|
assert user.email == 'john.doe@example.com'
|
||||||
|
@ -64,7 +64,6 @@ def test_authenticate_principal_filter_with_realm(slapd, settings, django_user_m
|
||||||
def test_authenticate_bad_principal_filter(slapd, settings, django_user_model, caplog):
|
def test_authenticate_bad_principal_filter(slapd, settings, django_user_model, caplog):
|
||||||
from authentic2_auth_kerberos.backends import A2LdapKerberosBackend
|
from authentic2_auth_kerberos.backends import A2LdapKerberosBackend
|
||||||
|
|
||||||
User = django_user_model
|
|
||||||
settings.LDAP_AUTH_SETTINGS[0]['principal_filter'] = 'uid={user}'
|
settings.LDAP_AUTH_SETTINGS[0]['principal_filter'] = 'uid={user}'
|
||||||
backend = A2LdapKerberosBackend()
|
backend = A2LdapKerberosBackend()
|
||||||
with caplog.at_level(logging.INFO):
|
with caplog.at_level(logging.INFO):
|
||||||
|
@ -73,10 +72,20 @@ def test_authenticate_bad_principal_filter(slapd, settings, django_user_model, c
|
||||||
assert 'principal_filter does not' in caplog.text
|
assert 'principal_filter does not' in caplog.text
|
||||||
|
|
||||||
|
|
||||||
|
def test_authenticate_missing_realm_in_principal_filter(slapd, settings, django_user_model, caplog):
|
||||||
|
from authentic2_auth_kerberos.backends import A2LdapKerberosBackend
|
||||||
|
|
||||||
|
settings.LDAP_AUTH_SETTINGS[0]['principal_filter'] = 'uid={username}'
|
||||||
|
backend = A2LdapKerberosBackend()
|
||||||
|
with caplog.at_level(logging.INFO):
|
||||||
|
assert backend.authenticate(principal='foo.bar@ENTROUVERT.COM') is None
|
||||||
|
assert len(caplog.records) == 1
|
||||||
|
assert 'principal foo.bar@ENTROUVERT.COM not found' in caplog.text
|
||||||
|
|
||||||
|
|
||||||
def test_authenticate_limit_to_realm_failure(slapd, settings, django_user_model, caplog):
|
def test_authenticate_limit_to_realm_failure(slapd, settings, django_user_model, caplog):
|
||||||
from authentic2_auth_kerberos.backends import A2LdapKerberosBackend
|
from authentic2_auth_kerberos.backends import A2LdapKerberosBackend
|
||||||
|
|
||||||
User = django_user_model
|
|
||||||
settings.LDAP_AUTH_SETTINGS[0]['principal_filter'] = 'uid={username}'
|
settings.LDAP_AUTH_SETTINGS[0]['principal_filter'] = 'uid={username}'
|
||||||
settings.LDAP_AUTH_SETTINGS[0]['limit_to_realm'] = True
|
settings.LDAP_AUTH_SETTINGS[0]['limit_to_realm'] = True
|
||||||
backend = A2LdapKerberosBackend()
|
backend = A2LdapKerberosBackend()
|
||||||
|
@ -93,18 +102,6 @@ def test_authenticate_limit_to_realm_success(slapd, settings, django_user_model)
|
||||||
settings.LDAP_AUTH_SETTINGS[0]['limit_to_realm'] = True
|
settings.LDAP_AUTH_SETTINGS[0]['limit_to_realm'] = True
|
||||||
settings.LDAP_AUTH_SETTINGS[0]['realm'] = 'ENTROUVERT.COM'
|
settings.LDAP_AUTH_SETTINGS[0]['realm'] = 'ENTROUVERT.COM'
|
||||||
backend = A2LdapKerberosBackend()
|
backend = A2LdapKerberosBackend()
|
||||||
assert not backend.authenticate(principal='john.doe@ENTROUVERT.COM') is None
|
assert backend.authenticate(principal='john.doe@ENTROUVERT.COM') is not None
|
||||||
user = User.objects.get()
|
user = User.objects.get()
|
||||||
assert user.username == 'john.doe@ENTROUVERT.COM'
|
assert user.username == 'john.doe@ENTROUVERT.COM'
|
||||||
|
|
||||||
|
|
||||||
def test_authenticate_limit_to_realm_success(slapd, settings, django_user_model, caplog):
|
|
||||||
from authentic2_auth_kerberos.backends import A2LdapKerberosBackend
|
|
||||||
|
|
||||||
User = django_user_model
|
|
||||||
settings.LDAP_AUTH_SETTINGS[0]['principal_filter'] = 'uid={username}'
|
|
||||||
backend = A2LdapKerberosBackend()
|
|
||||||
with caplog.at_level(logging.INFO):
|
|
||||||
assert backend.authenticate(principal='foo.bar@ENTROUVERT.COM') is None
|
|
||||||
assert len(caplog.records) == 1
|
|
||||||
assert 'principal foo.bar@ENTROUVERT.COM not found' in caplog.text
|
|
||||||
|
|
3
tox.ini
3
tox.ini
|
@ -6,7 +6,7 @@
|
||||||
|
|
||||||
[tox]
|
[tox]
|
||||||
toxworkdir = {env:TMPDIR:/tmp}/tox-{env:USER}/authentic2-auth-kerberos/{env:BRANCH_NAME:}
|
toxworkdir = {env:TMPDIR:/tmp}/tox-{env:USER}/authentic2-auth-kerberos/{env:BRANCH_NAME:}
|
||||||
envlist = py27-coverage-{dj18,dj111}-{pg,sqlite},pylint
|
envlist = py27-coverage-{dj18,dj111}-{pg,sqlite}-{oldldap,},pylint
|
||||||
|
|
||||||
[testenv]
|
[testenv]
|
||||||
whitelist_externals =
|
whitelist_externals =
|
||||||
|
@ -32,6 +32,7 @@ deps =
|
||||||
pytest-django
|
pytest-django
|
||||||
ldaptools
|
ldaptools
|
||||||
http://git.entrouvert.org/authentic.git/snapshot/authentic-master.tar.bz2
|
http://git.entrouvert.org/authentic.git/snapshot/authentic-master.tar.bz2
|
||||||
|
oldldap: python-ldap<3
|
||||||
commands =
|
commands =
|
||||||
./getlasso.sh
|
./getlasso.sh
|
||||||
py.test {env:COVERAGE:} -o junit_suite_name={envname} --junit-xml=junit-{envname}.xml {posargs:tests}
|
py.test {env:COVERAGE:} -o junit_suite_name={envname} --junit-xml=junit-{envname}.xml {posargs:tests}
|
||||||
|
|
Loading…
Reference in New Issue