globuzma/canaille-globuzma
1
0
Fork 0
forked from Github-Mirrors/canaille
Code Pull requests Activity

objectClass is not mandatory for User and Group creation

Browse source
This commit is contained in:
Éloi Rivard 2022-12-29 00:29:26 +01:00
parent 2d74df19e6
commit 32f6595c02
9 changed files with 12 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
canaille/account.py
View file

@ -354,11 +354,7 @@ def registration(data, hash):
def profile_create(current_app, form): def profile_create(current_app, form):
user = User( user = User()
objectClass=current_app.config["LDAP"].get(
"USER_CLASS", User.DEFAULT_OBJECT_CLASS
)
)
for attribute in form: for attribute in form:
if attribute.name in user.may + user.must: if attribute.name in user.may + user.must:
if isinstance(attribute.data, FileStorage): if isinstance(attribute.data, FileStorage):

3
canaille/ldap_backend/backend.py
View file

@ -120,7 +120,6 @@ def validate_configuration(config):
try: try:
User.ldap_object_classes(conn) User.ldap_object_classes(conn)
user = User( user = User(
objectClass=["inetOrgPerson"],
cn=f"canaille_{uuid.uuid4()}", cn=f"canaille_{uuid.uuid4()}",
sn=f"canaille_{uuid.uuid4()}", sn=f"canaille_{uuid.uuid4()}",
uid=f"canaille_{uuid.uuid4()}", uid=f"canaille_{uuid.uuid4()}",
@ -140,7 +139,6 @@ def validate_configuration(config):
Group.ldap_object_classes(conn) Group.ldap_object_classes(conn)
user = User( user = User(
objectClass=["inetOrgPerson"],
cn=f"canaille_{uuid.uuid4()}", cn=f"canaille_{uuid.uuid4()}",
sn=f"canaille_{uuid.uuid4()}", sn=f"canaille_{uuid.uuid4()}",
uid=f"canaille_{uuid.uuid4()}", uid=f"canaille_{uuid.uuid4()}",
@ -150,7 +148,6 @@ def validate_configuration(config):
user.save(conn) user.save(conn)
group = Group( group = Group(
objectClass=["groupOfNames"],
cn=f"canaille_{uuid.uuid4()}", cn=f"canaille_{uuid.uuid4()}",
member=[user.dn], member=[user.dn],
) )

11
canaille/models.py
View file

@ -15,6 +15,10 @@ class User(LDAPObject):
self.write = set() self.write = set()
self.permissions = set() self.permissions = set()
self._groups = None self._groups = None
kwargs.setdefault(
"objectClass",
current_app.config["LDAP"].get("USER_CLASS", User.DEFAULT_OBJECT_CLASS),
)
super().__init__(*args, **kwargs) super().__init__(*args, **kwargs)
@classmethod @classmethod
@ -171,6 +175,13 @@ class Group(LDAPObject):
DEFAULT_NAME_ATTRIBUTE = "cn" DEFAULT_NAME_ATTRIBUTE = "cn"
DEFAULT_USER_FILTER = "member={user.dn}" DEFAULT_USER_FILTER = "member={user.dn}"
def __init__(self, *args, **kwargs):
kwargs.setdefault(
"objectClass",
current_app.config["LDAP"].get("GROUP_CLASS", Group.DEFAULT_OBJECT_CLASS),
)
super().__init__(*args, **kwargs)
@property @property
def name(self): def name(self):
attribute = current_app.config["LDAP"].get( attribute = current_app.config["LDAP"].get(

5
tests/conftest.py
View file

@ -162,7 +162,6 @@ def user(app, slapd_connection):
User.ldap_object_classes(slapd_connection) User.ldap_object_classes(slapd_connection)
LDAPObject.ldap_object_attributes(slapd_connection) LDAPObject.ldap_object_attributes(slapd_connection)
u = User( u = User(
objectClass=["inetOrgPerson"],
cn="John (johnny) Doe", cn="John (johnny) Doe",
gn="John", gn="John",
sn="Doe", sn="Doe",
@ -185,7 +184,6 @@ def admin(app, slapd_connection):
User.ldap_object_classes(slapd_connection) User.ldap_object_classes(slapd_connection)
LDAPObject.ldap_object_attributes(slapd_connection) LDAPObject.ldap_object_attributes(slapd_connection)
u = User( u = User(
objectClass=["inetOrgPerson"],
cn="Jane Doe", cn="Jane Doe",
sn="Doe", sn="Doe",
uid="admin", uid="admin",
@ -202,7 +200,6 @@ def moderator(app, slapd_connection):
User.ldap_object_classes(slapd_connection) User.ldap_object_classes(slapd_connection)
LDAPObject.ldap_object_attributes(slapd_connection) LDAPObject.ldap_object_attributes(slapd_connection)
u = User( u = User(
objectClass=["inetOrgPerson"],
cn="Jack Doe", cn="Jack Doe",
sn="Doe", sn="Doe",
uid="moderator", uid="moderator",
@ -239,7 +236,6 @@ def logged_moderator(moderator, testclient):
def foo_group(app, user, slapd_connection): def foo_group(app, user, slapd_connection):
Group.ldap_object_classes(slapd_connection) Group.ldap_object_classes(slapd_connection)
group = Group( group = Group(
objectClass=["groupOfNames"],
member=[user.dn], member=[user.dn],
cn="foo", cn="foo",
) )
@ -254,7 +250,6 @@ def foo_group(app, user, slapd_connection):
def bar_group(app, admin, slapd_connection): def bar_group(app, admin, slapd_connection):
Group.ldap_object_classes(slapd_connection) Group.ldap_object_classes(slapd_connection)
group = Group( group = Group(
objectClass=["groupOfNames"],
member=[admin.dn], member=[admin.dn],
cn="bar", cn="bar",
) )

2
tests/ldap/test_utils.py
View file

@ -24,7 +24,6 @@ def test_equality(slapd_connection, foo_group, bar_group):
def test_dn_when_leading_space_in_id_attribute(slapd_connection): def test_dn_when_leading_space_in_id_attribute(slapd_connection):
User.initialize(slapd_connection) User.initialize(slapd_connection)
user = User( user = User(
objectClass=["inetOrgPerson"],
cn=" Doe", # leading space cn=" Doe", # leading space
sn="Doe", sn="Doe",
uid="user", uid="user",
@ -42,7 +41,6 @@ def test_dn_when_leading_space_in_id_attribute(slapd_connection):
def test_dn_when_ldap_special_char_in_id_attribute(slapd_connection): def test_dn_when_ldap_special_char_in_id_attribute(slapd_connection):
User.initialize(slapd_connection) User.initialize(slapd_connection)
user = User( user = User(
objectClass=["inetOrgPerson"],
cn="#Doe", # special char cn="#Doe", # special char
sn="Doe", sn="Doe",
uid="user", uid="user",

2
tests/oidc/test_authorization_code_flow.py
View file

@ -806,7 +806,6 @@ def test_authorization_code_expired(testclient, user, client):
def test_code_with_invalid_user(testclient, admin, client): def test_code_with_invalid_user(testclient, admin, client):
user = User( user = User(
objectClass=["inetOrgPerson"],
cn="John Doe", cn="John Doe",
sn="Doe", sn="Doe",
uid="temp", uid="temp",
@ -855,7 +854,6 @@ def test_code_with_invalid_user(testclient, admin, client):
def test_refresh_token_with_invalid_user(testclient, client): def test_refresh_token_with_invalid_user(testclient, client):
user = User( user = User(
objectClass=["inetOrgPerson"],
cn="John Doe", cn="John Doe",
sn="Doe", sn="Doe",
uid="temp", uid="temp",

7
tests/test_account.py
View file

@ -104,7 +104,6 @@ def test_user_without_password_first_login(testclient, slapd_connection, smtpd):
assert len(smtpd.messages) == 0 assert len(smtpd.messages) == 0
User.ldap_object_classes(slapd_connection) User.ldap_object_classes(slapd_connection)
u = User( u = User(
objectClass=["inetOrgPerson"],
cn="Temp User", cn="Temp User",
sn="Temp", sn="Temp",
uid="temp", uid="temp",
@ -139,7 +138,6 @@ def test_first_login_account_initialization_mail_sending_failed(
User.ldap_object_classes(slapd_connection) User.ldap_object_classes(slapd_connection)
u = User( u = User(
objectClass=["inetOrgPerson"],
cn="Temp User", cn="Temp User",
sn="Temp", sn="Temp",
uid="temp", uid="temp",
@ -162,7 +160,6 @@ def test_first_login_form_error(testclient, slapd_connection, smtpd):
assert len(smtpd.messages) == 0 assert len(smtpd.messages) == 0
User.ldap_object_classes(slapd_connection) User.ldap_object_classes(slapd_connection)
u = User( u = User(
objectClass=["inetOrgPerson"],
cn="Temp User", cn="Temp User",
sn="Temp", sn="Temp",
uid="temp", uid="temp",
@ -187,7 +184,6 @@ def test_first_login_page_unavailable_for_users_with_password(
def test_user_password_deleted_during_login(testclient, slapd_connection): def test_user_password_deleted_during_login(testclient, slapd_connection):
User.ldap_object_classes(slapd_connection) User.ldap_object_classes(slapd_connection)
u = User( u = User(
objectClass=["inetOrgPerson"],
cn="Temp User", cn="Temp User",
sn="Temp", sn="Temp",
uid="temp", uid="temp",
@ -213,7 +209,6 @@ def test_user_password_deleted_during_login(testclient, slapd_connection):
def test_user_deleted_in_session(testclient, slapd_connection): def test_user_deleted_in_session(testclient, slapd_connection):
User.ldap_object_classes(slapd_connection) User.ldap_object_classes(slapd_connection)
u = User( u = User(
objectClass=["inetOrgPerson"],
cn="Jake Doe", cn="Jake Doe",
sn="Jake", sn="Jake",
uid="jake", uid="jake",
@ -276,7 +271,6 @@ def test_admin_self_deletion(testclient, slapd_connection):
LDAPObject.ldap_object_attributes(slapd_connection) LDAPObject.ldap_object_attributes(slapd_connection)
admin = User( admin = User(
objectClass=["inetOrgPerson"],
cn="Temp admin", cn="Temp admin",
sn="admin", sn="admin",
uid="temp", uid="temp",
@ -305,7 +299,6 @@ def test_user_self_deletion(testclient, slapd_connection):
LDAPObject.ldap_object_attributes(slapd_connection) LDAPObject.ldap_object_attributes(slapd_connection)
user = User( user = User(
objectClass=["inetOrgPerson"],
cn="Temp user", cn="Temp user",
sn="user", sn="user",
uid="temp", uid="temp",

1
tests/test_groups.py
View file

@ -32,7 +32,6 @@ def test_set_groups(app, user, foo_group, bar_group):
def test_set_groups_with_leading_space_in_user_id_attribute(app, foo_group): def test_set_groups_with_leading_space_in_user_id_attribute(app, foo_group):
user = User( user = User(
objectClass=["inetOrgPerson"],
cn=" Doe", # leading space in id attribute cn=" Doe", # leading space in id attribute
sn="Doe", sn="Doe",
uid="user2", uid="user2",

4
tests/test_profile.py
View file

@ -354,7 +354,6 @@ def test_password_initialization_mail(
): ):
User.ldap_object_classes(slapd_connection) User.ldap_object_classes(slapd_connection)
u = User( u = User(
objectClass=["inetOrgPerson"],
cn="Temp User", cn="Temp User",
sn="Temp", sn="Temp",
uid="temp", uid="temp",
@ -390,7 +389,6 @@ def test_password_initialization_mail_send_fail(
SMTP.side_effect = mock.Mock(side_effect=OSError("unit test mail error")) SMTP.side_effect = mock.Mock(side_effect=OSError("unit test mail error"))
User.ldap_object_classes(slapd_connection) User.ldap_object_classes(slapd_connection)
u = User( u = User(
objectClass=["inetOrgPerson"],
cn="Temp User", cn="Temp User",
sn="Temp", sn="Temp",
uid="temp", uid="temp",
@ -442,7 +440,6 @@ def test_impersonate_invalid_user(testclient, slapd_connection, logged_admin):
def test_password_reset_email(smtpd, testclient, slapd_connection, logged_admin): def test_password_reset_email(smtpd, testclient, slapd_connection, logged_admin):
User.ldap_object_classes(slapd_connection) User.ldap_object_classes(slapd_connection)
u = User( u = User(
objectClass=["inetOrgPerson"],
cn="Temp User", cn="Temp User",
sn="Temp", sn="Temp",
uid="temp", uid="temp",
@ -472,7 +469,6 @@ def test_password_reset_email_failed(
SMTP.side_effect = mock.Mock(side_effect=OSError("unit test mail error")) SMTP.side_effect = mock.Mock(side_effect=OSError("unit test mail error"))
User.ldap_object_classes(slapd_connection) User.ldap_object_classes(slapd_connection)
u = User( u = User(
objectClass=["inetOrgPerson"],
cn="Temp User", cn="Temp User",
sn="Temp", sn="Temp",
uid="temp", uid="temp",