forked from Github-Mirrors/canaille
refactor: move User.get_from_login method to Backend
This commit is contained in:
Éloi Rivard
parent
2082e19480
commit
5a6ce24074
11 changed files with 36 additions and 39 deletions
|
|
@ -185,6 +185,21 @@ class Backend(BaseBackend):
|
|||
except ldap.SERVER_DOWN: # pragma: no cover
|
||||
return False
|
||||
|
||||
def get_user_from_login(self, login=None):
|
||||
from .models import User
|
||||
|
||||
raw_filter = current_app.config["CANAILLE_LDAP"]["USER_FILTER"]
|
||||
filter = (
|
||||
(
|
||||
current_app.jinja_env.from_string(raw_filter).render(
|
||||
login=ldap.filter.escape_filter_chars(login)
|
||||
)
|
||||
)
|
||||
if login
|
||||
else None
|
||||
)
|
||||
return User.get(filter=filter)
|
||||
|
||||
|
||||
def setup_ldap_models(config):
|
||||
from canaille.app import models
|
||||
|
|
|
|||
|
|
@ -40,20 +40,6 @@ class User(canaille.core.models.User, LDAPObject):
|
|||
"lock_date": "pwdEndTime",
|
||||
}
|
||||
|
||||
@classmethod
|
||||
def get_from_login(cls, login=None, **kwargs):
|
||||
raw_filter = current_app.config["CANAILLE_LDAP"]["USER_FILTER"]
|
||||
filter = (
|
||||
(
|
||||
current_app.jinja_env.from_string(raw_filter).render(
|
||||
login=ldap.filter.escape_filter_chars(login)
|
||||
)
|
||||
)
|
||||
if login
|
||||
else None
|
||||
)
|
||||
return cls.get(filter=filter, **kwargs)
|
||||
|
||||
def match_filter(self, filter):
|
||||
if isinstance(filter, str):
|
||||
conn = Backend.get().connection
|
||||
|
|
|
|||
|
|
@ -22,3 +22,8 @@ class Backend(BaseBackend):
|
|||
|
||||
def has_account_lockability(self):
|
||||
return True
|
||||
|
||||
def get_user_from_login(self, login):
|
||||
from .models import User
|
||||
|
||||
return User.get(user_name=login)
|
||||
|
|
|
|||
|
|
@ -246,10 +246,6 @@ class User(canaille.core.models.User, MemoryModel):
|
|||
"groups": ("Group", "members"),
|
||||
}
|
||||
|
||||
@classmethod
|
||||
def get_from_login(cls, login=None, **kwargs):
|
||||
return User.get(user_name=login)
|
||||
|
||||
def check_password(self, password):
|
||||
if password != self.password:
|
||||
return (False, None)
|
||||
|
|
|
|||
|
|
@ -47,3 +47,8 @@ class Backend(BaseBackend):
|
|||
|
||||
def has_account_lockability(self):
|
||||
return True
|
||||
|
||||
def get_user_from_login(self, login):
|
||||
from .models import User
|
||||
|
||||
return User.get(user_name=login)
|
||||
|
|
|
|||
|
|
@ -171,10 +171,6 @@ class User(canaille.core.models.User, Base, SqlAlchemyModel):
|
|||
TZDateTime(timezone=True), nullable=True
|
||||
)
|
||||
|
||||
@classmethod
|
||||
def get_from_login(cls, login=None, **kwargs):
|
||||
return User.get(user_name=login)
|
||||
|
||||
def check_password(self, password):
|
||||
if password != self.password:
|
||||
return (False, None)
|
||||
|
|
|
|||
|
|
@ -8,7 +8,6 @@ from flask import session
|
|||
from flask import url_for
|
||||
|
||||
from canaille.app import build_hash
|
||||
from canaille.app import models
|
||||
from canaille.app.flask import current_user
|
||||
from canaille.app.flask import login_user
|
||||
from canaille.app.flask import logout_user
|
||||
|
|
@ -42,7 +41,7 @@ def login():
|
|||
if not request.form or form.form_control():
|
||||
return render_template("login.html", form=form)
|
||||
|
||||
user = models.User.get_from_login(form.login.data)
|
||||
user = BaseBackend.get().get_user_from_login(form.login.data)
|
||||
if user and not user.has_password():
|
||||
return redirect(url_for("core.auth.firstlogin", user=user))
|
||||
|
||||
|
|
@ -68,7 +67,7 @@ def password():
|
|||
"password.html", form=form, username=session["attempt_login"]
|
||||
)
|
||||
|
||||
user = models.User.get_from_login(session["attempt_login"])
|
||||
user = BaseBackend.get().get_user_from_login(session["attempt_login"])
|
||||
if user and not user.has_password():
|
||||
return redirect(url_for("core.auth.firstlogin", user=user))
|
||||
|
||||
|
|
@ -153,7 +152,7 @@ def forgotten():
|
|||
flash(_("Could not send the password reset link."), "error")
|
||||
return render_template("forgotten-password.html", form=form)
|
||||
|
||||
user = models.User.get_from_login(form.login.data)
|
||||
user = BaseBackend.get().get_user_from_login(form.login.data)
|
||||
success_message = _(
|
||||
"A password reset link has been sent at your email address. "
|
||||
"You should receive it within a few minutes."
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ from canaille.app.forms import set_readonly
|
|||
from canaille.app.forms import unique_values
|
||||
from canaille.app.i18n import lazy_gettext as _
|
||||
from canaille.app.i18n import native_language_name_from_code
|
||||
from canaille.backends import BaseBackend
|
||||
|
||||
MINIMUM_PASSWORD_LENGTH = 8
|
||||
|
||||
|
|
@ -49,7 +50,7 @@ def unique_group(form, field):
|
|||
def existing_login(form, field):
|
||||
if not current_app.config["CANAILLE"][
|
||||
"HIDE_INVALID_LOGINS"
|
||||
] and not models.User.get_from_login(field.data):
|
||||
] and not BaseBackend.get().get_user_from_login(field.data):
|
||||
raise wtforms.ValidationError(
|
||||
_("The login '{login}' does not exist").format(login=field.data)
|
||||
)
|
||||
|
|
|
|||
|
|
@ -244,10 +244,6 @@ class User(Model):
|
|||
_writable_fields = None
|
||||
_permissions = None
|
||||
|
||||
@classmethod
|
||||
def get_from_login(cls, login=None, **kwargs) -> Optional["User"]:
|
||||
raise NotImplementedError()
|
||||
|
||||
def has_password(self) -> bool:
|
||||
"""Checks wether a password has been set for the user."""
|
||||
return self.password is not None
|
||||
|
|
|
|||
|
|
@ -34,6 +34,7 @@ from flask import url_for
|
|||
from werkzeug.security import gen_salt
|
||||
|
||||
from canaille.app import models
|
||||
from canaille.backends import BaseBackend
|
||||
|
||||
AUTHORIZATION_CODE_LIFETIME = 84400
|
||||
|
||||
|
|
@ -266,7 +267,7 @@ class PasswordGrant(_ResourceOwnerPasswordCredentialsGrant):
|
|||
TOKEN_ENDPOINT_AUTH_METHODS = ["client_secret_basic", "client_secret_post", "none"]
|
||||
|
||||
def authenticate_user(self, username, password):
|
||||
user = models.User.get_from_login(username)
|
||||
user = BaseBackend.get().get_user_from_login(username)
|
||||
if not user:
|
||||
return None
|
||||
|
||||
|
|
|
|||
|
|
@ -5,10 +5,7 @@ from canaille.core.models import Group
|
|||
from canaille.core.models import User
|
||||
|
||||
|
||||
def test_required_methods(testclient):
|
||||
with pytest.raises(NotImplementedError):
|
||||
User.get_from_login()
|
||||
|
||||
def test_required_methods(testclient, backend):
|
||||
user = User()
|
||||
|
||||
with pytest.raises(NotImplementedError):
|
||||
|
|
@ -20,9 +17,9 @@ def test_required_methods(testclient):
|
|||
Group()
|
||||
|
||||
|
||||
def test_user_get_from_login(testclient, user, backend):
|
||||
assert models.User.get_from_login(login="invalid") is None
|
||||
assert models.User.get_from_login(login="user") == user
|
||||
def test_user_get_user_from_login(testclient, user, backend):
|
||||
assert backend.get_user_from_login(login="invalid") is None
|
||||
assert backend.get_user_from_login(login="user") == user
|
||||
|
||||
|
||||
def test_user_has_password(testclient, backend):
|
||||
|
|
|
|||
Loading…
Reference in a new issue