From 62b62b684f55cbec52eb80b0573dc5847d43ca47 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89loi=20Rivard?= <eloi.rivard@nubla.fr>
Date: Wed, 16 Nov 2022 17:36:16 +0100
Subject: [PATCH] Fixed client preconsent disabling

---
 CHANGES.rst                         |  1 +
 canaille/ldap_backend/ldapobject.py | 33 ++++++++++++++++++++++-------
 tests/oidc/test_client_admin.py     | 21 ++++++++++++++++++
 3 files changed, 47 insertions(+), 8 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 1c5336dc..a5819c9e 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -18,6 +18,7 @@ Fixed
 - Fixed non-square logo CSS. :pr:`67`
 - Fixed schema path on installation. :pr:`68`
 - Fixed RFC7591 ``software_statement`` claim support. :pr:`70`
+- Fixed client preconsent disabling. :pr:`72`
 
 Added
 *****
diff --git a/canaille/ldap_backend/ldapobject.py b/canaille/ldap_backend/ldapobject.py
index 3b85589b..99ba082c 100644
--- a/canaille/ldap_backend/ldapobject.py
+++ b/canaille/ldap_backend/ldapobject.py
@@ -9,10 +9,19 @@ LDAP_NULL_DATE = "000001010000Z"
 
 
 class Syntax(str, Enum):
+    # fmt: off
+    BOOLEAN =          "1.3.6.1.4.1.1466.115.121.1.7"
+    DIRECTORY_STRING = "1.3.6.1.4.1.1466.115.121.1.15"
     GENERALIZED_TIME = "1.3.6.1.4.1.1466.115.121.1.24"
-    INTEGER = "1.3.6.1.4.1.1466.115.121.1.27"
-    JPEG = "1.3.6.1.4.1.1466.115.121.1.28"
-    BOOLEAN = "1.3.6.1.4.1.1466.115.121.1.7"
+    IA5_STRING =       "1.3.6.1.4.1.1466.115.121.1.26"
+    INTEGER =          "1.3.6.1.4.1.1466.115.121.1.27"
+    JPEG =             "1.3.6.1.4.1.1466.115.121.1.28"
+    NUMERIC_STRING =   "1.3.6.1.4.1.1466.115.121.1.36"
+    OCTET_STRING =     "1.3.6.1.4.1.1466.115.121.1.40"
+    POSTAL_ADDRESS =   "1.3.6.1.4.1.1466.115.121.1.41"
+    PRINTABLE_STRING = "1.3.6.1.4.1.1466.115.121.1.44"
+    TELEPHONE_NUMBER = "1.3.6.1.4.1.1466.115.121.1.50"
+    # fmt: on
 
 
 class LDAPObject:
@@ -225,12 +234,12 @@ class LDAPObject:
             return str(value).encode("utf-8")
 
         if syntax == Syntax.JPEG:
-            return value
+            return value if value else None
 
         if syntax == Syntax.BOOLEAN and isinstance(value, bool):
             return ("TRUE" if value else "FALSE").encode("utf-8")
 
-        return value.encode("utf-8")
+        return value.encode("utf-8") if value else None
 
     @staticmethod
     def ldap_attrs_to_python(attrs):
@@ -269,9 +278,13 @@ class LDAPObject:
             changes = {
                 name: value
                 for name, value in self.changes.items()
-                if value and value[0] and self.attrs.get(name) != value
+                if name not in deletions and self.attrs.get(name) != value
+            }
+            formatted_changes = {
+                name: value
+                for name, value in self.python_attrs_to_ldap(changes).items()
+                if value is not None and value != [None]
             }
-            formatted_changes = self.python_attrs_to_ldap(changes)
             modlist = [(ldap.MOD_DELETE, name, None) for name in deletions] + [
                 (ldap.MOD_REPLACE, name, values)
                 for name, values in formatted_changes.items()
@@ -285,7 +298,11 @@ class LDAPObject:
                 for name, value in {**self.attrs, **self.changes}.items()
                 if value and value[0]
             }
-            formatted_changes = self.python_attrs_to_ldap(changes)
+            formatted_changes = {
+                name: value
+                for name, value in self.python_attrs_to_ldap(changes).items()
+                if value is not None and value != None
+            }
             attributes = [(name, values) for name, values in formatted_changes.items()]
             conn.add_s(self.dn, attributes)
 
diff --git a/tests/oidc/test_client_admin.py b/tests/oidc/test_client_admin.py
index 82080b20..671966f2 100644
--- a/tests/oidc/test_client_admin.py
+++ b/tests/oidc/test_client_admin.py
@@ -90,6 +90,7 @@ def test_client_edit(testclient, client, logged_admin, other_client):
     assert (
         "The client has not been edited. Please check your information." not in res.text
     )
+    assert "The client has been edited." in res.text
 
     client = Client.get(client.dn)
     for k, v in data.items():
@@ -107,3 +108,23 @@ def test_client_edit(testclient, client, logged_admin, other_client):
         status=200
     )
     assert Client.get(client.client_id) is None
+
+
+def test_client_edit_preauth(testclient, client, logged_admin, other_client):
+    assert not client.preconsent
+
+    res = testclient.get("/admin/client/edit/" + client.client_id)
+    res.forms["clientadd"]["preconsent"] = True
+    res = res.forms["clientadd"].submit(status=200, name="action", value="edit")
+
+    assert "The client has been edited." in res.text
+    client = Client.get(client.dn)
+    assert client.preconsent
+
+    res = testclient.get("/admin/client/edit/" + client.client_id)
+    res.forms["clientadd"]["preconsent"] = False
+    res = res.forms["clientadd"].submit(status=200, name="action", value="edit")
+
+    assert "The client has been edited." in res.text
+    client = Client.get(client.dn)
+    assert not client.preconsent