globuzma/canaille-globuzma
1
0
Fork 0
forked from Github-Mirrors/canaille
Code Pull requests Activity

Used 'id' instead of 'dn'

Browse source
This commit is contained in:
Éloi Rivard 2023-02-05 19:08:25 +01:00
parent f6447e5d76
commit 971cf317c9
19 changed files with 107 additions and 96 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
canaille/account.py
View file

@ -334,7 +334,7 @@ def registration(data, hash):
if "groups" not in form and invitation.groups: if "groups" not in form and invitation.groups:
form["groups"] = wtforms.SelectMultipleField( form["groups"] = wtforms.SelectMultipleField(
_("Groups"), _("Groups"),
choices=[(group.dn, group.name) for group in Group.query()], choices=[(group.id, group.name) for group in Group.query()],
render_kw={"readonly": "true"}, render_kw={"readonly": "true"},
) )
form.process(CombinedMultiDict((request.files, request.form)) or None, data=data) form.process(CombinedMultiDict((request.files, request.form)) or None, data=data)
@ -390,7 +390,7 @@ def profile_create(current_app, form):
user.save() user.save()
if "groups" in form: if "groups" in form:
groups = [Group.get(group_dn) for group_dn in form["groups"].data] groups = [Group.get(group_id) for group_id in form["groups"].data]
for group in groups: for group in groups:
group.add_member(user) group.add_member(user)
group.save() group.save()
@ -475,7 +475,7 @@ def profile_edit(editor, username):
} }
if "groups" in fields: if "groups" in fields:
data["groups"] = [g.dn for g in user.groups] data["groups"] = [g.id for g in user.groups]
form = profile_form(editor.write, editor.read) form = profile_form(editor.write, editor.read)
form.process(CombinedMultiDict((request.files, request.form)) or None, data=data) form.process(CombinedMultiDict((request.files, request.form)) or None, data=data)

6
canaille/flaskutils.py
View file

@ -13,12 +13,12 @@ from flask_babel import gettext as _
def current_user(): def current_user():
for dn in session.get("user_id", [])[::-1]: for user_id in session.get("user_id", [])[::-1]:
user = User.get(dn=dn) user = User.get(id=user_id)
if user: if user:
return user return user
session["user_id"].remove(dn) session["user_id"].remove(user_id)
return None return None

4
canaille/forms.py
View file

@ -235,7 +235,7 @@ def profile_form(write_field_names, readonly_field_names):
if "groups" in write_field_names | readonly_field_names and Group.query(): if "groups" in write_field_names | readonly_field_names and Group.query():
fields["groups"] = wtforms.SelectMultipleField( fields["groups"] = wtforms.SelectMultipleField(
_("Groups"), _("Groups"),
choices=[(group.dn, group.name) for group in Group.query()], choices=[(group.id, group.name) for group in Group.query()],
render_kw={"placeholder": _("users, admins …")}, render_kw={"placeholder": _("users, admins …")},
) )
@ -297,6 +297,6 @@ class InvitationForm(FlaskForm):
) )
groups = wtforms.SelectMultipleField( groups = wtforms.SelectMultipleField(
_("Groups"), _("Groups"),
choices=lambda: [(group.dn, group.name) for group in Group.query()], choices=lambda: [(group.id, group.name) for group in Group.query()],
render_kw={}, render_kw={},
) )

17
canaille/ldap_backend/ldapobject.py
View file

@ -146,11 +146,10 @@ class LDAPObject(metaclass=LDAPObjectMetaclass):
return self_attributes == other_attributes return self_attributes == other_attributes
def __hash__(self): def __hash__(self):
return hash(self.dn) return hash(self.id)
def __getattr__(self, name): def __getattr__(self, name):
if self.attribute_table: name = self.attribute_table.get(name, name)
name = self.attribute_table.get(name, name)
if name not in self.ldap_object_attributes(): if name not in self.ldap_object_attributes():
return super().__getattribute__(name) return super().__getattribute__(name)
@ -281,9 +280,9 @@ class LDAPObject(metaclass=LDAPObjectMetaclass):
return cls._attribute_type_by_name return cls._attribute_type_by_name
@classmethod @classmethod
def get(cls, dn=None, filter=None, conn=None, **kwargs): def get(cls, id=None, filter=None, conn=None, **kwargs):
try: try:
return cls.query(dn, filter, conn, **kwargs)[0] return cls.query(id, filter, conn, **kwargs)[0]
except (IndexError, ldap.NO_SUCH_OBJECT): except (IndexError, ldap.NO_SUCH_OBJECT):
return None return None
@ -363,7 +362,7 @@ class LDAPObject(metaclass=LDAPObjectMetaclass):
def reload(self, conn=None): def reload(self, conn=None):
conn = conn or self.ldap_connection() conn = conn or self.ldap_connection()
result = conn.search_s(self.dn, ldap.SCOPE_SUBTREE, None, ["+", "*"]) result = conn.search_s(self.id, ldap.SCOPE_SUBTREE, None, ["+", "*"])
self.changes = {} self.changes = {}
self.attrs = result[0][1] self.attrs = result[0][1]
@ -390,7 +389,7 @@ class LDAPObject(metaclass=LDAPObjectMetaclass):
(ldap.MOD_REPLACE, name, values) (ldap.MOD_REPLACE, name, values)
for name, values in formatted_changes.items() for name, values in formatted_changes.items()
] ]
conn.modify_s(self.dn, modlist) conn.modify_s(self.id, modlist)
# Object does not exist yet in the LDAP database # Object does not exist yet in the LDAP database
else: else:
@ -405,7 +404,7 @@ class LDAPObject(metaclass=LDAPObjectMetaclass):
if value is not None and value != None if value is not None and value != None
} }
attributes = [(name, values) for name, values in formatted_changes.items()] attributes = [(name, values) for name, values in formatted_changes.items()]
conn.add_s(self.dn, attributes) conn.add_s(self.id, attributes)
self.exists = True self.exists = True
self.attrs = {**self.attrs, **self.changes} self.attrs = {**self.attrs, **self.changes}
@ -417,7 +416,7 @@ class LDAPObject(metaclass=LDAPObjectMetaclass):
def delete(self, conn=None): def delete(self, conn=None):
conn = conn or self.ldap_connection() conn = conn or self.ldap_connection()
conn.delete_s(self.dn) conn.delete_s(self.id)
def keys(self): def keys(self):
ldap_keys = self.may() + self.must() ldap_keys = self.may() + self.must()

4
canaille/ldap_backend/utils.py
View file

@ -44,7 +44,7 @@ def ldap_to_python(value, syntax):
return value.decode("utf-8").upper() == "TRUE" return value.decode("utf-8").upper() == "TRUE"
if syntax == Syntax.DISTINGUISHED_NAME: if syntax == Syntax.DISTINGUISHED_NAME:
return LDAPObject.get(dn=value.decode("utf-8")) return LDAPObject.get(id=value.decode("utf-8"))
return value.decode("utf-8") return value.decode("utf-8")
@ -67,7 +67,7 @@ def python_to_ldap(value, syntax, encode=True):
value = "TRUE" if value else "FALSE" value = "TRUE" if value else "FALSE"
if syntax == Syntax.DISTINGUISHED_NAME: if syntax == Syntax.DISTINGUISHED_NAME:
value = value.dn value = value.id
if not value: if not value:
return None return None

28
canaille/models.py
View file

@ -10,6 +10,10 @@ class User(LDAPObject):
DEFAULT_FILTER = "(|(uid={login})(mail={login}))" DEFAULT_FILTER = "(|(uid={login})(mail={login}))"
DEFAULT_ID_ATTRIBUTE = "cn" DEFAULT_ID_ATTRIBUTE = "cn"
attribute_table = {
"id": "dn",
}
def __init__(self, *args, **kwargs): def __init__(self, *args, **kwargs):
self.read = set() self.read = set()
self.write = set() self.write = set()
@ -22,7 +26,7 @@ class User(LDAPObject):
super().__init__(*args, **kwargs) super().__init__(*args, **kwargs)
@classmethod @classmethod
def get(cls, login=None, dn=None, filter=None, conn=None): def get(cls, login=None, id=None, filter=None, conn=None):
conn = conn or cls.ldap_connection() conn = conn or cls.ldap_connection()
if login: if login:
@ -32,7 +36,7 @@ class User(LDAPObject):
.format(login=ldap.filter.escape_filter_chars(login)) .format(login=ldap.filter.escape_filter_chars(login))
) )
user = super().get(dn, filter, conn) user = super().get(id, filter, conn)
if user: if user:
user.load_permissions(conn) user.load_permissions(conn)
@ -65,9 +69,9 @@ class User(LDAPObject):
if isinstance(session["user_id"], list) if isinstance(session["user_id"], list)
else [session["user_id"]] else [session["user_id"]]
) )
session["user_id"] = previous + [self.dn] session["user_id"] = previous + [self.id]
except KeyError: except KeyError:
session["user_id"] = [self.dn] session["user_id"] = [self.id]
@classmethod @classmethod
def logout(self): def logout(self):
@ -89,7 +93,7 @@ class User(LDAPObject):
) )
try: try:
conn.simple_bind_s(self.dn, password) conn.simple_bind_s(self.id, password)
return True return True
except ldap.INVALID_CREDENTIALS: except ldap.INVALID_CREDENTIALS:
return False return False
@ -99,7 +103,7 @@ class User(LDAPObject):
def set_password(self, password, conn=None): def set_password(self, password, conn=None):
conn = conn or self.ldap_connection() conn = conn or self.ldap_connection()
conn.passwd_s( conn.passwd_s(
self.dn, self.id,
None, None,
password.encode("utf-8"), password.encode("utf-8"),
) )
@ -116,7 +120,7 @@ class User(LDAPObject):
def set_groups(self, values): def set_groups(self, values):
before = self._groups before = self._groups
after = [v if isinstance(v, Group) else Group.get(dn=v) for v in values] after = [v if isinstance(v, Group) else Group.get(id=v) for v in values]
to_add = set(after) - set(before) to_add = set(after) - set(before)
to_del = set(before) - set(after) to_del = set(before) - set(after)
for group in to_add: for group in to_add:
@ -132,8 +136,8 @@ class User(LDAPObject):
for access_group_name, details in current_app.config["ACL"].items(): for access_group_name, details in current_app.config["ACL"].items():
if not details.get("FILTER") or ( if not details.get("FILTER") or (
self.dn self.id
and conn.search_s(self.dn, ldap.SCOPE_SUBTREE, details["FILTER"]) and conn.search_s(self.id, ldap.SCOPE_SUBTREE, details["FILTER"])
): ):
self.permissions |= set(details.get("PERMISSIONS", [])) self.permissions |= set(details.get("PERMISSIONS", []))
self.read |= set(details.get("READ", [])) self.read |= set(details.get("READ", []))
@ -175,7 +179,11 @@ class Group(LDAPObject):
DEFAULT_OBJECT_CLASS = "groupOfNames" DEFAULT_OBJECT_CLASS = "groupOfNames"
DEFAULT_ID_ATTRIBUTE = "cn" DEFAULT_ID_ATTRIBUTE = "cn"
DEFAULT_NAME_ATTRIBUTE = "cn" DEFAULT_NAME_ATTRIBUTE = "cn"
DEFAULT_USER_FILTER = "member={user.dn}" DEFAULT_USER_FILTER = "member={user.id}"
attribute_table = {
"id": "dn",
}
def __init__(self, *args, **kwargs): def __init__(self, *args, **kwargs):
kwargs.setdefault( kwargs.setdefault(

2
canaille/oidc/clients.py
View file

@ -147,7 +147,7 @@ def client_edit(client_id):
software_version=form["software_version"].data, software_version=form["software_version"].data,
jwk=form["jwk"].data, jwk=form["jwk"].data,
jwks_uri=form["jwks_uri"].data, jwks_uri=form["jwks_uri"].data,
audience=[Client.get(dn=dn) for dn in form["audience"].data], audience=[Client.get(id=id) for id in form["audience"].data],
preconsent=form["preconsent"].data, preconsent=form["preconsent"].data,
) )
client.save() client.save()

2
canaille/oidc/forms.py
View file

@ -9,7 +9,7 @@ class LogoutForm(FlaskForm):
def client_audiences(): def client_audiences():
return [(client.dn, client.client_name) for client in Client.query()] return [(client.id, client.client_name) for client in Client.query()]
class ClientAdd(FlaskForm): class ClientAdd(FlaskForm):

4
canaille/oidc/models.py
View file

@ -38,6 +38,7 @@ class Client(LDAPObject, ClientMixin):
} }
attribute_table = { attribute_table = {
"id": "dn",
"description": "description", "description": "description",
"preconsent": "oauthPreconsent", "preconsent": "oauthPreconsent",
# post_logout_redirect_uris is not yet supported by authlib # post_logout_redirect_uris is not yet supported by authlib
@ -113,6 +114,7 @@ class AuthorizationCode(LDAPObject, AuthorizationCodeMixin):
base = "ou=authorizations,ou=oauth" base = "ou=authorizations,ou=oauth"
rdn_attribute = "oauthAuthorizationCodeID" rdn_attribute = "oauthAuthorizationCodeID"
attribute_table = { attribute_table = {
"id": "dn",
"authorization_code_id": "oauthAuthorizationCodeID", "authorization_code_id": "oauthAuthorizationCodeID",
"description": "description", "description": "description",
"code": "oauthCode", "code": "oauthCode",
@ -153,6 +155,7 @@ class Token(LDAPObject, TokenMixin):
base = "ou=tokens,ou=oauth" base = "ou=tokens,ou=oauth"
rdn_attribute = "oauthTokenID" rdn_attribute = "oauthTokenID"
attribute_table = { attribute_table = {
"id": "dn",
"token_id": "oauthTokenID", "token_id": "oauthTokenID",
"access_token": "oauthAccessToken", "access_token": "oauthAccessToken",
"description": "description", "description": "description",
@ -214,6 +217,7 @@ class Consent(LDAPObject):
base = "ou=consents,ou=oauth" base = "ou=consents,ou=oauth"
rdn_attribute = "cn" rdn_attribute = "cn"
attribute_table = { attribute_table = {
"id": "dn",
"consent_id": "cn", "consent_id": "cn",
"subject": "oauthSubject", "subject": "oauthSubject",
"client": "oauthClient", "client": "oauthClient",

2
canaille/oidc/oauth.py
View file

@ -43,7 +43,7 @@ AUTHORIZATION_CODE_LIFETIME = 84400
def exists_nonce(nonce, req): def exists_nonce(nonce, req):
client = Client.get(dn=req.client_id) client = Client.get(id=req.client_id)
exists = AuthorizationCode.query(client=client, nonce=nonce) exists = AuthorizationCode.query(client=client, nonce=nonce)
return bool(exists) return bool(exists)

6
tests/conftest.py
View file

@ -211,21 +211,21 @@ def moderator(app, slapd_connection):
@pytest.fixture @pytest.fixture
def logged_user(user, testclient): def logged_user(user, testclient):
with testclient.session_transaction() as sess: with testclient.session_transaction() as sess:
sess["user_id"] = [user.dn] sess["user_id"] = [user.id]
return user return user
@pytest.fixture @pytest.fixture
def logged_admin(admin, testclient): def logged_admin(admin, testclient):
with testclient.session_transaction() as sess: with testclient.session_transaction() as sess:
sess["user_id"] = [admin.dn] sess["user_id"] = [admin.id]
return admin return admin
@pytest.fixture @pytest.fixture
def logged_moderator(moderator, testclient): def logged_moderator(moderator, testclient):
with testclient.session_transaction() as sess: with testclient.session_transaction() as sess:
sess["user_id"] = [moderator.dn] sess["user_id"] = [moderator.id]
return moderator return moderator

8
tests/ldap/test_utils.py
View file

@ -22,7 +22,7 @@ def test_object_creation(slapd_connection):
user.save() user.save()
assert user.exists assert user.exists
user = User.get(dn=user.dn) user = User.get(id=user.id)
assert user.exists assert user.exists
user.delete() user.delete()
@ -36,7 +36,7 @@ def test_repr(slapd_connection, foo_group, user):
def test_equality(slapd_connection, foo_group, bar_group): def test_equality(slapd_connection, foo_group, bar_group):
Group.ldap_object_attributes() Group.ldap_object_attributes()
assert foo_group != bar_group assert foo_group != bar_group
foo_group2 = Group.get(dn=foo_group.dn) foo_group2 = Group.get(id=foo_group.id)
assert foo_group == foo_group2 assert foo_group == foo_group2
@ -152,10 +152,10 @@ def test_operational_attribute_conversion(slapd_connection):
def test_guess_object_from_dn(slapd_connection, testclient, foo_group): def test_guess_object_from_dn(slapd_connection, testclient, foo_group):
foo_group.member = [foo_group] foo_group.member = [foo_group]
foo_group.save() foo_group.save()
g = LDAPObject.get(dn=foo_group.dn) g = LDAPObject.get(id=foo_group.dn)
assert isinstance(g, Group) assert isinstance(g, Group)
assert g == foo_group assert g == foo_group
assert g.cn == foo_group.cn assert g.cn == foo_group.cn
ou = LDAPObject.get(dn=f"{Group.base},{Group.root_dn}") ou = LDAPObject.get(id=f"{Group.base},{Group.root_dn}")
assert isinstance(g, LDAPObject) assert isinstance(g, LDAPObject)

8
tests/oidc/test_client_admin.py
View file

@ -150,7 +150,7 @@ def test_client_edit(testclient, client, logged_admin, other_client):
"software_version": "1", "software_version": "1",
"jwk": "jwk", "jwk": "jwk",
"jwks_uri": "https://foo.bar/jwks.json", "jwks_uri": "https://foo.bar/jwks.json",
"audience": [client.dn, other_client.dn], "audience": [client.id, other_client.id],
"preconsent": True, "preconsent": True,
"post_logout_redirect_uris": ["https://foo.bar/disconnected"], "post_logout_redirect_uris": ["https://foo.bar/disconnected"],
} }
@ -164,7 +164,7 @@ def test_client_edit(testclient, client, logged_admin, other_client):
) not in res.flashes ) not in res.flashes
assert ("success", "The client has been edited.") in res.flashes assert ("success", "The client has been edited.") in res.flashes
client = Client.get(client.dn) client = Client.get(client.id)
data["audience"] = [client, other_client] data["audience"] = [client, other_client]
for k, v in data.items(): for k, v in data.items():
client_value = getattr(client, k) client_value = getattr(client, k)
@ -226,7 +226,7 @@ def test_client_edit_preauth(testclient, client, logged_admin, other_client):
res = res.forms["clientadd"].submit(name="action", value="edit") res = res.forms["clientadd"].submit(name="action", value="edit")
assert ("success", "The client has been edited.") in res.flashes assert ("success", "The client has been edited.") in res.flashes
client = Client.get(client.dn) client = Client.get(client.id)
assert client.preconsent assert client.preconsent
res = testclient.get("/admin/client/edit/" + client.client_id) res = testclient.get("/admin/client/edit/" + client.client_id)
@ -234,5 +234,5 @@ def test_client_edit_preauth(testclient, client, logged_admin, other_client):
res = res.forms["clientadd"].submit(name="action", value="edit") res = res.forms["clientadd"].submit(name="action", value="edit")
assert ("success", "The client has been edited.") in res.flashes assert ("success", "The client has been edited.") in res.flashes
client = Client.get(client.dn) client = Client.get(client.id)
assert not client.preconsent assert not client.preconsent

12
tests/test_account.py
View file

@ -9,7 +9,7 @@ def test_index(testclient, user):
assert res.location == "/login" assert res.location == "/login"
with testclient.session_transaction() as sess: with testclient.session_transaction() as sess:
sess["user_id"] = [user.dn] sess["user_id"] = [user.id]
res = testclient.get("/", status=302) res = testclient.get("/", status=302)
assert res.location == "/profile/user" assert res.location == "/profile/user"
@ -41,7 +41,7 @@ def test_signin_and_out(testclient, user):
res = res.follow(status=200) res = res.follow(status=200)
with testclient.session_transaction() as session: with testclient.session_transaction() as session:
assert [user.dn] == session.get("user_id") assert [user.id] == session.get("user_id")
assert "attempt_login" not in session assert "attempt_login" not in session
res = testclient.get("/login", status=302) res = testclient.get("/login", status=302)
@ -92,7 +92,7 @@ def test_signin_with_alternate_attribute(testclient, user):
res = res.follow(status=200) res = res.follow(status=200)
with testclient.session_transaction() as session: with testclient.session_transaction() as session:
assert [user.dn] == session.get("user_id") assert [user.id] == session.get("user_id")
def test_password_page_without_signin_in_redirects_to_login_page(testclient, user): def test_password_page_without_signin_in_redirects_to_login_page(testclient, user):
@ -219,7 +219,7 @@ def test_user_deleted_in_session(testclient, slapd_connection):
testclient.get("/profile/jake", status=403) testclient.get("/profile/jake", status=403)
with testclient.session_transaction() as session: with testclient.session_transaction() as session:
session["user_id"] = [u.dn] session["user_id"] = [u.id]
testclient.get("/profile/jake", status=200) testclient.get("/profile/jake", status=200)
u.delete() u.delete()
@ -279,7 +279,7 @@ def test_admin_self_deletion(testclient, slapd_connection):
) )
admin.save() admin.save()
with testclient.session_transaction() as sess: with testclient.session_transaction() as sess:
sess["user_id"] = [admin.dn] sess["user_id"] = [admin.id]
res = testclient.get("/profile/temp") res = testclient.get("/profile/temp")
res = ( res = (
@ -307,7 +307,7 @@ def test_user_self_deletion(testclient, slapd_connection):
) )
user.save() user.save()
with testclient.session_transaction() as sess: with testclient.session_transaction() as sess:
sess["user_id"] = [user.dn] sess["user_id"] = [user.id]
testclient.app.config["ACL"]["DEFAULT"]["PERMISSIONS"] = ["edit_self"] testclient.app.config["ACL"]["DEFAULT"]["PERMISSIONS"] = ["edit_self"]
res = testclient.get("/profile/temp") res = testclient.get("/profile/temp")

2
tests/test_flaskutils.py
View file

@ -63,7 +63,7 @@ def test_logging_to_file(configuration, tmp_path, smtpd, admin, slapd_server):
testclient = TestApp(app) testclient = TestApp(app)
with testclient.session_transaction() as sess: with testclient.session_transaction() as sess:
sess["user_id"] = [admin.dn] sess["user_id"] = [admin.id]
res = testclient.get("/admin/mail") res = testclient.get("/admin/mail")
res.form["mail"] = "test@test.com" res.form["mail"] = "test@test.com"

42
tests/test_groups.py
View file

@ -64,27 +64,27 @@ def test_group_list_search(testclient, logged_admin, foo_group, bar_group):
def test_set_groups(app, user, foo_group, bar_group): def test_set_groups(app, user, foo_group, bar_group):
foo_dns = {m.dn for m in foo_group.get_members()} foo_ids = {m.id for m in foo_group.get_members()}
assert user.dn in foo_dns assert user.id in foo_ids
assert user.groups[0].dn == foo_group.dn assert user.groups[0].id == foo_group.id
user.load_groups() user.load_groups()
user.set_groups([foo_group, bar_group]) user.set_groups([foo_group, bar_group])
bar_group = Group.get(bar_group.dn) bar_group = Group.get(bar_group.id)
bar_dns = {m.dn for m in bar_group.get_members()} bar_ids = {m.id for m in bar_group.get_members()}
assert user.dn in bar_dns assert user.id in bar_ids
assert user.groups[1].dn == bar_group.dn assert user.groups[1].id == bar_group.id
user.load_groups() user.load_groups()
user.set_groups([foo_group]) user.set_groups([foo_group])
foo_group = Group.get(foo_group.dn) foo_group = Group.get(foo_group.id)
bar_group = Group.get(bar_group.dn) bar_group = Group.get(bar_group.id)
foo_dns = {m.dn for m in foo_group.get_members()} foo_ids = {m.id for m in foo_group.get_members()}
bar_dns = {m.dn for m in bar_group.get_members()} bar_ids = {m.id for m in bar_group.get_members()}
assert user.dn in foo_dns assert user.id in foo_ids
assert user.dn not in bar_dns assert user.id not in bar_ids
def test_set_groups_with_leading_space_in_user_id_attribute(app, foo_group): def test_set_groups_with_leading_space_in_user_id_attribute(app, foo_group):
@ -99,15 +99,15 @@ def test_set_groups_with_leading_space_in_user_id_attribute(app, foo_group):
user.load_groups() user.load_groups()
user.set_groups([foo_group]) user.set_groups([foo_group])
foo_dns = {m.dn for m in foo_group.get_members()} foo_ids = {m.id for m in foo_group.get_members()}
assert user.dn in foo_dns assert user.id in foo_ids
user.load_groups() user.load_groups()
user.set_groups([]) user.set_groups([])
foo_group = Group.get(foo_group.dn) foo_group = Group.get(foo_group.id)
foo_dns = {m.dn for m in foo_group.get_members()} foo_ids = {m.id for m in foo_group.get_members()}
assert user.dn not in foo_dns assert user.id not in foo_ids
user.delete() user.delete()
@ -134,8 +134,8 @@ def test_moderator_can_create_edit_and_delete_group(
bar_group = Group.get("bar") bar_group = Group.get("bar")
assert bar_group.name == "bar" assert bar_group.name == "bar"
assert bar_group.description == ["yolo"] assert bar_group.description == ["yolo"]
assert [member.dn for member in bar_group.get_members()] == [ assert [member.id for member in bar_group.get_members()] == [
logged_moderator.dn logged_moderator.id
] # Group cannot be empty so creator is added in it ] # Group cannot be empty so creator is added in it
assert "bar" in res.text assert "bar" in res.text
@ -205,7 +205,7 @@ def test_edition_failed(testclient, logged_moderator, foo_group):
form["csrf_token"] = "invalid" form["csrf_token"] = "invalid"
res = form.submit(name="action", value="edit") res = form.submit(name="action", value="edit")
assert "Group edition failed." in res assert "Group edition failed." in res
foo_group = Group.get(foo_group.dn) foo_group = Group.get(foo_group.id)
assert foo_group.name == "foo" assert foo_group.name == "foo"

6
tests/test_i18n.py
View file

@ -16,7 +16,7 @@ def test_preferred_language(slapd_server, testclient, logged_user):
res = res.form.submit(name="action", value="edit") res = res.form.submit(name="action", value="edit")
assert res.flashes == [("success", "Le profil a été mis à jour avec succès.")] assert res.flashes == [("success", "Le profil a été mis à jour avec succès.")]
res = res.follow() res = res.follow()
logged_user = User.get(dn=logged_user.dn) logged_user = User.get(id=logged_user.id)
assert logged_user.preferredLanguage == "fr" assert logged_user.preferredLanguage == "fr"
assert res.form["preferredLanguage"].value == "fr" assert res.form["preferredLanguage"].value == "fr"
assert res.pyquery("html")[0].attrib["lang"] == "fr" assert res.pyquery("html")[0].attrib["lang"] == "fr"
@ -27,7 +27,7 @@ def test_preferred_language(slapd_server, testclient, logged_user):
res = res.form.submit(name="action", value="edit") res = res.form.submit(name="action", value="edit")
assert res.flashes == [("success", "Profile updated successfuly.")] assert res.flashes == [("success", "Profile updated successfuly.")]
res = res.follow() res = res.follow()
logged_user = User.get(dn=logged_user.dn) logged_user = User.get(id=logged_user.id)
assert logged_user.preferredLanguage == "en" assert logged_user.preferredLanguage == "en"
assert res.form["preferredLanguage"].value == "en" assert res.form["preferredLanguage"].value == "en"
assert res.pyquery("html")[0].attrib["lang"] == "en" assert res.pyquery("html")[0].attrib["lang"] == "en"
@ -38,7 +38,7 @@ def test_preferred_language(slapd_server, testclient, logged_user):
res = res.form.submit(name="action", value="edit") res = res.form.submit(name="action", value="edit")
assert res.flashes == [("success", "Profile updated successfuly.")] assert res.flashes == [("success", "Profile updated successfuly.")]
res = res.follow() res = res.follow()
logged_user = User.get(dn=logged_user.dn) logged_user = User.get(id=logged_user.id)
assert logged_user.preferredLanguage is None assert logged_user.preferredLanguage is None
assert res.form["preferredLanguage"].value == "auto" assert res.form["preferredLanguage"].value == "auto"
assert res.pyquery("html")[0].attrib["lang"] == "en" assert res.pyquery("html")[0].attrib["lang"] == "en"

28
tests/test_invitation.py
View file

@ -13,7 +13,7 @@ def test_invitation(testclient, logged_admin, foo_group, smtpd):
res.form["uid"] = "someone" res.form["uid"] = "someone"
res.form["uid_editable"] = False res.form["uid_editable"] = False
res.form["mail"] = "someone@domain.tld" res.form["mail"] = "someone@domain.tld"
res.form["groups"] = [foo_group.dn] res.form["groups"] = [foo_group.id]
res = res.form.submit(name="action", value="send", status=200) res = res.form.submit(name="action", value="send", status=200)
assert len(smtpd.messages) == 1 assert len(smtpd.messages) == 1
@ -28,7 +28,7 @@ def test_invitation(testclient, logged_admin, foo_group, smtpd):
assert res.form["uid"].value == "someone" assert res.form["uid"].value == "someone"
assert res.form["uid"].attrs["readonly"] assert res.form["uid"].attrs["readonly"]
assert res.form["mail"].value == "someone@domain.tld" assert res.form["mail"].value == "someone@domain.tld"
assert res.form["groups"].value == [foo_group.dn] assert res.form["groups"].value == [foo_group.id]
res.form["password1"] = "whatever" res.form["password1"] = "whatever"
res.form["password2"] = "whatever" res.form["password2"] = "whatever"
@ -63,7 +63,7 @@ def test_invitation_editable_uid(testclient, logged_admin, foo_group, smtpd):
res.form["uid"] = "jackyjack" res.form["uid"] = "jackyjack"
res.form["uid_editable"] = True res.form["uid_editable"] = True
res.form["mail"] = "jackyjack@domain.tld" res.form["mail"] = "jackyjack@domain.tld"
res.form["groups"] = [foo_group.dn] res.form["groups"] = [foo_group.id]
res = res.form.submit(name="action", value="send", status=200) res = res.form.submit(name="action", value="send", status=200)
assert len(smtpd.messages) == 1 assert len(smtpd.messages) == 1
@ -78,7 +78,7 @@ def test_invitation_editable_uid(testclient, logged_admin, foo_group, smtpd):
assert res.form["uid"].value == "jackyjack" assert res.form["uid"].value == "jackyjack"
assert "readonly" not in res.form["uid"].attrs assert "readonly" not in res.form["uid"].attrs
assert res.form["mail"].value == "jackyjack@domain.tld" assert res.form["mail"].value == "jackyjack@domain.tld"
assert res.form["groups"].value == [foo_group.dn] assert res.form["groups"].value == [foo_group.id]
res.form["uid"] = "djorje" res.form["uid"] = "djorje"
res.form["password1"] = "whatever" res.form["password1"] = "whatever"
@ -110,7 +110,7 @@ def test_generate_link(testclient, logged_admin, foo_group, smtpd):
res.form["uid"] = "sometwo" res.form["uid"] = "sometwo"
res.form["mail"] = "sometwo@domain.tld" res.form["mail"] = "sometwo@domain.tld"
res.form["groups"] = [foo_group.dn] res.form["groups"] = [foo_group.id]
res = res.form.submit(name="action", value="generate", status=200) res = res.form.submit(name="action", value="generate", status=200)
assert len(smtpd.messages) == 0 assert len(smtpd.messages) == 0
@ -124,7 +124,7 @@ def test_generate_link(testclient, logged_admin, foo_group, smtpd):
assert res.form["uid"].value == "sometwo" assert res.form["uid"].value == "sometwo"
assert res.form["mail"].value == "sometwo@domain.tld" assert res.form["mail"].value == "sometwo@domain.tld"
assert res.form["groups"].value == [foo_group.dn] assert res.form["groups"].value == [foo_group.id]
res.form["password1"] = "whatever" res.form["password1"] = "whatever"
res.form["password2"] = "whatever" res.form["password2"] = "whatever"
@ -165,7 +165,7 @@ def test_registration(testclient, foo_group):
"someoneelse", "someoneelse",
False, False,
"someone@mydomain.tld", "someone@mydomain.tld",
[foo_group.dn], [foo_group.id],
) )
b64 = invitation.b64() b64 = invitation.b64()
hash = invitation.profile_hash() hash = invitation.profile_hash()
@ -176,7 +176,7 @@ def test_registration(testclient, foo_group):
def test_registration_invalid_hash(testclient, foo_group): def test_registration_invalid_hash(testclient, foo_group):
now = datetime.now().isoformat() now = datetime.now().isoformat()
invitation = Invitation( invitation = Invitation(
now, "anything", False, "someone@mydomain.tld", [foo_group.dn] now, "anything", False, "someone@mydomain.tld", [foo_group.id]
) )
b64 = invitation.b64() b64 = invitation.b64()
@ -189,7 +189,7 @@ def test_registration_invalid_data(testclient, foo_group):
"someoneelse", "someoneelse",
False, False,
"someone@mydomain.tld", "someone@mydomain.tld",
[foo_group.dn], [foo_group.id],
) )
hash = invitation.profile_hash() hash = invitation.profile_hash()
@ -203,7 +203,7 @@ def test_registration_more_than_48_hours_after_invitation(testclient, foo_group)
"someoneelse", "someoneelse",
False, False,
"someone@mydomain.tld", "someone@mydomain.tld",
[foo_group.dn], [foo_group.id],
) )
hash = invitation.profile_hash() hash = invitation.profile_hash()
b64 = invitation.b64() b64 = invitation.b64()
@ -217,7 +217,7 @@ def test_registration_no_password(testclient, foo_group):
"someoneelse", "someoneelse",
False, False,
"someone@mydomain.tld", "someone@mydomain.tld",
[foo_group.dn], [foo_group.id],
) )
hash = invitation.profile_hash() hash = invitation.profile_hash()
b64 = invitation.b64() b64 = invitation.b64()
@ -242,7 +242,7 @@ def test_no_registration_if_logged_in(testclient, logged_user, foo_group):
"someoneelse", "someoneelse",
False, False,
"someone@mydomain.tld", "someone@mydomain.tld",
[foo_group.dn], [foo_group.id],
) )
hash = invitation.profile_hash() hash = invitation.profile_hash()
b64 = invitation.b64() b64 = invitation.b64()
@ -279,14 +279,14 @@ def test_groups_are_saved_even_when_user_does_not_have_read_permission(
"someoneelse", "someoneelse",
False, False,
"someone@mydomain.tld", "someone@mydomain.tld",
[foo_group.dn], [foo_group.id],
) )
b64 = invitation.b64() b64 = invitation.b64()
hash = invitation.profile_hash() hash = invitation.profile_hash()
res = testclient.get(f"/register/{b64}/{hash}", status=200) res = testclient.get(f"/register/{b64}/{hash}", status=200)
assert res.form["groups"].value == [foo_group.dn] assert res.form["groups"].value == [foo_group.id]
assert res.form["groups"].attrs["readonly"] assert res.form["groups"].attrs["readonly"]
res.form["password1"] = "whatever" res.form["password1"] = "whatever"

16
tests/test_profile.py
View file

@ -113,7 +113,7 @@ def test_edition(
assert res.flashes == [("success", "Le profil a été mis à jour avec succès.")] assert res.flashes == [("success", "Le profil a été mis à jour avec succès.")]
res = res.follow() res = res.follow()
logged_user = User.get(dn=logged_user.dn) logged_user = User.get(id=logged_user.id)
logged_user.load_groups() logged_user.load_groups()
assert ["user"] == logged_user.uid assert ["user"] == logged_user.uid
@ -161,7 +161,7 @@ def test_field_permissions_none(testclient, slapd_server, logged_user):
testclient.post( testclient.post(
"/profile/user", {"action": "edit", "telephoneNumber": "000-000-000"} "/profile/user", {"action": "edit", "telephoneNumber": "000-000-000"}
) )
user = User.get(dn=logged_user.dn) user = User.get(id=logged_user.id)
assert user.telephoneNumber == ["555-666-777"] assert user.telephoneNumber == ["555-666-777"]
@ -181,7 +181,7 @@ def test_field_permissions_read(testclient, slapd_server, logged_user):
testclient.post( testclient.post(
"/profile/user", {"action": "edit", "telephoneNumber": "000-000-000"} "/profile/user", {"action": "edit", "telephoneNumber": "000-000-000"}
) )
user = User.get(dn=logged_user.dn) user = User.get(id=logged_user.id)
assert user.telephoneNumber == ["555-666-777"] assert user.telephoneNumber == ["555-666-777"]
@ -201,7 +201,7 @@ def test_field_permissions_write(testclient, slapd_server, logged_user):
testclient.post( testclient.post(
"/profile/user", {"action": "edit", "telephoneNumber": "000-000-000"} "/profile/user", {"action": "edit", "telephoneNumber": "000-000-000"}
) )
user = User.get(dn=logged_user.dn) user = User.get(id=logged_user.id)
assert user.telephoneNumber == ["000-000-000"] assert user.telephoneNumber == ["000-000-000"]
@ -565,7 +565,7 @@ def test_photo_on_profile_edition(
res = res.form.submit(name="action", value="edit").follow() res = res.form.submit(name="action", value="edit").follow()
assert "Profile updated successfuly." in res, str(res) assert "Profile updated successfuly." in res, str(res)
logged_user = User.get(dn=logged_user.dn) logged_user = User.get(id=logged_user.id)
assert [jpeg_photo] == logged_user.jpegPhoto assert [jpeg_photo] == logged_user.jpegPhoto
@ -575,7 +575,7 @@ def test_photo_on_profile_edition(
res = res.form.submit(name="action", value="edit").follow() res = res.form.submit(name="action", value="edit").follow()
assert "Profile updated successfuly." in res, str(res) assert "Profile updated successfuly." in res, str(res)
logged_user = User.get(dn=logged_user.dn) logged_user = User.get(id=logged_user.id)
assert [jpeg_photo] == logged_user.jpegPhoto assert [jpeg_photo] == logged_user.jpegPhoto
@ -585,7 +585,7 @@ def test_photo_on_profile_edition(
res = res.form.submit(name="action", value="edit").follow() res = res.form.submit(name="action", value="edit").follow()
assert "Profile updated successfuly." in res, str(res) assert "Profile updated successfuly." in res, str(res)
logged_user = User.get(dn=logged_user.dn) logged_user = User.get(id=logged_user.id)
assert [] == logged_user.jpegPhoto assert [] == logged_user.jpegPhoto
@ -596,7 +596,7 @@ def test_photo_on_profile_edition(
res = res.form.submit(name="action", value="edit").follow() res = res.form.submit(name="action", value="edit").follow()
assert "Profile updated successfuly." in res, str(res) assert "Profile updated successfuly." in res, str(res)
logged_user = User.get(dn=logged_user.dn) logged_user = User.get(id=logged_user.id)
assert [] == logged_user.jpegPhoto assert [] == logged_user.jpegPhoto