zulip/zerver/lib/dev_ldap_directory.py

import glob
import logging
import os
from email.headerregistry import Address
from typing import Any, Dict, List, Optional

from django.conf import settings

from zerver.lib.storage import static_path

# See https://jackstromberg.com/2013/01/useraccountcontrol-attributeflag-values/
# for docs on what these values mean.
LDAP_USER_ACCOUNT_CONTROL_NORMAL = "512"
LDAP_USER_ACCOUNT_CONTROL_DISABLED = "514"


def generate_dev_ldap_dir(mode: str, num_users: int = 8) -> Dict[str, Dict[str, Any]]:
    mode = mode.lower()
    ldap_data = []
    for i in range(1, num_users + 1):
        name = f"LDAP User {i}"
        email = f"ldapuser{i}@zulip.com"
        phone_number = f"999999999{i}"
        birthdate = f"19{i:02}-{i:02}-{i:02}"
        ldap_data.append((name, email, phone_number, birthdate))

    profile_images = []
    for path in glob.glob(os.path.join(static_path("images/test-images/avatars"), "*")):
        with open(path, "rb") as f:
            profile_images.append(f.read())
    ldap_dir = {}
    for i, user_data in enumerate(ldap_data):
        email = user_data[1].lower()
        email_username = Address(addr_spec=email).username
        common_data = {
            "cn": [user_data[0]],
            "userPassword": [email_username],
            "phoneNumber": [user_data[2]],
            "birthDate": [user_data[3]],
        }
        if mode == "a":
            ldap_dir[f"uid={email},ou=users,dc=zulip,dc=com"] = dict(
                uid=[email],
                thumbnailPhoto=[profile_images[i % len(profile_images)]],
                userAccountControl=[LDAP_USER_ACCOUNT_CONTROL_NORMAL],
                **common_data,
            )
        elif mode == "b":
            ldap_dir[f"uid={email_username},ou=users,dc=zulip,dc=com"] = dict(
                uid=[email_username],
                jpegPhoto=[profile_images[i % len(profile_images)]],
                **common_data,
            )
        elif mode == "c":
            ldap_dir[f"uid={email_username},ou=users,dc=zulip,dc=com"] = dict(
                uid=[email_username], email=[email], **common_data
            )

    return ldap_dir


def init_fakeldap(
    directory: Optional[Dict[str, Dict[str, List[str]]]] = None,
) -> None:  # nocoverage
    # We only use this in development.  Importing mock inside
    # this function is an import time optimization, which
    # avoids the expensive import of the mock module (slow
    # because its dependency pbr uses pkgresources, which is
    # really slow to import.)
    from unittest import mock

    from fakeldap import MockLDAP

    # Silent `django_auth_ldap` logger in dev mode to avoid
    # spammy user not found log messages.
    ldap_auth_logger = logging.getLogger("django_auth_ldap")
    ldap_auth_logger.setLevel(logging.CRITICAL)

    fakeldap_logger = logging.getLogger("fakeldap")
    fakeldap_logger.setLevel(logging.CRITICAL)

    ldap_patcher = mock.patch("django_auth_ldap.config.ldap.initialize")
    mock_initialize = ldap_patcher.start()
    mock_ldap = MockLDAP()
    mock_initialize.return_value = mock_ldap

    assert settings.FAKE_LDAP_MODE is not None
    mock_ldap.directory = directory or generate_dev_ldap_dir(
        settings.FAKE_LDAP_MODE, settings.FAKE_LDAP_NUM_USERS
    )
ldap: Extract dev_ldap_directory.py. This gets what is fundamentally unit testing code out of backends.py. 2018-12-13 22:46:37 +01:00			`import glob`
ldap: Adjust `django_auth_ldap` settings to avoid spammy log messages. 2019-01-14 16:08:58 +01:00			`import logging`
ldap: Extract dev_ldap_directory.py. This gets what is fundamentally unit testing code out of backends.py. 2018-12-13 22:46:37 +01:00			`import os`
python: Use a real parser for email addresses. Now that we can assume Python 3.6+, we can use the email.headerregistry module to replace hacky manual email address parsing. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2022-07-27 23:33:49 +02:00			`from email.headerregistry import Address`
tests: Use `init_fakeldap()` in `test_signup.py`. 2019-01-16 14:09:30 +01:00			`from typing import Any, Dict, List, Optional`
ldap: Extract dev_ldap_directory.py. This gets what is fundamentally unit testing code out of backends.py. 2018-12-13 22:46:37 +01:00
			`from django.conf import settings`
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-06-11 00:54:34 +02:00
settings: Unset STATIC_ROOT in development. Django’s default FileSystemFinder disallows STATICFILES_DIRS from containing STATIC_ROOT (by raising an ImproperlyConfigured exception), because STATIC_ROOT is supposed to be the result of collecting all the static files in the project, not one of the potentially many sources of static files. Signed-off-by: Anders Kaseorg <anders@zulipchat.com> 2019-07-17 02:29:08 +02:00			`from zerver.lib.storage import static_path`
ldap: Extract dev_ldap_directory.py. This gets what is fundamentally unit testing code out of backends.py. 2018-12-13 22:46:37 +01:00
ldap: Cast account_control_values to int. This value will usually apparently come through the LDAP API as a string, apparently. 2018-12-30 01:33:11 +01:00			`# See https://jackstromberg.com/2013/01/useraccountcontrol-attributeflag-values/`
			`# for docs on what these values mean.`
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:20:45 +01:00			`LDAP_USER_ACCOUNT_CONTROL_NORMAL = "512"`
			`LDAP_USER_ACCOUNT_CONTROL_DISABLED = "514"`
ldap: Add support for automatic user deactivation/reactivation. As part of this, extend our documentation on synchronizing data from Active Directory. 2018-12-13 23:58:26 +01:00
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00
			`def generate_dev_ldap_dir(mode: str, num_users: int = 8) -> Dict[str, Dict[str, Any]]:`
ldap: Extract dev_ldap_directory.py. This gets what is fundamentally unit testing code out of backends.py. 2018-12-13 22:46:37 +01:00			`mode = mode.lower()`
dev_ldap: Add custom profile data. 2019-01-29 14:49:53 +01:00			`ldap_data = []`
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`for i in range(1, num_users + 1):`
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:20:45 +01:00			`name = f"LDAP User {i}"`
			`email = f"ldapuser{i}@zulip.com"`
			`phone_number = f"999999999{i}"`
			`birthdate = f"19{i:02}-{i:02}-{i:02}"`
dev_ldap: Add custom profile data. 2019-01-29 14:49:53 +01:00			`ldap_data.append((name, email, phone_number, birthdate))`
ldap: Extract dev_ldap_directory.py. This gets what is fundamentally unit testing code out of backends.py. 2018-12-13 22:46:37 +01:00
python: Close opened files. Fixes various instances of ‘ResourceWarning: unclosed file’ with python -Wd. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-10-24 09:33:54 +02:00			`profile_images = []`
tests: Update tests to use example profile picture. So that we can stop using Tim's photo for tests, adds an open license profile picture to use instead. Updates tests that used `tim.png` to use the new example profile picture, which is located in `static/images/test-images/avatars/`. 2022-10-28 11:35:46 +02:00			`for path in glob.glob(os.path.join(static_path("images/test-images/avatars"), "*")):`
python: Close opened files. Fixes various instances of ‘ResourceWarning: unclosed file’ with python -Wd. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-10-24 09:33:54 +02:00			`with open(path, "rb") as f:`
			`profile_images.append(f.read())`
ldap: Extract dev_ldap_directory.py. This gets what is fundamentally unit testing code out of backends.py. 2018-12-13 22:46:37 +01:00			`ldap_dir = {}`
dev_ldap: Add custom profile data. 2019-01-29 14:49:53 +01:00			`for i, user_data in enumerate(ldap_data):`
			`email = user_data[1].lower()`
python: Use a real parser for email addresses. Now that we can assume Python 3.6+, we can use the email.headerregistry module to replace hacky manual email address parsing. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2022-07-27 23:33:49 +02:00			`email_username = Address(addr_spec=email).username`
dev_ldap: Add custom profile data. 2019-01-29 14:49:53 +01:00			`common_data = {`
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:20:45 +01:00			`"cn": [user_data[0]],`
			`"userPassword": [email_username],`
			`"phoneNumber": [user_data[2]],`
			`"birthDate": [user_data[3]],`
dev_ldap: Add custom profile data. 2019-01-29 14:49:53 +01:00			`}`
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:20:45 +01:00			`if mode == "a":`
dev_ldap_directory: Use f-strings for better readability. 2024-01-09 21:09:09 +01:00			`ldap_dir[f"uid={email},ou=users,dc=zulip,dc=com"] = dict(`
python: Use trailing commas consistently. Automatically generated by the following script, based on the output of lint with flake8-comma: import re import sys last_filename = None last_row = None lines = [] for msg in sys.stdin: m = re.match( r"\x1b\[35mflake8 \\|\x1b\[0m \x1b\[1;31m(.+):(\d+):(\d+): (\w+)", msg ) if m: filename, row_str, col_str, err = m.groups() row, col = int(row_str), int(col_str) if filename == last_filename: assert last_row != row else: if last_filename is not None: with open(last_filename, "w") as f: f.writelines(lines) with open(filename) as f: lines = f.readlines() last_filename = filename last_row = row line = lines[row - 1] if err in ["C812", "C815"]: lines[row - 1] = line[: col - 1] + "," + line[col - 1 :] elif err in ["C819"]: assert line[col - 2] == "," lines[row - 1] = line[: col - 2] + line[col - 1 :].lstrip(" ") if last_filename is not None: with open(last_filename, "w") as f: f.writelines(lines) Signed-off-by: Anders Kaseorg <anders@zulipchat.com> 2020-04-10 05:23:40 +02:00			`uid=[email],`
			`thumbnailPhoto=[profile_images[i % len(profile_images)]],`
			`userAccountControl=[LDAP_USER_ACCOUNT_CONTROL_NORMAL],`
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`**common_data,`
			`)`
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:20:45 +01:00			`elif mode == "b":`
dev_ldap_directory: Use f-strings for better readability. 2024-01-09 21:09:09 +01:00			`ldap_dir[f"uid={email_username},ou=users,dc=zulip,dc=com"] = dict(`
python: Use trailing commas consistently. Automatically generated by the following script, based on the output of lint with flake8-comma: import re import sys last_filename = None last_row = None lines = [] for msg in sys.stdin: m = re.match( r"\x1b\[35mflake8 \\|\x1b\[0m \x1b\[1;31m(.+):(\d+):(\d+): (\w+)", msg ) if m: filename, row_str, col_str, err = m.groups() row, col = int(row_str), int(col_str) if filename == last_filename: assert last_row != row else: if last_filename is not None: with open(last_filename, "w") as f: f.writelines(lines) with open(filename) as f: lines = f.readlines() last_filename = filename last_row = row line = lines[row - 1] if err in ["C812", "C815"]: lines[row - 1] = line[: col - 1] + "," + line[col - 1 :] elif err in ["C819"]: assert line[col - 2] == "," lines[row - 1] = line[: col - 2] + line[col - 1 :].lstrip(" ") if last_filename is not None: with open(last_filename, "w") as f: f.writelines(lines) Signed-off-by: Anders Kaseorg <anders@zulipchat.com> 2020-04-10 05:23:40 +02:00			`uid=[email_username],`
			`jpegPhoto=[profile_images[i % len(profile_images)]],`
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`**common_data,`
			`)`
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:20:45 +01:00			`elif mode == "c":`
dev_ldap_directory: Use f-strings for better readability. 2024-01-09 21:09:09 +01:00			`ldap_dir[f"uid={email_username},ou=users,dc=zulip,dc=com"] = dict(`
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`uid=[email_username], email=[email], **common_data`
			`)`
ldap: Extract dev_ldap_directory.py. This gets what is fundamentally unit testing code out of backends.py. 2018-12-13 22:46:37 +01:00
			`return ldap_dir`
ldap: Extract `init_fakeldap()`. 2019-01-12 18:12:11 +01:00
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00
			`def init_fakeldap(`
python: Reformat with Ruff formatter. https://docs.astral.sh/ruff/formatter/ Signed-off-by: Anders Kaseorg <anders@zulip.com> 2023-12-05 18:45:07 +01:00			`directory: Optional[Dict[str, Dict[str, List[str]]]] = None,`
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`) -> None: # nocoverage`
ldap: Extract `init_fakeldap()`. 2019-01-12 18:12:11 +01:00			`# We only use this in development. Importing mock inside`
			`# this function is an import time optimization, which`
			`# avoids the expensive import of the mock module (slow`
			`# because its dependency pbr uses pkgresources, which is`
			`# really slow to import.)`
requirements: Drop direct dependency on mock. mock is just a backport of the standard library’s unittest.mock now. The SAMLAuthBackendTest change is needed because MagicMock.call_args.args wasn’t introduced until Python 3.8 (https://bugs.python.org/issue21269). The PROVISION_VERSION bump is skipped because mock is still an indirect dev requirement via moto. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-05-26 07:16:25 +02:00			`from unittest import mock`
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-06-11 00:54:34 +02:00
ldap: Extract `init_fakeldap()`. 2019-01-12 18:12:11 +01:00			`from fakeldap import MockLDAP`

ldap: Adjust `django_auth_ldap` settings to avoid spammy log messages. 2019-01-14 16:08:58 +01:00			# Silent `django_auth_ldap` logger in dev mode to avoid
			`# spammy user not found log messages.`
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:20:45 +01:00			`ldap_auth_logger = logging.getLogger("django_auth_ldap")`
ldap: Adjust `django_auth_ldap` settings to avoid spammy log messages. 2019-01-14 16:08:58 +01:00			`ldap_auth_logger.setLevel(logging.CRITICAL)`

python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:20:45 +01:00			`fakeldap_logger = logging.getLogger("fakeldap")`
ldap: Avoid spammy log messages from fakeldap as well. 2019-01-14 18:52:25 +01:00			`fakeldap_logger.setLevel(logging.CRITICAL)`

python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:20:45 +01:00			`ldap_patcher = mock.patch("django_auth_ldap.config.ldap.initialize")`
ldap: Extract `init_fakeldap()`. 2019-01-12 18:12:11 +01:00			`mock_initialize = ldap_patcher.start()`
			`mock_ldap = MockLDAP()`
			`mock_initialize.return_value = mock_ldap`

typing: Add assertions before accessing settings. Signed-off-by: Zixuan James Li <p359101898@gmail.com> 2022-07-06 06:58:43 +02:00			`assert settings.FAKE_LDAP_MODE is not None`
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00			`mock_ldap.directory = directory or generate_dev_ldap_dir(`
			`settings.FAKE_LDAP_MODE, settings.FAKE_LDAP_NUM_USERS`
			`)`