Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

ldap: Use new helper for checking realm status. 

We intentionally don't fix the indentation that now feels ridiculous
below in order to make it easier to see what's actually changing in
this commit.
This commit is contained in:
Tim Abbott 2017-11-21 12:52:34 -08:00
parent 104a8de148
commit 97f1c2a72a
1 changed files with 19 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
zproject/backends.py
View File

@ -452,14 +452,9 @@ class ZulipLDAPAuthBackend(ZulipLDAPAuthBackendBase):
try: try:
username = self.django_to_ldap_username(username) username = self.django_to_ldap_username(username)
user_profile = ZulipLDAPAuthBackendBase.authenticate(self, return ZulipLDAPAuthBackendBase.authenticate(self,
username=username, username=username,
password=password) password=password)
if user_profile is None:
return None
if not user_matches_subdomain(realm.subdomain, user_profile):
return None
return user_profile
except ZulipLDAPException: except ZulipLDAPException:
return None # nocoverage # TODO: this may no longer be possible return None # nocoverage # TODO: this may no longer be possible
@ -474,12 +469,23 @@ class ZulipLDAPAuthBackend(ZulipLDAPAuthBackendBase):
username = ldap_user.attrs[settings.LDAP_EMAIL_ATTR][0] username = ldap_user.attrs[settings.LDAP_EMAIL_ATTR][0]
try: return_data = {} # type: Dict[str, Any]
user_profile = get_user_profile_by_email(username) user_profile = common_get_active_user(username, self._realm, return_data)
if not user_profile.is_active or user_profile.realm.deactivated: if return_data.get("inactive_realm"):
raise ZulipLDAPException("Realm has been deactivated") raise ZulipLDAPException("Realm has been deactivated")
if return_data.get("inactive_user"):
# Bug: This isn't the correct response, but it's what the old code did.
raise ZulipLDAPException("Realm has been deactivated")
if return_data.get("invalid_subdomain"):
# TODO: Implement something in the caller for this to
# provide a nice user-facing error message for this
# situation (right now it just acts like any other auth
# failure).
raise ZulipLDAPException("Wrong subdomain")
if user_profile is not None:
return user_profile, False return user_profile, False
except UserProfile.DoesNotExist:
if user_profile is None:
if self._realm is None: if self._realm is None:
raise ZulipLDAPConfigurationError("Realm is None", self.REALM_IS_NONE_ERROR) raise ZulipLDAPConfigurationError("Realm is None", self.REALM_IS_NONE_ERROR)
# No need to check for an inactive user since they don't exist yet # No need to check for an inactive user since they don't exist yet