From a4afca7b73f5d707063f92ef92c3ec9e9422ef32 Mon Sep 17 00:00:00 2001 From: Umair Khan Date: Wed, 21 Jun 2017 14:10:56 +0500 Subject: [PATCH] ldap: Don't authenticate if realm is None. Fixes #5431 --- zerver/tests/test_auth_backends.py | 15 +++++++++++++++ zproject/backends.py | 2 ++ 2 files changed, 17 insertions(+) diff --git a/zerver/tests/test_auth_backends.py b/zerver/tests/test_auth_backends.py index 09a26ee191..3a9656dbbd 100644 --- a/zerver/tests/test_auth_backends.py +++ b/zerver/tests/test_auth_backends.py @@ -1876,6 +1876,21 @@ class TestLDAP(ZulipTestCase): with self.assertRaisesRegex(Exception, 'Realm has been deactivated'): backend.get_or_create_user(email, _LDAPUser()) + @override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipLDAPAuthBackend',)) + def test_get_or_create_user_when_realm_is_none(self): + # type: () -> None + class _LDAPUser(object): + attrs = {'fn': ['Full Name'], 'sn': ['Short Name']} + + ldap_user_attr_map = {'full_name': 'fn', 'short_name': 'sn'} + + with self.settings(AUTH_LDAP_USER_ATTR_MAP=ldap_user_attr_map): + backend = self.backend + email = 'nonexisting@zulip.com' + backend._realm = None + with self.assertRaisesRegex(Exception, 'Realm is None'): + backend.get_or_create_user(email, _LDAPUser()) + @override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipLDAPAuthBackend',)) def test_django_to_ldap_username_when_domain_does_not_match(self): # type: () -> None diff --git a/zproject/backends.py b/zproject/backends.py index 483cc3165d..f8c693a2cc 100644 --- a/zproject/backends.py +++ b/zproject/backends.py @@ -440,6 +440,8 @@ class ZulipLDAPAuthBackend(ZulipLDAPAuthBackendBase): raise ZulipLDAPException("LDAP Authentication is not enabled") return user_profile, False except UserProfile.DoesNotExist: + if self._realm is None: + raise ZulipLDAPException("Realm is None") # No need to check for an inactive user since they don't exist yet if self._realm.deactivated: raise ZulipLDAPException("Realm has been deactivated")