ldap: Simplify logic for user creation.

self._realm can't be None here with the new logic in authenticate().
2017-11-17 16:13:35 -08:00 · 2017-11-17 16:13:35 -08:00 · e0b56c72de
parent e91051b1cd
commit e0b56c72de
2 changed files with 4 additions and 19 deletions
--- a/zerver/tests/test_auth_backends.py
+++ b/zerver/tests/test_auth_backends.py
@ -2019,21 +2019,6 @@ class TestLDAP(ZulipTestCase):
            with self.assertRaisesRegex(Exception, 'Realm has been deactivated'):
                backend.get_or_create_user(email, _LDAPUser())

-    @override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipLDAPAuthBackend',))
-    def test_get_or_create_user_when_realm_is_none(self):
-        # type: () -> None
-        class _LDAPUser:
-            attrs = {'fn': ['Full Name'], 'sn': ['Short Name']}
-
-        ldap_user_attr_map = {'full_name': 'fn', 'short_name': 'sn'}
-
-        with self.settings(AUTH_LDAP_USER_ATTR_MAP=ldap_user_attr_map):
-            backend = self.backend
-            email = 'nonexisting@zulip.com'
-            backend._realm = None
-            with self.assertRaisesRegex(Exception, 'Realm is None'):
-                backend.get_or_create_user(email, _LDAPUser())
-
    @override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipLDAPAuthBackend',))
    def test_get_or_create_user_when_ldap_has_no_email_attr(self):
        # type: () -> None
--- a/zproject/backends.py
+++ b/zproject/backends.py
@ -472,6 +472,7 @@ class ZulipLDAPAuthBackend(ZulipLDAPAuthBackendBase):
        return_data = {}  # type: Dict[str, Any]
        user_profile = common_get_active_user(username, self._realm, return_data)
        if return_data.get("inactive_realm"):
+            # This happens if there is a user account in a deactivated realm
            raise ZulipLDAPException("Realm has been deactivated")
        if return_data.get("inactive_user"):
            raise ZulipLDAPException("User has been deactivated")
@ -483,13 +484,12 @@ class ZulipLDAPAuthBackend(ZulipLDAPAuthBackendBase):
            raise ZulipLDAPException("Wrong subdomain")
        if user_profile is not None:
            return user_profile, False
-
-        if self._realm is None:
-            raise ZulipLDAPConfigurationError("Realm is None", self.REALM_IS_NONE_ERROR)
-        # No need to check for an inactive user since they don't exist yet
        if self._realm.deactivated:
+            # This happens if no account exists, but the realm is
+            # deactivated, so we shouldn't create a new user account
            raise ZulipLDAPException("Realm has been deactivated")

+        # We have valid LDAP credentials; time to create an account.
        full_name_attr = settings.AUTH_LDAP_USER_ATTR_MAP["full_name"]
        short_name = full_name = ldap_user.attrs[full_name_attr][0]
        try: