Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

ldap: Simplify logic for user creation. 

self._realm can't be None here with the new logic in authenticate().
This commit is contained in:
Tim Abbott 2017-11-17 16:13:35 -08:00 committed by Greg Price
parent e91051b1cd
commit e0b56c72de
2 changed files with 4 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
zerver/tests/test_auth_backends.py
View File

@ -2019,21 +2019,6 @@ class TestLDAP(ZulipTestCase):
with self.assertRaisesRegex(Exception, 'Realm has been deactivated'): with self.assertRaisesRegex(Exception, 'Realm has been deactivated'):
backend.get_or_create_user(email, _LDAPUser()) backend.get_or_create_user(email, _LDAPUser())
@override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipLDAPAuthBackend',))
def test_get_or_create_user_when_realm_is_none(self):
# type: () -> None
class _LDAPUser:
attrs = {'fn': ['Full Name'], 'sn': ['Short Name']}
ldap_user_attr_map = {'full_name': 'fn', 'short_name': 'sn'}
with self.settings(AUTH_LDAP_USER_ATTR_MAP=ldap_user_attr_map):
backend = self.backend
email = 'nonexisting@zulip.com'
backend._realm = None
with self.assertRaisesRegex(Exception, 'Realm is None'):
backend.get_or_create_user(email, _LDAPUser())
@override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipLDAPAuthBackend',)) @override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipLDAPAuthBackend',))
def test_get_or_create_user_when_ldap_has_no_email_attr(self): def test_get_or_create_user_when_ldap_has_no_email_attr(self):
# type: () -> None # type: () -> None

8
zproject/backends.py
View File

@ -472,6 +472,7 @@ class ZulipLDAPAuthBackend(ZulipLDAPAuthBackendBase):
return_data = {} # type: Dict[str, Any] return_data = {} # type: Dict[str, Any]
user_profile = common_get_active_user(username, self._realm, return_data) user_profile = common_get_active_user(username, self._realm, return_data)
if return_data.get("inactive_realm"): if return_data.get("inactive_realm"):
# This happens if there is a user account in a deactivated realm
raise ZulipLDAPException("Realm has been deactivated") raise ZulipLDAPException("Realm has been deactivated")
if return_data.get("inactive_user"): if return_data.get("inactive_user"):
raise ZulipLDAPException("User has been deactivated") raise ZulipLDAPException("User has been deactivated")
@ -483,13 +484,12 @@ class ZulipLDAPAuthBackend(ZulipLDAPAuthBackendBase):
raise ZulipLDAPException("Wrong subdomain") raise ZulipLDAPException("Wrong subdomain")
if user_profile is not None: if user_profile is not None:
return user_profile, False return user_profile, False
if self._realm is None:
raise ZulipLDAPConfigurationError("Realm is None", self.REALM_IS_NONE_ERROR)
# No need to check for an inactive user since they don't exist yet
if self._realm.deactivated: if self._realm.deactivated:
# This happens if no account exists, but the realm is
# deactivated, so we shouldn't create a new user account
raise ZulipLDAPException("Realm has been deactivated") raise ZulipLDAPException("Realm has been deactivated")
# We have valid LDAP credentials; time to create an account.
full_name_attr = settings.AUTH_LDAP_USER_ATTR_MAP["full_name"] full_name_attr = settings.AUTH_LDAP_USER_ATTR_MAP["full_name"]
short_name = full_name = ldap_user.attrs[full_name_attr][0] short_name = full_name = ldap_user.attrs[full_name_attr][0]
try: try: