Ejemplo n.º 1
0
 def _get_identity(self, identifier):
     with ldap_context(self.ldap_settings):
         user_dn, user_data = get_user_by_id(identifier, self._attributes)
     if not user_dn:
         return None
     return IdentityInfo(self,
                         identifier=user_data[self.ldap_settings['uid']][0],
                         **to_unicode(user_data))
Ejemplo n.º 2
0
 def has_member(self, user_identifier):
     with ldap_context(self.ldap_settings):
         user_dn, user_data = get_user_by_id(user_identifier, attributes=[self.ldap_settings['member_of_attr']])
         if not user_dn:
             return False
         if self.ldap_settings['ad_group_style']:
             group_dn, group_data = get_group_by_id(self.name, attributes=['objectSid'])
             group_sids = group_data.get('objectSid')
             token_groups = get_token_groups_from_user_dn(user_dn)
             return any(group_sid in token_groups for group_sid in group_sids)
         else:
             return self.dn in user_data.get(self.ldap_settings['member_of_attr'], [])
Ejemplo n.º 3
0
 def process_local_login(self, data):
     username = data['username']
     password = data['password']
     with ldap_context(self.ldap_settings, use_cache=False):
         try:
             user_dn, user_data = get_user_by_id(username, attributes=[self.ldap_settings['uid']])
             if not user_dn:
                 raise NoSuchUser
             current_ldap.connection.simple_bind_s(user_dn, password)
         except INVALID_CREDENTIALS:
             raise InvalidCredentials
     auth_info = AuthInfo(self, identifier=user_data[self.ldap_settings['uid']][0])
     return self.multipass.handle_auth_success(auth_info)
Ejemplo n.º 4
0
 def process_local_login(self, data):
     username = data['username']
     password = data['password']
     with ldap_context(self.ldap_settings, use_cache=False):
         try:
             user_dn, user_data = get_user_by_id(
                 username, attributes=[self.ldap_settings['uid']])
             if not user_dn:
                 raise NoSuchUser(provider=self)
             current_ldap.connection.simple_bind_s(user_dn, password)
         except INVALID_CREDENTIALS:
             raise InvalidCredentials(provider=self)
     auth_info = AuthInfo(
         self, identifier=user_data[self.ldap_settings['uid']][0])
     return self.multipass.handle_auth_success(auth_info)
Ejemplo n.º 5
0
 def has_member(self, user_identifier):
     with ldap_context(self.ldap_settings):
         user_dn, user_data = get_user_by_id(
             user_identifier,
             attributes=[self.ldap_settings['member_of_attr']])
         if not user_dn:
             return False
         if self.ldap_settings['ad_group_style']:
             group_dn, group_data = get_group_by_id(
                 self.name, attributes=['objectSid'])
             group_sids = group_data.get('objectSid')
             token_groups = get_token_groups_from_user_dn(user_dn)
             return any(group_sid in token_groups
                        for group_sid in group_sids)
         else:
             return self.dn in user_data.get(
                 self.ldap_settings['member_of_attr'], [])
Ejemplo n.º 6
0
 def get_identity_groups(self, identifier):
     groups = set()
     with ldap_context(self.ldap_settings):
         user_dn, user_data = get_user_by_id(identifier, self._attributes)
         if not user_dn:
             return set()
         if self.ldap_settings['ad_group_style']:
             for sid in get_token_groups_from_user_dn(user_dn):
                 search_filter = build_group_search_filter(
                     {'objectSid': {sid}}, exact=True)
                 for group_dn, group_data in self._search_groups(
                         search_filter):
                     group_name = to_unicode(
                         group_data[self.ldap_settings['gid']][0])
                     groups.add(self.group_class(self, group_name,
                                                 group_dn))
         else:
             # OpenLDAP does not have a way to get all groups for a user including nested ones
             raise NotImplementedError(
                 'Only available for active directory')
     return groups
Ejemplo n.º 7
0
def test_get_user_by_id_handles_none_id():
    with pytest.raises(IdentityRetrievalFailed) as excinfo:
        get_user_by_id(None)
    assert excinfo.value.message == 'No identifier specified'
Ejemplo n.º 8
0
 def _get_identity(self, identifier):
     with ldap_context(self.ldap_settings):
         user_dn, user_data = get_user_by_id(identifier, self._attributes)
     if not user_dn:
         return None
     return IdentityInfo(self, identifier=user_data[self.ldap_settings['uid']][0], **to_unicode(user_data))
Ejemplo n.º 9
0
def test_get_user_by_id_handles_none_id():
    with pytest.raises(IdentityRetrievalFailed) as excinfo:
        get_user_by_id(None)
    assert excinfo.value.message == 'No identifier specified'