def test_authenticating_user_superuser(config_ldap_setup):
assert application.authenticate('admin', 'admin') == structures.User(
authenticated=True,
username='******',
first_name='Super',
last_name='Admin',
is_superuser=True)
def test_authenticating_user_not_superuser(config_ldap_setup):
assert application.authenticate('shco01', 'bazinga') == structures.User(
authenticated=True,
username='******',
first_name='Sheldon',
last_name='Cooper',
is_superuser=False)
def authenticated_flask_client(flask_client):
with flask_client.session_transaction() as session:
user_tools.set_current_user(structures.User(
authenticated=True,
username='******',
first_name='Sheldon',
last_name='Cooper',
), session=session)
return flask_client
def test_post_logout(flask_client):
with flask_client.session_transaction() as session:
user_tools.set_current_user(structures.User(
authenticated=True,
username='******',
first_name='Sheldon',
last_name='Cooper',
is_superuser=False,
),
session=session)
response = flask_client.post('/logout/')
assert response.status_code == 302
assert response.location == 'http://localhost/login/'
assert not user_tools.current_user().authenticated
def test_post_invalid_login(authenticate, flask_client):
authenticate.return_value = structures.User(
authenticated=False,
username='',
first_name='',
last_name='',
is_superuser=False,
)
response = flask_client.post('/login/',
data={
'username': '******',
'password': '******'
})
authenticate.assert_called_once_with('songo', 'ssj5')
assert "Invalid login or password" in response.data.decode()
def test_post_login(authenticate, flask_client):
authenticate.return_value = structures.User(
authenticated=True,
username='******',
first_name='Sheldon',
last_name='Cooper',
is_superuser=False,
)
response = flask_client.post('/login/',
data={
'username': '******',
'password': '******'
})
authenticate.assert_called_once_with('songo', 'ssj4')
assert response.status_code == 302
assert response.location == 'http://localhost/'
def authenticate(username, password):
records = get_user_records(username)
dila_permission = check_group_membership(username)
if records and dila_permission:
user_dn, user_attributes = records[0]
with initialize_connection() as connection:
try:
connection.simple_bind_s(user_dn, password)
except ldap.LDAPError:
return ANONYMOUS_USER
else:
encoding = config.LDAP_ENCODING
first_name = user_attributes.get(config.LDAP_USER_ATTRIBUTE_MAP['first_name'])[0].decode(encoding)
last_name = user_attributes.get(config.LDAP_USER_ATTRIBUTE_MAP['last_name'])[0].decode(encoding)
is_superuser = check_group_membership(username, config.LDAP_SUPERUSER_GROUP_CN)
return structures.User(
authenticated=True,
username=username,
first_name=first_name,
last_name=last_name,
is_superuser=is_superuser
)
else:
return ANONYMOUS_USER
import contextlib
import itertools
import ldap
from ldap import filter as ldap_filter
from dila import config
from dila.application import structures
ANONYMOUS_USER = structures.User(
authenticated=False,
username='',
first_name='ANONYMOUS',
last_name='',
is_superuser=False
)
def authenticate(username, password):
records = get_user_records(username)
dila_permission = check_group_membership(username)
if records and dila_permission:
user_dn, user_attributes = records[0]
with initialize_connection() as connection:
try:
connection.simple_bind_s(user_dn, password)
except ldap.LDAPError:
return ANONYMOUS_USER
else:
encoding = config.LDAP_ENCODING
def current_user():
user_dict = flask.session.get('user', {})
for field in application.ANONYMOUS_USER._fields:
user_dict.setdefault(field, getattr(application.ANONYMOUS_USER, field))
return structures.User(**user_dict)
