def import_groups(self, server, user):
connection = ldap_access.get_connection_from_server(server)
import_ldap_users(connection,
user.username,
sync_groups=True,
import_by_dn=False,
server=server)
def process_request(self, request):
user = request.user
server = None
# Used by tests only
if request.method == "GET":
server = request.GET.get('server')
if not user or not user.is_authenticated:
return
if not User.objects.filter(username=user.username, userprofile__creation_method=UserProfile.CreationMethod.EXTERNAL.name).exists():
LOG.warn("User %s is not an Ldap user" % user.username)
return
# Cache should be cleared when user logs out.
if self.USER_CACHE_NAME not in request.session:
if LDAP.LDAP_SERVERS.get():
connection = ldap_access.get_connection_from_server(next(LDAP.LDAP_SERVERS.__iter__()))
else:
connection = ldap_access.get_connection_from_server()
import_ldap_users(connection, user.username, sync_groups=True, import_by_dn=False, server=server)
request.session[self.USER_CACHE_NAME] = True
request.session.modified = True
def handle(self, user=None, **options):
if user is None:
raise CommandError(_("A username must be provided."))
import_by_dn = options['dn']
sync_groups = options['sync_groups']
import_ldap_users(user, sync_groups, import_by_dn)
def import_groups(self, server, user):
connection = ldap_access.get_connection_from_server(server)
#Avoid circular import from is_admin
from useradmin.views import import_ldap_users
import_ldap_users(connection,
user.username,
sync_groups=True,
import_by_dn=False,
server=server)
def handle(self, user=None, **options):
if user is None:
raise CommandError(_("A username must be provided."))
import_by_dn = options['dn']
sync_groups = options['sync_groups']
server = options['server']
connection = ldap_access.get_connection_from_server(server)
import_ldap_users(connection, user, sync_groups, import_by_dn)
def handle(self, user=None, **options):
if user is None:
raise CommandError(_("A username must be provided."))
import_by_dn = options['dn']
sync_groups = options['sync_groups']
server = options['server']
connection = ldap_access.get_connection_from_server(server)
import_ldap_users(connection, user, sync_groups, import_by_dn)
def test_useradmin_ldap_case_sensitivity(self):
if is_live_cluster():
raise SkipTest('HUE-2897: Cannot yet guarantee database is case sensitive')
done = []
try:
# Set up LDAP tests to use a LdapTestConnection instead of an actual LDAP connection
ldap_access.CACHED_LDAP_CONN = LdapTestConnection()
# Test import case sensitivity
done.append(desktop.conf.LDAP.IGNORE_USERNAME_CASE.set_for_testing(True))
import_ldap_users(ldap_access.CACHED_LDAP_CONN, 'Lårry', sync_groups=False, import_by_dn=False)
assert_false(User.objects.filter(username='******').exists())
assert_true(User.objects.filter(username='******').exists())
# Test lower case
User.objects.filter(username__iexact='Rock').delete()
import_ldap_users(ldap_access.CACHED_LDAP_CONN, 'Rock', sync_groups=False, import_by_dn=False)
assert_false(User.objects.filter(username='******').exists())
assert_true(User.objects.filter(username='******').exists())
done.append(desktop.conf.LDAP.FORCE_USERNAME_LOWERCASE.set_for_testing(True))
import_ldap_users(ldap_access.CACHED_LDAP_CONN, 'Rock', sync_groups=False, import_by_dn=False)
assert_false(User.objects.filter(username='******').exists())
assert_true(User.objects.filter(username='******').exists())
User.objects.filter(username='******').delete()
import_ldap_users(ldap_access.CACHED_LDAP_CONN, 'Rock', sync_groups=False, import_by_dn=False)
assert_false(User.objects.filter(username='******').exists())
assert_true(User.objects.filter(username='******').exists())
finally:
for finish in done:
finish()
def test_useradmin_ldap_user_group_membership_sync(self):
settings.MIDDLEWARE_CLASSES.append('useradmin.middleware.LdapSynchronizationMiddleware')
try:
# Set up LDAP tests to use a LdapTestConnection instead of an actual LDAP connection
ldap_access.CACHED_LDAP_CONN = LdapTestConnection()
# Make sure LDAP groups exist or they won't sync
import_ldap_groups(ldap_access.CACHED_LDAP_CONN, 'TestUsers', import_members=False, import_members_recursive=False, sync_users=False, import_by_dn=False)
import_ldap_groups(ldap_access.CACHED_LDAP_CONN, 'Test Administrators', import_members=False, import_members_recursive=False, sync_users=False, import_by_dn=False)
# Import curly who is part of TestUsers and Test Administrators
import_ldap_users(ldap_access.CACHED_LDAP_CONN, 'curly', sync_groups=False, import_by_dn=False)
# Set a password so that we can login
user = User.objects.get(username='******')
user.set_password('test')
user.save()
# Should have 0 groups
assert_equal(0, user.groups.all().count())
# Make an authenticated request as curly so that we can see call middleware.
c = make_logged_in_client('curly', 'test', is_superuser=False)
grant_access("curly", "test", "useradmin")
response = c.get('/useradmin/users')
# Refresh user groups
user = User.objects.get(username='******')
# Should have 3 groups now. 2 from LDAP and 1 from 'grant_access' call.
assert_equal(3, user.groups.all().count(), user.groups.all())
# Now remove a group and try again.
old_group = ldap_access.CACHED_LDAP_CONN._instance.users['curly']['groups'].pop()
# Make an authenticated request as curly so that we can see call middleware.
response = c.get('/useradmin/users')
# Refresh user groups
user = User.objects.get(username='******')
# Should have 2 groups now. 1 from LDAP and 1 from 'grant_access' call.
assert_equal(3, user.groups.all().count(), user.groups.all())
finally:
settings.MIDDLEWARE_CLASSES.remove('useradmin.middleware.LdapSynchronizationMiddleware')
def sync(self, request):
user = request.user
if not user or not user.is_authenticated():
return
if not User.objects.filter(username=user.username, userprofile__creation_method=str(UserProfile.CreationMethod.EXTERNAL)).exists():
LOG.warn("User %s is not an Ldap user" % user.username)
return
# Cache should be cleared when user logs out.
if self.USER_CACHE_NAME not in request.session:
request.session[self.USER_CACHE_NAME] = import_ldap_users(user.username, sync_groups=True, import_by_dn=False)
request.session.modified = True
def sync(self, request):
user = request.user
if not user or not user.is_authenticated():
return
if not User.objects.filter(
username=user.username,
userprofile__creation_method=str(
UserProfile.CreationMethod.EXTERNAL)).exists():
LOG.warn("User %s is not an Ldap user" % user.username)
return
# Cache should be cleared when user logs out.
if self.USER_CACHE_NAME not in request.session:
request.session[self.USER_CACHE_NAME] = import_ldap_users(
user.username, sync_groups=True, import_by_dn=False)
request.session.modified = True
def test_useradmin_ldap_user_integration(self):
done = []
try:
# Set up LDAP tests to use a LdapTestConnection instead of an actual LDAP connection
ldap_access.CACHED_LDAP_CONN = LdapTestConnection()
# Try importing a user
import_ldap_users(ldap_access.CACHED_LDAP_CONN, 'lårry', sync_groups=False, import_by_dn=False)
larry = User.objects.get(username='******')
assert_true(larry.first_name == 'Larry')
assert_true(larry.last_name == 'Stooge')
assert_true(larry.email == '*****@*****.**')
assert_true(get_profile(larry).creation_method == UserProfile.CreationMethod.EXTERNAL.name)
# Should be a noop
sync_ldap_users(ldap_access.CACHED_LDAP_CONN)
sync_ldap_groups(ldap_access.CACHED_LDAP_CONN)
assert_equal(User.objects.all().count(), 1)
assert_equal(Group.objects.all().count(), 0)
# Make sure that if a Hue user already exists with a naming collision, we
# won't overwrite any of that user's information.
hue_user = User.objects.create(username='******', first_name='Different', last_name='Guy')
import_ldap_users(ldap_access.CACHED_LDAP_CONN, 'otherguy', sync_groups=False, import_by_dn=False)
hue_user = User.objects.get(username='******')
assert_equal(get_profile(hue_user).creation_method, UserProfile.CreationMethod.HUE.name)
assert_equal(hue_user.first_name, 'Different')
# Make sure LDAP groups exist or they won't sync
import_ldap_groups(ldap_access.CACHED_LDAP_CONN, 'TestUsers', import_members=False, import_members_recursive=False, sync_users=False, import_by_dn=False)
import_ldap_groups(ldap_access.CACHED_LDAP_CONN, 'Test Administrators', import_members=False, import_members_recursive=False, sync_users=False, import_by_dn=False)
# Try importing a user and sync groups
import_ldap_users(ldap_access.CACHED_LDAP_CONN, 'curly', sync_groups=True, import_by_dn=False)
curly = User.objects.get(username='******')
assert_equal(curly.first_name, 'Curly')
assert_equal(curly.last_name, 'Stooge')
assert_equal(curly.email, '*****@*****.**')
assert_equal(get_profile(curly).creation_method, UserProfile.CreationMethod.EXTERNAL.name)
assert_equal(2, curly.groups.all().count(), curly.groups.all())
reset_all_users()
reset_all_groups()
finally:
for finish in done:
finish()
def import_groups(self, server, user): connection = ldap_access.get_connection_from_server(server) import_ldap_users(connection, user.username, sync_groups=True, import_by_dn=False)
def import_groups(self, user): import_ldap_users(user.username, sync_groups=True, import_by_dn=False)
def import_groups(self, server, user): connection = ldap_access.get_connection_from_server(server) #Avoid circular import from is_admin from useradmin.views import import_ldap_users import_ldap_users(connection, user.username, sync_groups=True, import_by_dn=False, server=server)
def import_groups(self, user):
import_ldap_users(user.username, sync_groups=True, import_by_dn=False)
