Пример #1
0
def test_useradmin_ldap_user_integration():
    reset_all_users()
    reset_all_groups()

    # Set up LDAP tests to use a LdapTestConnection instead of an actual LDAP connection
    ldap_access.CACHED_LDAP_CONN = LdapTestConnection()

    # Try importing a user
    import_ldap_users('lårry', import_by_dn=False)
    larry = User.objects.get(username='******')
    assert_true(larry.first_name == 'Larry')
    assert_true(larry.last_name == 'Stooge')
    assert_true(larry.email == '*****@*****.**')
    assert_true(
        get_profile(larry).creation_method == str(
            UserProfile.CreationMethod.EXTERNAL))

    # Should be a noop
    sync_ldap_users()
    sync_ldap_groups()
    assert_equal(len(User.objects.all()), 1)
    assert_equal(len(Group.objects.all()), 0)

    # Make sure that if a Hue user already exists with a naming collision, we
    # won't overwrite any of that user's information.
    hue_user = User.objects.create(username='******',
                                   first_name='Different',
                                   last_name='Guy')
    import_ldap_users('otherguy', import_by_dn=False)
    hue_user = User.objects.get(username='******')
    assert_equal(
        get_profile(hue_user).creation_method,
        str(UserProfile.CreationMethod.HUE))
    assert_equal(hue_user.first_name, 'Different')
Пример #2
0
    def process_request(self, request):
        user = request.user

        if not user or not user.is_authenticated():
            return

        if not User.objects.filter(
                username=user.username,
                userprofile__creation_method=str(
                    UserProfile.CreationMethod.EXTERNAL)).exists():
            LOG.warn("User %s is not an Ldap user" % user.username)
            return

        # Cache should be cleared when user logs out.
        if self.USER_CACHE_NAME not in request.session:
            if LDAP.LDAP_SERVERS.get():
                connection = ldap_access.get_connection_from_server(
                    next(LDAP.LDAP_SERVERS.__iter__()))
            else:
                connection = ldap_access.get_connection_from_server()

            import_ldap_users(connection,
                              user.username,
                              sync_groups=True,
                              import_by_dn=False)

            request.session[self.USER_CACHE_NAME] = True
            request.session.modified = True
Пример #3
0
def test_useradmin_ldap_integration():
  reset_all_users()
  reset_all_groups()

  # Set up LDAP tests to use a LdapTestConnection instead of an actual LDAP connection
  ldap_access.CACHED_LDAP_CONN = LdapTestConnection()

  # Try importing a user
  import_ldap_users('larry', import_by_dn=False)
  larry = User.objects.get(username='******')
  assert_true(larry.first_name == 'Larry')
  assert_true(larry.last_name == 'Stooge')
  assert_true(larry.email == '*****@*****.**')
  assert_true(get_profile(larry).creation_method == str(UserProfile.CreationMethod.EXTERNAL))

  # Should be a noop
  sync_ldap_users()
  sync_ldap_groups()
  assert_equal(len(User.objects.all()), 1)
  assert_equal(len(Group.objects.all()), 0)

  # Should import a group, but will only sync already-imported members
  import_ldap_groups('Test Administrators', import_members=False, import_by_dn=False)
  assert_equal(len(User.objects.all()), 1)
  assert_equal(len(Group.objects.all()), 1)
  test_admins = Group.objects.get(name='Test Administrators')
  assert_equal(len(test_admins.user_set.all()), 1)
  assert_equal(test_admins.user_set.all()[0].username, larry.username)

  # Import all members of TestUsers
  import_ldap_groups('TestUsers', import_members=True, import_by_dn=False)
  test_users = Group.objects.get(name='TestUsers')
  assert_true(LdapGroup.objects.filter(group=test_users).exists())
  assert_equal(len(test_users.user_set.all()), 3)

  ldap_access.CACHED_LDAP_CONN.remove_user_group_for_test('moe', 'TestUsers')
  import_ldap_groups('TestUsers', import_members=False, import_by_dn=False)
  assert_equal(len(test_users.user_set.all()), 2)
  assert_equal(len(User.objects.get(username='******').groups.all()), 0)

  ldap_access.CACHED_LDAP_CONN.add_user_group_for_test('moe', 'TestUsers')
  import_ldap_groups('TestUsers', import_members=False, import_by_dn=False)
  assert_equal(len(test_users.user_set.all()), 3)
  assert_equal(len(User.objects.get(username='******').groups.all()), 1)

  # Make sure that if a Hue user already exists with a naming collision, we
  # won't overwrite any of that user's information.
  hue_user = User.objects.create(username='******', first_name='Different', last_name='Guy')
  import_ldap_users('otherguy', import_by_dn=False)
  hue_user = User.objects.get(username='******')
  assert_equal(get_profile(hue_user).creation_method, str(UserProfile.CreationMethod.HUE))
  assert_equal(hue_user.first_name, 'Different')

  # Make sure Hue groups with naming collisions don't get marked as LDAP groups
  hue_group = Group.objects.create(name='OtherGroup')
  hue_group.user_set.add(hue_user)
  hue_group.save()
  import_ldap_groups('OtherGroup', import_members=False, import_by_dn=False)
  assert_false(LdapGroup.objects.filter(group=hue_group).exists())
  assert_true(hue_group.user_set.filter(username=hue_user.username).exists())
Пример #4
0
  def process_request(self, request):
    user = request.user
    server = None

    # Used by tests only
    if request.method == "GET":
      server = request.GET.get('server')

    if not user or not user.is_authenticated():
      return

    if not User.objects.filter(username=user.username, userprofile__creation_method=UserProfile.CreationMethod.EXTERNAL.name).exists():
      LOG.warn("User %s is not an Ldap user" % user.username)
      return

    # Cache should be cleared when user logs out.
    if self.USER_CACHE_NAME not in request.session:
      if LDAP.LDAP_SERVERS.get():
        connection = ldap_access.get_connection_from_server(next(LDAP.LDAP_SERVERS.__iter__()))
      else:
        connection = ldap_access.get_connection_from_server()

      import_ldap_users(connection, user.username, sync_groups=True, import_by_dn=False, server=server)

      request.session[self.USER_CACHE_NAME] = True
      request.session.modified = True
Пример #5
0
Файл: tests.py Проект: joey/hue
def test_useradmin_ldap_user_integration():
  reset_all_users()
  reset_all_groups()

  # Set up LDAP tests to use a LdapTestConnection instead of an actual LDAP connection
  ldap_access.CACHED_LDAP_CONN = LdapTestConnection()

  # Try importing a user
  import_ldap_users('larry', import_by_dn=False)
  larry = User.objects.get(username='******')
  assert_true(larry.first_name == 'Larry')
  assert_true(larry.last_name == 'Stooge')
  assert_true(larry.email == '*****@*****.**')
  assert_true(get_profile(larry).creation_method == str(UserProfile.CreationMethod.EXTERNAL))

  # Should be a noop
  sync_ldap_users()
  sync_ldap_groups()
  assert_equal(len(User.objects.all()), 1)
  assert_equal(len(Group.objects.all()), 0)

  # Make sure that if a Hue user already exists with a naming collision, we
  # won't overwrite any of that user's information.
  hue_user = User.objects.create(username='******', first_name='Different', last_name='Guy')
  import_ldap_users('otherguy', import_by_dn=False)
  hue_user = User.objects.get(username='******')
  assert_equal(get_profile(hue_user).creation_method, str(UserProfile.CreationMethod.HUE))
  assert_equal(hue_user.first_name, 'Different')
Пример #6
0
  def test_useradmin_ldap_force_uppercase(self):
    if is_live_cluster():
      raise SkipTest('HUE-2897: Skipping because the DB may not be case sensitive')

    done = []

    # Set to nonsensical value just to force new config usage.
    # Should continue to use cached connection.
    done.append(desktop.conf.LDAP.LDAP_SERVERS.set_for_testing(get_nonsense_config()))

    try:
      # Set up LDAP tests to use a LdapTestConnection instead of an actual LDAP connection
      ldap_access.CACHED_LDAP_CONN = LdapTestConnection()

      # Test upper case
      User.objects.filter(username__iexact='Rock').delete()
      done.append(desktop.conf.LDAP.IGNORE_USERNAME_CASE.set_for_testing(False))
      done.append(desktop.conf.LDAP.FORCE_USERNAME_LOWERCASE.set_for_testing(False))
      done.append(desktop.conf.LDAP.FORCE_USERNAME_UPPERCASE.set_for_testing(True))

      import_ldap_users(ldap_access.CACHED_LDAP_CONN, 'Rock', sync_groups=False, import_by_dn=False)
      assert_true(User.objects.filter(username='******').exists())
    finally:
      for finish in done:
        finish()
Пример #7
0
def test_useradmin_ldap_user_group_membership_sync():
  settings.MIDDLEWARE_CLASSES.append('useradmin.middleware.LdapSynchronizationMiddleware')

  reset_all_users()
  reset_all_groups()

  # Set up LDAP tests to use a LdapTestConnection instead of an actual LDAP connection
  ldap_access.CACHED_LDAP_CONN = LdapTestConnection()
  # Make sure LDAP groups exist or they won't sync
  import_ldap_groups(ldap_access.CACHED_LDAP_CONN, 'TestUsers', import_members=False, import_members_recursive=False, sync_users=False, import_by_dn=False)
  import_ldap_groups(ldap_access.CACHED_LDAP_CONN, 'Test Administrators', import_members=False, import_members_recursive=False, sync_users=False, import_by_dn=False)

  reset = []

  # Set to nonsensical value just to force new config usage.
  # Should continue to use cached connection.
  reset.append(desktop.conf.LDAP.LDAP_SERVERS.set_for_testing(get_nonsense_config()))

  try:
    # Import curly who is part of TestUsers and Test Administrators
    import_ldap_users(ldap_access.CACHED_LDAP_CONN, 'curly', sync_groups=False, import_by_dn=False)

    # Set a password so that we can login
    user = User.objects.get(username='******')
    user.set_password('test')
    user.save()

    # Should have 0 groups
    assert_equal(0, user.groups.all().count())

    # Make an authenticated request as curly so that we can see call middleware.
    c = make_logged_in_client('curly', 'test', is_superuser=False)
    grant_access("curly", "test", "useradmin")
    response = c.get('/useradmin/users')

    # Refresh user groups
    user = User.objects.get(username='******')

    # Should have 3 groups now. 2 from LDAP and 1 from 'grant_access' call.
    assert_equal(3, user.groups.all().count(), user.groups.all())

    # Now remove a group and try again.
    old_group = ldap_access.CACHED_LDAP_CONN._instance.users['curly']['groups'].pop()

    # Make an authenticated request as curly so that we can see call middleware.
    response = c.get('/useradmin/users')

    # Refresh user groups
    user = User.objects.get(username='******')

    # Should have 2 groups now. 1 from LDAP and 1 from 'grant_access' call.
    assert_equal(3, user.groups.all().count(), user.groups.all())
  finally:
    settings.MIDDLEWARE_CLASSES.remove('useradmin.middleware.LdapSynchronizationMiddleware')

    for finish in reset:
      finish()
Пример #8
0
def test_useradmin_ldap_user_group_membership_sync():
  settings.MIDDLEWARE_CLASSES.append('useradmin.middleware.LdapSynchronizationMiddleware')

  reset_all_users()
  reset_all_groups()

  # Set up LDAP tests to use a LdapTestConnection instead of an actual LDAP connection
  ldap_access.CACHED_LDAP_CONN = LdapTestConnection()
  # Make sure LDAP groups exist or they won't sync
  import_ldap_groups(ldap_access.CACHED_LDAP_CONN, 'TestUsers', import_members=False, import_members_recursive=False, sync_users=False, import_by_dn=False)
  import_ldap_groups(ldap_access.CACHED_LDAP_CONN, 'Test Administrators', import_members=False, import_members_recursive=False, sync_users=False, import_by_dn=False)

  reset = []

  # Set to nonsensical value just to force new config usage.
  # Should continue to use cached connection.
  reset.append(desktop.conf.LDAP.LDAP_SERVERS.set_for_testing(get_nonsense_config()))

  try:
    # Import curly who is part of TestUsers and Test Administrators
    import_ldap_users(ldap_access.CACHED_LDAP_CONN, 'curly', sync_groups=False, import_by_dn=False)

    # Set a password so that we can login
    user = User.objects.get(username='******')
    user.set_password('test')
    user.save()

    # Should have 0 groups
    assert_equal(0, user.groups.all().count())

    # Make an authenticated request as curly so that we can see call middleware.
    c = make_logged_in_client('curly', 'test', is_superuser=False)
    grant_access("curly", "test", "useradmin")
    response = c.get('/useradmin/users')

    # Refresh user groups
    user = User.objects.get(username='******')

    # Should have 3 groups now. 2 from LDAP and 1 from 'grant_access' call.
    assert_equal(3, user.groups.all().count(), user.groups.all())

    # Now remove a group and try again.
    old_group = ldap_access.CACHED_LDAP_CONN._instance.users['curly']['groups'].pop()

    # Make an authenticated request as curly so that we can see call middleware.
    response = c.get('/useradmin/users')

    # Refresh user groups
    user = User.objects.get(username='******')

    # Should have 2 groups now. 1 from LDAP and 1 from 'grant_access' call.
    assert_equal(3, user.groups.all().count(), user.groups.all())
  finally:
    settings.MIDDLEWARE_CLASSES.remove('useradmin.middleware.LdapSynchronizationMiddleware')

    for finish in reset:
      finish()
Пример #9
0
def test_useradmin_ldap_user_group_membership_sync():
    reset = [
        desktop.conf.AUTH.USER_GROUP_MEMBERSHIP_SYNCHRONIZATION_BACKEND.
        set_for_testing('desktop.auth.backend.LdapSynchronizationBackend')
    ]
    settings.MIDDLEWARE_CLASSES.append(
        'desktop.middleware.UserGroupSynchronizationMiddleware')

    reset_all_users()
    reset_all_groups()

    # Set up LDAP tests to use a LdapTestConnection instead of an actual LDAP connection
    ldap_access.CACHED_LDAP_CONN = LdapTestConnection()

    try:
        # Import curly who is part of TestUsers and Test Administrators
        import_ldap_users('curly', sync_groups=False, import_by_dn=False)

        # Set a password so that we can login
        user = User.objects.get(username='******')
        user.set_password('test')
        user.save()

        # Should have 0 groups
        assert_equal(0, user.groups.all().count())

        # Make an authenticated request as curly so that we can see call middleware.
        c = make_logged_in_client('curly', 'test', is_superuser=False)
        grant_access("curly", "test", "useradmin")
        response = c.get('/useradmin/users')

        # Refresh user groups
        user = User.objects.get(username='******')

        # Should have 3 groups now. 2 from LDAP and 1 from 'grant_access' call.
        assert_equal(3, user.groups.all().count(), user.groups.all())

        # Now remove a group and try again.
        old_group = ldap_access.CACHED_LDAP_CONN._instance.users['curly'][
            'groups'].pop()

        # Make an authenticated request as curly so that we can see call middleware.
        response = c.get('/useradmin/users')

        # Refresh user groups
        user = User.objects.get(username='******')

        # Should have 2 groups now. 1 from LDAP and 1 from 'grant_access' call.
        assert_equal(3, user.groups.all().count(), user.groups.all())
    finally:
        for finish in reset:
            finish()
        settings.MIDDLEWARE_CLASSES.remove(
            'desktop.middleware.UserGroupSynchronizationMiddleware')
Пример #10
0
def test_useradmin_ldap_user_group_membership_sync():
    reset = [
        desktop.conf.AUTH.USER_GROUP_MEMBERSHIP_SYNCHRONIZATION_BACKEND.set_for_testing(
            "desktop.auth.backend.LdapSynchronizationBackend"
        )
    ]
    settings.MIDDLEWARE_CLASSES.append("desktop.middleware.UserGroupSynchronizationMiddleware")

    reset_all_users()
    reset_all_groups()

    # Set up LDAP tests to use a LdapTestConnection instead of an actual LDAP connection
    ldap_access.CACHED_LDAP_CONN = LdapTestConnection()

    try:
        # Import curly who is part of TestUsers and Test Administrators
        import_ldap_users("curly", sync_groups=False, import_by_dn=False)

        # Set a password so that we can login
        user = User.objects.get(username="******")
        user.set_password("test")
        user.save()

        # Should have 0 groups
        assert_equal(0, user.groups.all().count())

        # Make an authenticated request as curly so that we can see call middleware.
        c = make_logged_in_client("curly", "test", is_superuser=False)
        grant_access("curly", "test", "useradmin")
        response = c.get("/useradmin/users")

        # Refresh user groups
        user = User.objects.get(username="******")

        # Should have 3 groups now. 2 from LDAP and 1 from 'grant_access' call.
        assert_equal(3, user.groups.all().count(), user.groups.all())

        # Now remove a group and try again.
        old_group = ldap_access.CACHED_LDAP_CONN._instance.users["curly"]["groups"].pop()

        # Make an authenticated request as curly so that we can see call middleware.
        response = c.get("/useradmin/users")

        # Refresh user groups
        user = User.objects.get(username="******")

        # Should have 2 groups now. 1 from LDAP and 1 from 'grant_access' call.
        assert_equal(3, user.groups.all().count(), user.groups.all())
    finally:
        for finish in reset:
            finish()
        settings.MIDDLEWARE_CLASSES.remove("desktop.middleware.UserGroupSynchronizationMiddleware")
Пример #11
0
  def test_useradmin_ldap_case_sensitivity(self):
    if is_live_cluster():
      raise SkipTest('HUE-2897: Cannot yet guarantee database is case sensitive')

    done = []
    try:
      # Set up LDAP tests to use a LdapTestConnection instead of an actual LDAP connection
      ldap_access.CACHED_LDAP_CONN = LdapTestConnection()

      # Test import case sensitivity
      done.append(desktop.conf.LDAP.IGNORE_USERNAME_CASE.set_for_testing(True))
      import_ldap_users(ldap_access.CACHED_LDAP_CONN, 'Lårry', sync_groups=False, import_by_dn=False)
      assert_false(User.objects.filter(username='******').exists())
      assert_true(User.objects.filter(username='******').exists())

      # Test lower case
      User.objects.filter(username__iexact='Rock').delete()
      import_ldap_users(ldap_access.CACHED_LDAP_CONN, 'Rock', sync_groups=False, import_by_dn=False)
      assert_false(User.objects.filter(username='******').exists())
      assert_true(User.objects.filter(username='******').exists())

      done.append(desktop.conf.LDAP.FORCE_USERNAME_LOWERCASE.set_for_testing(True))

      import_ldap_users(ldap_access.CACHED_LDAP_CONN, 'Rock', sync_groups=False, import_by_dn=False)
      assert_false(User.objects.filter(username='******').exists())
      assert_true(User.objects.filter(username='******').exists())

      User.objects.filter(username='******').delete()
      import_ldap_users(ldap_access.CACHED_LDAP_CONN, 'Rock', sync_groups=False, import_by_dn=False)
      assert_false(User.objects.filter(username='******').exists())
      assert_true(User.objects.filter(username='******').exists())
    finally:
      for finish in done:
        finish()
Пример #12
0
def test_useradmin_ldap_user_integration():
    reset_all_users()
    reset_all_groups()

    # Set up LDAP tests to use a LdapTestConnection instead of an actual LDAP connection
    ldap_access.CACHED_LDAP_CONN = LdapTestConnection()

    # Try importing a user
    import_ldap_users('lårry', sync_groups=False, import_by_dn=False)
    larry = User.objects.get(username='******')
    assert_true(larry.first_name == 'Larry')
    assert_true(larry.last_name == 'Stooge')
    assert_true(larry.email == '*****@*****.**')
    assert_true(
        get_profile(larry).creation_method == str(
            UserProfile.CreationMethod.EXTERNAL))

    # Should be a noop
    sync_ldap_users()
    sync_ldap_groups()
    assert_equal(User.objects.all().count(), 1)
    assert_equal(Group.objects.all().count(), 0)

    # Make sure that if a Hue user already exists with a naming collision, we
    # won't overwrite any of that user's information.
    hue_user = User.objects.create(username='******',
                                   first_name='Different',
                                   last_name='Guy')
    import_ldap_users('otherguy', sync_groups=False, import_by_dn=False)
    hue_user = User.objects.get(username='******')
    assert_equal(
        get_profile(hue_user).creation_method,
        str(UserProfile.CreationMethod.HUE))
    assert_equal(hue_user.first_name, 'Different')

    # Try importing a user and sync groups
    import_ldap_users('curly', sync_groups=True, import_by_dn=False)
    curly = User.objects.get(username='******')
    assert_equal(curly.first_name, 'Curly')
    assert_equal(curly.last_name, 'Stooge')
    assert_equal(curly.email, '*****@*****.**')
    assert_equal(
        get_profile(curly).creation_method,
        str(UserProfile.CreationMethod.EXTERNAL))
    assert_equal(2, curly.groups.all().count(), curly.groups.all())

    reset_all_users()
    reset_all_groups()

    # Test import case sensitivity
    reset = desktop.conf.LDAP.IGNORE_USERNAME_CASE.set_for_testing(True)
    import_ldap_users('Lårry', sync_groups=False, import_by_dn=False)
    assert_false(User.objects.filter(username='******').exists())
    assert_true(User.objects.filter(username='******').exists())
    reset()
Пример #13
0
def test_useradmin_ldap_user_group_membership_sync():
  settings.MIDDLEWARE_CLASSES.append('useradmin.middleware.LdapSynchronizationMiddleware')

  reset_all_users()
  reset_all_groups()

  # Set up LDAP tests to use a LdapTestConnection instead of an actual LDAP connection
  ldap_access.CACHED_LDAP_CONN = LdapTestConnection()

  try:
    # Import curly who is part of TestUsers and Test Administrators
    import_ldap_users('curly', sync_groups=False, import_by_dn=False)

    # Set a password so that we can login
    user = User.objects.get(username='******')
    user.set_password('test')
    user.save()

    # Should have 0 groups
    assert_equal(0, user.groups.all().count())

    # Make an authenticated request as curly so that we can see call middleware.
    c = make_logged_in_client('curly', 'test', is_superuser=False)
    grant_access("curly", "test", "useradmin")
    response = c.get('/useradmin/users')

    # Refresh user groups
    user = User.objects.get(username='******')

    # Should have 3 groups now. 2 from LDAP and 1 from 'grant_access' call.
    assert_equal(3, user.groups.all().count(), user.groups.all())

    # Now remove a group and try again.
    old_group = ldap_access.CACHED_LDAP_CONN._instance.users['curly']['groups'].pop()

    # Make an authenticated request as curly so that we can see call middleware.
    response = c.get('/useradmin/users')

    # Refresh user groups
    user = User.objects.get(username='******')

    # Should have 2 groups now. 1 from LDAP and 1 from 'grant_access' call.
    assert_equal(3, user.groups.all().count(), user.groups.all())
  finally:
    settings.MIDDLEWARE_CLASSES.remove('useradmin.middleware.LdapSynchronizationMiddleware')
Пример #14
0
def test_useradmin_ldap_case_sensitivity():
    if is_live_cluster():
        raise SkipTest(
            'HUE-2897: Cannot yet guarantee database is case sensitive')

    done = []
    try:
        reset_all_users()
        reset_all_groups()

        # Set up LDAP tests to use a LdapTestConnection instead of an actual LDAP connection
        ldap_access.CACHED_LDAP_CONN = LdapTestConnection()

        # Test import case sensitivity
        done.append(
            desktop.conf.LDAP.IGNORE_USERNAME_CASE.set_for_testing(True))
        import_ldap_users(ldap_access.CACHED_LDAP_CONN,
                          'Lårry',
                          sync_groups=False,
                          import_by_dn=False)
        assert_false(User.objects.filter(username='******').exists())
        assert_true(User.objects.filter(username='******').exists())

        # Test lower case
        User.objects.filter(username__iexact='Rock').delete()
        import_ldap_users(ldap_access.CACHED_LDAP_CONN,
                          'Rock',
                          sync_groups=False,
                          import_by_dn=False)
        assert_false(User.objects.filter(username='******').exists())
        assert_true(User.objects.filter(username='******').exists())

        done.append(
            desktop.conf.LDAP.FORCE_USERNAME_LOWERCASE.set_for_testing(True))

        import_ldap_users(ldap_access.CACHED_LDAP_CONN,
                          'Rock',
                          sync_groups=False,
                          import_by_dn=False)
        assert_false(User.objects.filter(username='******').exists())
        assert_true(User.objects.filter(username='******').exists())

        User.objects.filter(username='******').delete()
        import_ldap_users(ldap_access.CACHED_LDAP_CONN,
                          'Rock',
                          sync_groups=False,
                          import_by_dn=False)
        assert_false(User.objects.filter(username='******').exists())
        assert_true(User.objects.filter(username='******').exists())
    finally:
        for finish in done:
            finish()
Пример #15
0
  def process_request(self, request):
    user = request.user

    if not user or not user.is_authenticated():
      return

    if not User.objects.filter(username=user.username, userprofile__creation_method=str(UserProfile.CreationMethod.EXTERNAL)).exists():
      LOG.warn("User %s is not an Ldap user" % user.username)
      return

    # Cache should be cleared when user logs out.
    if self.USER_CACHE_NAME not in request.session:
      request.session[self.USER_CACHE_NAME] = import_ldap_users(user.username, sync_groups=True, import_by_dn=False)
      request.session.modified = True
Пример #16
0
def test_useradmin_ldap_user_integration():
  reset_all_users()
  reset_all_groups()

  # Set up LDAP tests to use a LdapTestConnection instead of an actual LDAP connection
  ldap_access.CACHED_LDAP_CONN = LdapTestConnection()

  # Try importing a user
  import_ldap_users('lårry', sync_groups=False, import_by_dn=False)
  larry = User.objects.get(username='******')
  assert_true(larry.first_name == 'Larry')
  assert_true(larry.last_name == 'Stooge')
  assert_true(larry.email == '*****@*****.**')
  assert_true(get_profile(larry).creation_method == str(UserProfile.CreationMethod.EXTERNAL))

  # Should be a noop
  sync_ldap_users()
  sync_ldap_groups()
  assert_equal(User.objects.all().count(), 1)
  assert_equal(Group.objects.all().count(), 0)

  # Make sure that if a Hue user already exists with a naming collision, we
  # won't overwrite any of that user's information.
  hue_user = User.objects.create(username='******', first_name='Different', last_name='Guy')
  import_ldap_users('otherguy', sync_groups=False, import_by_dn=False)
  hue_user = User.objects.get(username='******')
  assert_equal(get_profile(hue_user).creation_method, str(UserProfile.CreationMethod.HUE))
  assert_equal(hue_user.first_name, 'Different')

  # Try importing a user and sync groups
  import_ldap_users('curly', sync_groups=True, import_by_dn=False)
  curly = User.objects.get(username='******')
  assert_equal(curly.first_name, 'Curly')
  assert_equal(curly.last_name, 'Stooge')
  assert_equal(curly.email, '*****@*****.**')
  assert_equal(get_profile(curly).creation_method, str(UserProfile.CreationMethod.EXTERNAL))
  assert_equal(2, curly.groups.all().count(), curly.groups.all())

  reset_all_users()
  reset_all_groups()

  # Test import case sensitivity
  reset = desktop.conf.LDAP.IGNORE_USERNAME_CASE.set_for_testing(True)
  import_ldap_users('Lårry', sync_groups=False, import_by_dn=False)
  assert_false(User.objects.filter(username='******').exists())
  assert_true(User.objects.filter(username='******').exists())
  reset()
Пример #17
0
    def process_request(self, request):
        user = request.user

        if not user or not user.is_authenticated():
            return

        if not User.objects.filter(
                username=user.username,
                userprofile__creation_method=str(
                    UserProfile.CreationMethod.EXTERNAL)).exists():
            LOG.warn("User %s is not an Ldap user" % user.username)
            return

        # Cache should be cleared when user logs out.
        if self.USER_CACHE_NAME not in request.session:
            request.session[self.USER_CACHE_NAME] = import_ldap_users(
                user.username, sync_groups=True, import_by_dn=False)
            request.session.modified = True
Пример #18
0
def test_useradmin_ldap_user_integration():
  done = []
  try:
    reset_all_users()
    reset_all_groups()

    # Set up LDAP tests to use a LdapTestConnection instead of an actual LDAP connection
    ldap_access.CACHED_LDAP_CONN = LdapTestConnection()

    # Try importing a user
    import_ldap_users(ldap_access.CACHED_LDAP_CONN, 'lårry', sync_groups=False, import_by_dn=False)
    larry = User.objects.get(username='******')
    assert_true(larry.first_name == 'Larry')
    assert_true(larry.last_name == 'Stooge')
    assert_true(larry.email == '*****@*****.**')
    assert_true(get_profile(larry).creation_method == str(UserProfile.CreationMethod.EXTERNAL))

    # Should be a noop
    sync_ldap_users(ldap_access.CACHED_LDAP_CONN)
    sync_ldap_groups(ldap_access.CACHED_LDAP_CONN)
    assert_equal(User.objects.all().count(), 1)
    assert_equal(Group.objects.all().count(), 0)

    # Make sure that if a Hue user already exists with a naming collision, we
    # won't overwrite any of that user's information.
    hue_user = User.objects.create(username='******', first_name='Different', last_name='Guy')
    import_ldap_users(ldap_access.CACHED_LDAP_CONN, 'otherguy', sync_groups=False, import_by_dn=False)
    hue_user = User.objects.get(username='******')
    assert_equal(get_profile(hue_user).creation_method, str(UserProfile.CreationMethod.HUE))
    assert_equal(hue_user.first_name, 'Different')

    # Make sure LDAP groups exist or they won't sync
    import_ldap_groups(ldap_access.CACHED_LDAP_CONN, 'TestUsers', import_members=False, import_members_recursive=False, sync_users=False, import_by_dn=False)
    import_ldap_groups(ldap_access.CACHED_LDAP_CONN, 'Test Administrators', import_members=False, import_members_recursive=False, sync_users=False, import_by_dn=False)
    # Try importing a user and sync groups
    import_ldap_users(ldap_access.CACHED_LDAP_CONN, 'curly', sync_groups=True, import_by_dn=False)
    curly = User.objects.get(username='******')
    assert_equal(curly.first_name, 'Curly')
    assert_equal(curly.last_name, 'Stooge')
    assert_equal(curly.email, '*****@*****.**')
    assert_equal(get_profile(curly).creation_method, str(UserProfile.CreationMethod.EXTERNAL))
    assert_equal(2, curly.groups.all().count(), curly.groups.all())

    reset_all_users()
    reset_all_groups()
  finally:
    for finish in done:
      finish()
Пример #19
0
def test_useradmin_ldap_user_integration():
  if is_live_cluster():
    raise SkipTest('HUE-2897: Skipping because DB may not support unicode')

  done = []

  # Set to nonsensical value just to force new config usage.
  # Should continue to use cached connection.
  done.append(desktop.conf.LDAP.LDAP_SERVERS.set_for_testing(get_nonsense_config()))

  try:
    reset_all_users()
    reset_all_groups()

    # Set up LDAP tests to use a LdapTestConnection instead of an actual LDAP connection
    ldap_access.CACHED_LDAP_CONN = LdapTestConnection()

    # Try importing a user
    import_ldap_users(ldap_access.CACHED_LDAP_CONN, 'lårry', sync_groups=False, import_by_dn=False)
    larry = User.objects.get(username='******')
    assert_true(larry.first_name == 'Larry')
    assert_true(larry.last_name == 'Stooge')
    assert_true(larry.email == '*****@*****.**')
    assert_true(get_profile(larry).creation_method == str(UserProfile.CreationMethod.EXTERNAL))

    # Should be a noop
    sync_ldap_users(ldap_access.CACHED_LDAP_CONN)
    sync_ldap_groups(ldap_access.CACHED_LDAP_CONN)
    assert_equal(User.objects.all().count(), 1)
    assert_equal(Group.objects.all().count(), 0)

    # Make sure that if a Hue user already exists with a naming collision, we
    # won't overwrite any of that user's information.
    hue_user = User.objects.create(username='******', first_name='Different', last_name='Guy')
    import_ldap_users(ldap_access.CACHED_LDAP_CONN, 'otherguy', sync_groups=False, import_by_dn=False)
    hue_user = User.objects.get(username='******')
    assert_equal(get_profile(hue_user).creation_method, str(UserProfile.CreationMethod.HUE))
    assert_equal(hue_user.first_name, 'Different')

    # Make sure LDAP groups exist or they won't sync
    import_ldap_groups(ldap_access.CACHED_LDAP_CONN, 'TestUsers', import_members=False, import_members_recursive=False, sync_users=False, import_by_dn=False)
    import_ldap_groups(ldap_access.CACHED_LDAP_CONN, 'Test Administrators', import_members=False, import_members_recursive=False, sync_users=False, import_by_dn=False)
    # Try importing a user and sync groups
    import_ldap_users(ldap_access.CACHED_LDAP_CONN, 'curly', sync_groups=True, import_by_dn=False)
    curly = User.objects.get(username='******')
    assert_equal(curly.first_name, 'Curly')
    assert_equal(curly.last_name, 'Stooge')
    assert_equal(curly.email, '*****@*****.**')
    assert_equal(get_profile(curly).creation_method, str(UserProfile.CreationMethod.EXTERNAL))
    assert_equal(2, curly.groups.all().count(), curly.groups.all())

    reset_all_users()
    reset_all_groups()

    # Test import case sensitivity
    done.append(desktop.conf.LDAP.IGNORE_USERNAME_CASE.set_for_testing(True))
    import_ldap_users(ldap_access.CACHED_LDAP_CONN, 'Lårry', sync_groups=False, import_by_dn=False)
    assert_false(User.objects.filter(username='******').exists())
    assert_true(User.objects.filter(username='******').exists())

    # Test lower case
    User.objects.filter(username__iexact='Rock').delete()
    import_ldap_users(ldap_access.CACHED_LDAP_CONN, 'Rock', sync_groups=False, import_by_dn=False)
    assert_false(User.objects.filter(username='******').exists())
    assert_true(User.objects.filter(username='******').exists())

    done.append(desktop.conf.LDAP.FORCE_USERNAME_LOWERCASE.set_for_testing(True))

    import_ldap_users(ldap_access.CACHED_LDAP_CONN, 'Rock', sync_groups=False, import_by_dn=False)
    assert_false(User.objects.filter(username='******').exists())
    assert_true(User.objects.filter(username='******').exists())

    User.objects.filter(username='******').delete()
    import_ldap_users(ldap_access.CACHED_LDAP_CONN, 'Rock', sync_groups=False, import_by_dn=False)
    assert_false(User.objects.filter(username='******').exists())
    assert_true(User.objects.filter(username='******').exists())
  finally:
    for finish in done:
      finish()
Пример #20
0
    def test_useradmin_ldap_user_integration(self):
        done = []
        try:
            # Set up LDAP tests to use a LdapTestConnection instead of an actual LDAP connection
            ldap_access.CACHED_LDAP_CONN = LdapTestConnection()

            # Try importing a user
            import_ldap_users(ldap_access.CACHED_LDAP_CONN,
                              'lårry',
                              sync_groups=False,
                              import_by_dn=False)
            larry = User.objects.get(username='******')
            assert_true(larry.first_name == 'Larry')
            assert_true(larry.last_name == 'Stooge')
            assert_true(larry.email == '*****@*****.**')
            assert_true(
                get_profile(larry).creation_method ==
                UserProfile.CreationMethod.EXTERNAL.name)

            # Should be a noop
            sync_ldap_users(ldap_access.CACHED_LDAP_CONN)
            sync_ldap_groups(ldap_access.CACHED_LDAP_CONN)
            assert_equal(User.objects.all().count(), 1)
            assert_equal(Group.objects.all().count(), 0)

            # Make sure that if a Hue user already exists with a naming collision, we
            # won't overwrite any of that user's information.
            hue_user = User.objects.create(username='******',
                                           first_name='Different',
                                           last_name='Guy')
            import_ldap_users(ldap_access.CACHED_LDAP_CONN,
                              'otherguy',
                              sync_groups=False,
                              import_by_dn=False)
            hue_user = User.objects.get(username='******')
            assert_equal(
                get_profile(hue_user).creation_method,
                UserProfile.CreationMethod.HUE.name)
            assert_equal(hue_user.first_name, 'Different')

            # Make sure LDAP groups exist or they won't sync
            import_ldap_groups(ldap_access.CACHED_LDAP_CONN,
                               'TestUsers',
                               import_members=False,
                               import_members_recursive=False,
                               sync_users=False,
                               import_by_dn=False)
            import_ldap_groups(ldap_access.CACHED_LDAP_CONN,
                               'Test Administrators',
                               import_members=False,
                               import_members_recursive=False,
                               sync_users=False,
                               import_by_dn=False)
            # Try importing a user and sync groups
            import_ldap_users(ldap_access.CACHED_LDAP_CONN,
                              'curly',
                              sync_groups=True,
                              import_by_dn=False)
            curly = User.objects.get(username='******')
            assert_equal(curly.first_name, 'Curly')
            assert_equal(curly.last_name, 'Stooge')
            assert_equal(curly.email, '*****@*****.**')
            assert_equal(
                get_profile(curly).creation_method,
                UserProfile.CreationMethod.EXTERNAL.name)
            assert_equal(2, curly.groups.all().count(), curly.groups.all())

            reset_all_users()
            reset_all_groups()
        finally:
            for finish in done:
                finish()
Пример #21
0
Файл: tests.py Проект: jekey/hue
def test_useradmin_ldap_user_integration():
    done = []
    try:
        reset_all_users()
        reset_all_groups()

        # Set up LDAP tests to use a LdapTestConnection instead of an actual LDAP connection
        ldap_access.CACHED_LDAP_CONN = LdapTestConnection()

        # Try importing a user
        import_ldap_users("lårry", sync_groups=False, import_by_dn=False)
        larry = User.objects.get(username="******")
        assert_true(larry.first_name == "Larry")
        assert_true(larry.last_name == "Stooge")
        assert_true(larry.email == "*****@*****.**")
        assert_true(get_profile(larry).creation_method == str(UserProfile.CreationMethod.EXTERNAL))

        # Should be a noop
        sync_ldap_users()
        sync_ldap_groups()
        assert_equal(User.objects.all().count(), 1)
        assert_equal(Group.objects.all().count(), 0)

        # Make sure that if a Hue user already exists with a naming collision, we
        # won't overwrite any of that user's information.
        hue_user = User.objects.create(username="******", first_name="Different", last_name="Guy")
        import_ldap_users("otherguy", sync_groups=False, import_by_dn=False)
        hue_user = User.objects.get(username="******")
        assert_equal(get_profile(hue_user).creation_method, str(UserProfile.CreationMethod.HUE))
        assert_equal(hue_user.first_name, "Different")

        # Try importing a user and sync groups
        import_ldap_users("curly", sync_groups=True, import_by_dn=False)
        curly = User.objects.get(username="******")
        assert_equal(curly.first_name, "Curly")
        assert_equal(curly.last_name, "Stooge")
        assert_equal(curly.email, "*****@*****.**")
        assert_equal(get_profile(curly).creation_method, str(UserProfile.CreationMethod.EXTERNAL))
        assert_equal(2, curly.groups.all().count(), curly.groups.all())

        reset_all_users()
        reset_all_groups()

        # Test import case sensitivity
        done.append(desktop.conf.LDAP.IGNORE_USERNAME_CASE.set_for_testing(True))
        import_ldap_users("Lårry", sync_groups=False, import_by_dn=False)
        assert_false(User.objects.filter(username="******").exists())
        assert_true(User.objects.filter(username="******").exists())

        # Test lower case
        User.objects.filter(username__iexact="Rock").delete()
        import_ldap_users("Rock", sync_groups=False, import_by_dn=False)
        assert_true(User.objects.filter(username="******").exists())
        assert_false(User.objects.filter(username="******").exists())

        done.append(desktop.conf.LDAP.FORCE_USERNAME_LOWERCASE.set_for_testing(True))

        import_ldap_users("Rock", sync_groups=False, import_by_dn=False)
        assert_true(User.objects.filter(username="******").exists())
        assert_false(User.objects.filter(username="******").exists())

        User.objects.filter(username="******").delete()
        import_ldap_users("Rock", sync_groups=False, import_by_dn=False)
        assert_false(User.objects.filter(username="******").exists())
        assert_true(User.objects.filter(username="******").exists())
    finally:
        for finish in done:
            finish()
Пример #22
0
    def test_useradmin_ldap_user_integration(self):
        if is_live_cluster():
            raise SkipTest(
                'HUE-2897: Skipping because the DB may not be case sensitive')

        done = []

        # Set to nonsensical value just to force new config usage.
        # Should continue to use cached connection.
        done.append(
            desktop.conf.LDAP.LDAP_SERVERS.set_for_testing(
                get_nonsense_config()))

        try:
            # Set up LDAP tests to use a LdapTestConnection instead of an actual LDAP connection
            ldap_access.CACHED_LDAP_CONN = LdapTestConnection()

            # Try importing a user
            import_ldap_users(ldap_access.CACHED_LDAP_CONN,
                              'lårry',
                              sync_groups=False,
                              import_by_dn=False)
            larry = User.objects.get(username='******')
            assert_true(larry.first_name == 'Larry')
            assert_true(larry.last_name == 'Stooge')
            assert_true(larry.email == '*****@*****.**')
            assert_true(
                get_profile(larry).creation_method == str(
                    UserProfile.CreationMethod.EXTERNAL))

            # Should be a noop
            sync_ldap_users(ldap_access.CACHED_LDAP_CONN)
            sync_ldap_groups(ldap_access.CACHED_LDAP_CONN)
            assert_equal(User.objects.all().count(), 1)
            assert_equal(Group.objects.all().count(), 0)

            # Make sure that if a Hue user already exists with a naming collision, we
            # won't overwrite any of that user's information.
            hue_user = User.objects.create(username='******',
                                           first_name='Different',
                                           last_name='Guy')
            import_ldap_users(ldap_access.CACHED_LDAP_CONN,
                              'otherguy',
                              sync_groups=False,
                              import_by_dn=False)
            hue_user = User.objects.get(username='******')
            assert_equal(
                get_profile(hue_user).creation_method,
                str(UserProfile.CreationMethod.HUE))
            assert_equal(hue_user.first_name, 'Different')

            # Make sure LDAP groups exist or they won't sync
            import_ldap_groups(ldap_access.CACHED_LDAP_CONN,
                               'TestUsers',
                               import_members=False,
                               import_members_recursive=False,
                               sync_users=False,
                               import_by_dn=False)
            import_ldap_groups(ldap_access.CACHED_LDAP_CONN,
                               'Test Administrators',
                               import_members=False,
                               import_members_recursive=False,
                               sync_users=False,
                               import_by_dn=False)
            # Try importing a user and sync groups
            import_ldap_users(ldap_access.CACHED_LDAP_CONN,
                              'curly',
                              sync_groups=True,
                              import_by_dn=False)
            curly = User.objects.get(username='******')
            assert_equal(curly.first_name, 'Curly')
            assert_equal(curly.last_name, 'Stooge')
            assert_equal(curly.email, '*****@*****.**')
            assert_equal(
                get_profile(curly).creation_method,
                str(UserProfile.CreationMethod.EXTERNAL))
            assert_equal(2, curly.groups.all().count(), curly.groups.all())

            reset_all_users()
            reset_all_groups()

            # Test import case sensitivity
            done.append(
                desktop.conf.LDAP.IGNORE_USERNAME_CASE.set_for_testing(True))
            import_ldap_users(ldap_access.CACHED_LDAP_CONN,
                              'Lårry',
                              sync_groups=False,
                              import_by_dn=False)
            assert_false(User.objects.filter(username='******').exists())
            assert_true(User.objects.filter(username='******').exists())

            # Test lower case
            User.objects.filter(username__iexact='Rock').delete()
            import_ldap_users(ldap_access.CACHED_LDAP_CONN,
                              'Rock',
                              sync_groups=False,
                              import_by_dn=False)
            assert_false(User.objects.filter(username='******').exists())
            assert_true(User.objects.filter(username='******').exists())

            done.append(
                desktop.conf.LDAP.FORCE_USERNAME_LOWERCASE.set_for_testing(
                    True))

            import_ldap_users(ldap_access.CACHED_LDAP_CONN,
                              'Rock',
                              sync_groups=False,
                              import_by_dn=False)
            assert_false(User.objects.filter(username='******').exists())
            assert_true(User.objects.filter(username='******').exists())

            User.objects.filter(username='******').delete()
            import_ldap_users(ldap_access.CACHED_LDAP_CONN,
                              'Rock',
                              sync_groups=False,
                              import_by_dn=False)
            assert_false(User.objects.filter(username='******').exists())
            assert_true(User.objects.filter(username='******').exists())
        finally:
            for finish in done:
                finish()