def _get_identity(self, identifier): with ldap_context(self.ldap_settings): user_dn, user_data = get_user_by_id(identifier, self._attributes) if not user_dn: return None return IdentityInfo(self, identifier=user_data[self.ldap_settings['uid']][0], **to_unicode(user_data))
def has_member(self, user_identifier): with ldap_context(self.ldap_settings): user_dn, user_data = get_user_by_id(user_identifier, attributes=[self.ldap_settings['member_of_attr']]) if not user_dn: return False if self.ldap_settings['ad_group_style']: group_dn, group_data = get_group_by_id(self.name, attributes=['objectSid']) group_sids = group_data.get('objectSid') token_groups = get_token_groups_from_user_dn(user_dn) return any(group_sid in token_groups for group_sid in group_sids) else: return self.dn in user_data.get(self.ldap_settings['member_of_attr'], [])
def process_local_login(self, data): username = data['username'] password = data['password'] with ldap_context(self.ldap_settings, use_cache=False): try: user_dn, user_data = get_user_by_id(username, attributes=[self.ldap_settings['uid']]) if not user_dn: raise NoSuchUser current_ldap.connection.simple_bind_s(user_dn, password) except INVALID_CREDENTIALS: raise InvalidCredentials auth_info = AuthInfo(self, identifier=user_data[self.ldap_settings['uid']][0]) return self.multipass.handle_auth_success(auth_info)
def process_local_login(self, data): username = data['username'] password = data['password'] with ldap_context(self.ldap_settings, use_cache=False): try: user_dn, user_data = get_user_by_id( username, attributes=[self.ldap_settings['uid']]) if not user_dn: raise NoSuchUser(provider=self) current_ldap.connection.simple_bind_s(user_dn, password) except INVALID_CREDENTIALS: raise InvalidCredentials(provider=self) auth_info = AuthInfo( self, identifier=user_data[self.ldap_settings['uid']][0]) return self.multipass.handle_auth_success(auth_info)
def has_member(self, user_identifier): with ldap_context(self.ldap_settings): user_dn, user_data = get_user_by_id( user_identifier, attributes=[self.ldap_settings['member_of_attr']]) if not user_dn: return False if self.ldap_settings['ad_group_style']: group_dn, group_data = get_group_by_id( self.name, attributes=['objectSid']) group_sids = group_data.get('objectSid') token_groups = get_token_groups_from_user_dn(user_dn) return any(group_sid in token_groups for group_sid in group_sids) else: return self.dn in user_data.get( self.ldap_settings['member_of_attr'], [])
def get_identity_groups(self, identifier): groups = set() with ldap_context(self.ldap_settings): user_dn, user_data = get_user_by_id(identifier, self._attributes) if not user_dn: return set() if self.ldap_settings['ad_group_style']: for sid in get_token_groups_from_user_dn(user_dn): search_filter = build_group_search_filter( {'objectSid': {sid}}, exact=True) for group_dn, group_data in self._search_groups( search_filter): group_name = to_unicode( group_data[self.ldap_settings['gid']][0]) groups.add(self.group_class(self, group_name, group_dn)) else: # OpenLDAP does not have a way to get all groups for a user including nested ones raise NotImplementedError( 'Only available for active directory') return groups
def test_get_user_by_id_handles_none_id(): with pytest.raises(IdentityRetrievalFailed) as excinfo: get_user_by_id(None) assert excinfo.value.message == 'No identifier specified'