diff --git a/allauth_ens/adapter.py b/allauth_ens/adapter.py index 92fe990..b7a22ab 100644 --- a/allauth_ens/adapter.py +++ b/allauth_ens/adapter.py @@ -5,6 +5,9 @@ from allauth.account.utils import user_email, user_field, user_username from allauth.account.models import EmailAddress from allauth.socialaccount.adapter import DefaultSocialAccountAdapter, get_account_adapter from allauth.socialaccount.models import SocialAccount +from django.conf import settings + +import six DEPARTMENTS_LIST = ( ('phy', u'Physique'), @@ -19,20 +22,25 @@ DEPARTMENTS_LIST = ( ('pei', u'PEI'), ) +def _init_ldap(): + server = getattr(settings, "LDAP_SERVER", "ldaps://ldap.spi.ens.fr:636") + ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, + ldap.OPT_X_TLS_NEVER) + l = ldap.initialize(server) + l.set_option(ldap.OPT_REFERRALS, 0) + l.set_option(ldap.OPT_PROTOCOL_VERSION, 3) + l.set_option(ldap.OPT_X_TLS, ldap.OPT_X_TLS_DEMAND) + l.set_option(ldap.OPT_X_TLS_DEMAND, True) + l.set_option(ldap.OPT_DEBUG_LEVEL, 255) + l.set_option(ldap.OPT_NETWORK_TIMEOUT, 10) + l.set_option(ldap.OPT_TIMEOUT, 10) + return l + def get_ldap_infos(clipper): assert clipper.isalnum() data = {'email':'{}@clipper.ens.fr'.format(clipper.strip().lower())} try: - ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, - ldap.OPT_X_TLS_NEVER) - l = ldap.initialize("ldaps://ldap.spi.ens.fr:636") - l.set_option(ldap.OPT_REFERRALS, 0) - l.set_option(ldap.OPT_PROTOCOL_VERSION, 3) - l.set_option(ldap.OPT_X_TLS, ldap.OPT_X_TLS_DEMAND) - l.set_option(ldap.OPT_X_TLS_DEMAND, True) - l.set_option(ldap.OPT_DEBUG_LEVEL, 255) - l.set_option(ldap.OPT_NETWORK_TIMEOUT, 10) - l.set_option(ldap.OPT_TIMEOUT, 10) + l = _init_ldap() info = l.search_s('dc=spi,dc=ens,dc=fr', ldap.SCOPE_SUBTREE, @@ -163,7 +171,7 @@ def deprecate_clippers(): c_uids = clippers.values_list('uid', flat=True) # Clear old clipper accounts that wer replaced by new ones (o avoid conflicts) - SocialAccount.objects.filter(provider='old_clipper', uid__in=c_uids).delete() + SocialAccount.objects.filter(provider='clipper_inactive', uid__in=c_uids).delete() # Deprecate accounts - clippers.update(provider='old_clipper') + clippers.update(provider='clipper_inactive') diff --git a/allauth_ens/tests.py b/allauth_ens/tests.py index ef2a98c..ee69c3e 100644 --- a/allauth_ens/tests.py +++ b/allauth_ens/tests.py @@ -6,6 +6,17 @@ from django.contrib.sites.models import Site from django.core import mail from django.test import TestCase, override_settings +from mock import patch +from fakeldap import MockLDAP + + +from allauth_cas.test.testcases import CASTestCase, CASViewTestCase +from .adapter import deprecate_clippers +from allauth.socialaccount.models import SocialAccount + +_mock_ldap = MockLDAP() +ldap_patcher = patch('allauth_ens.adapter.ldap.initialize', lambda x: _mock_ldap) + if django.VERSION >= (1, 10): from django.urls import reverse else: @@ -27,11 +38,11 @@ def prevent_logout_pwd_change(client, user): session[HASH_SESSION_KEY] = user.get_session_auth_hash() session.save() - +""" class ViewsTests(TestCase): - """ + "" Checks (barely) that templates do not contain errors. - """ + "" def setUp(self): self.u = User.objects.create_user('user', 'user@mail.net', 'user') @@ -135,3 +146,89 @@ class ViewsTests(TestCase): def test_account_reset_password_from_key_done(self): r = self.client.get(reverse('account_reset_password_from_key_done')) self.assertEqual(r.status_code, 200) +""" + +class LongTermClipperTests(CASTestCase): + + def setUp(self): + ldap_patcher.start() + + def tearDown(self): + _mock_ldap.reset() + + def _setup_ldap(self, promo=12): + _mock_ldap.set_return_value('search_s', + ('dc=spi,dc=ens,dc=fr,uid=test'), + ( + ('cn', ('John Smith')), + ('mailRoutingAddress', ('test@clipper.ens.fr')), + ('homeDirectory', ("/users/%d/phy/test/" % promo)) + )) + + + def test_new_connexion(self): + self._setup_ldap() + + r = self.client_cas_login(self.client, provider_id="clipper", username="test") + u = r.context['user'] + + self.assertEqual(u.username, "test@12") + self.assertEqual(u.first_name, "John") + self.assertEqual(u.last_name, "Smith") + self.assertEqual(u.email, "test@clipper.ens.fr") + + sa = list(SocialAccount.objects.all())[-1] + self.assertEqual(sa.user.id, u.id) + + def test_second_connexion(self): + self._setup_ldap() + + self.client_cas_login(self.client, provider_id="clipper", username="test") + self.client.logout() + + nu = User.objects.count() + + self.client_cas_login(self.client, provider_id="clipper", username="test") + self.assertEqual(User.objects.count(), nu) + + def test_deprecation(self): + self._setup_ldap() + self.client_cas_login(self.client, provider_id="clipper", username="test") + deprecate_clippers() + + sa = SocialAccount.objects.all()[0] + self.assertEqual(sa.provider, "clipper_inactive") + + def test_reconnect_after_deprecation(self): + self._setup_ldap() + self.client_cas_login(self.client, provider_id="clipper", username="test") + nsa = SocialAccount.objects.count() + nu = User.objects.count() + self.client.logout() + + deprecate_clippers() + self.client_cas_login(self.client, provider_id="clipper", username="test") + + sa = SocialAccount.objects.all() + self.assertEqual(len(sa), nsa) + u = User.objects.all() + self.assertEqual(len(u), nu) + self.assertEqual(sa[-1].user.id, u[-1].id) + + def test_override_inactive_account(self): + self._setup_ldap(12) + self.client_cas_login(self.client, provider_id="clipper", username="test") + nsa = SocialAccount.objects.count() + nu = User.objects.count() + self.client.logout() + + deprecate_clippers() + + self._setup_ldap(13) + self.client_cas_login(self.client, provider_id="clipper", username="test") + + sa = SocialAccount.objects.all() + self.assertEqual(len(sa), nsa+1) + u = User.objects.all() + self.assertEqual(len(u), nu+1) + self.assertEqual(sa[-1].user.id, u[-1].id)