[source/native] only system source users should be authenticated by the native source (closes #2465883)

authorAurelien Campeas <aurelien.campeas@logilab.fr>
changesetfcd048fa6e6d
branchstable
phasepublic
hiddenno
parent revision#e436688f75f4 [web test] fix test broken by 199fefe396ab
child revision#dfdffebce8a4 ldapuser2ldapfeed: create CWUsers with random passwords, not empty ones
files modified by this revision
server/sources/native.py
server/test/unittest_ldapuser.py
server/test/unittest_repository.py
# HG changeset patch
# User Aurelien Campeas <aurelien.campeas@logilab.fr>
# Date 1346425088 -7200
# Fri Aug 31 16:58:08 2012 +0200
# Branch stable
# Node ID fcd048fa6e6d0757f8945ed3f1a44ce50e121302
# Parent e436688f75f41803e08155deeed99d657dcfa85b
[source/native] only system source users should be authenticated by the native source (closes #2465883)

diff --git a/server/sources/native.py b/server/sources/native.py
@@ -1593,13 +1593,14 @@
1      def set_schema(self, schema):
2          """set the instance'schema"""
3          pass
4 
5  class LoginPasswordAuthentifier(BaseAuthentifier):
6 -    passwd_rql = "Any P WHERE X is CWUser, X login %(login)s, X upassword P"
7 -    auth_rql = "Any X WHERE X is CWUser, X login %(login)s, X upassword %(pwd)s"
8 -    _sols = ({'X': 'CWUser', 'P': 'Password'},)
9 +    passwd_rql = 'Any P WHERE X is CWUser, X login %(login)s, X upassword P'
10 +    auth_rql = ('Any X WHERE X is CWUser, X login %(login)s, X upassword %(pwd)s, '
11 +                'X cw_source S, S name "system"')
12 +    _sols = ({'X': 'CWUser', 'P': 'Password', 'S': 'CWSource'},)
13 
14      def set_schema(self, schema):
15          """set the instance'schema"""
16          if 'CWUser' in schema: # probably an empty schema if not true...
17              # rql syntax trees used to authenticate users
diff --git a/server/test/unittest_ldapuser.py b/server/test/unittest_ldapuser.py
@@ -134,10 +134,16 @@
18          self._pull()
19          # still deactivated, but a warning has been emitted ...
20          self.assertEqual(self.execute('Any N WHERE U login "syt", '
21                                        'U in_state S, S name N').rows[0][0],
22                           'deactivated')
23 +        # test reactivating the user isn't enough to authenticate, as the native source
24 +        # refuse to authenticate user from other sources
25 +        user = self.execute('CWUser U WHERE U login "syt"').get_entity(0, 0)
26 +        user.cw_adapt_to('IWorkflowable').fire_transition('activate')
27 +        self.commit()
28 +        self.assertRaises(AuthenticationError, self.repo.connect, 'syt', password='syt')
29 
30  class LDAPFeedSourceTC(LDAPTestBase):
31      test_db_id = 'ldap-feed'
32 
33      @classmethod
diff --git a/server/test/unittest_repository.py b/server/test/unittest_repository.py
@@ -111,10 +111,12 @@
34          self.assert_(cnxid)
35          self.repo.close(cnxid)
36          self.assertRaises(AuthenticationError,
37                            self.repo.connect, self.admlogin, password='nimportnawak')
38          self.assertRaises(AuthenticationError,
39 +                          self.repo.connect, self.admlogin, password='')
40 +        self.assertRaises(AuthenticationError,
41                            self.repo.connect, self.admlogin, password=None)
42          self.assertRaises(AuthenticationError,
43                            self.repo.connect, None, password=None)
44          self.assertRaises(AuthenticationError,
45                            self.repo.connect, self.admlogin)