paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-10-24 00:23:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

test_auth_backends: Fix _LDAPUser type errors.

Browse Source 
Signed-off-by: Anders Kaseorg <anders@zulip.com>
(cherry picked from commit 3ba68e7847)
This commit is contained in:
Anders Kaseorg
2025-09-19 17:50:15 -07:00
committed by Alex Vandiver
parent ad7eed2d7e
commit 1199927a6c
1 changed files with 21 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
zerver/tests/test_auth_backends.py
View File

@@ -7132,53 +7132,47 @@ class TestLDAP(ZulipLDAPTestCase):
@override_settings(AUTHENTICATION_BACKENDS=("zproject.backends.ZulipLDAPAuthBackend",)) @override_settings(AUTHENTICATION_BACKENDS=("zproject.backends.ZulipLDAPAuthBackend",))
def test_get_or_build_user_when_user_exists(self) -> None: def test_get_or_build_user_when_user_exists(self) -> None:
class _LDAPUser:
attrs = {"fn": ["Full Name"], "sn": ["Short Name"]}
backend = self.backend backend = self.backend
email = self.example_email("hamlet") email = self.example_email("hamlet")
user_profile, created = backend.get_or_build_user(str(email), _LDAPUser()) ldap_user = ZulipLDAPUser(backend, email, realm=backend._realm)
user_profile, created = backend.get_or_build_user(email, ldap_user)
self.assertFalse(created) self.assertFalse(created)
self.assertEqual(user_profile.delivery_email, email) self.assertEqual(user_profile.delivery_email, email)
@override_settings(AUTHENTICATION_BACKENDS=("zproject.backends.ZulipLDAPAuthBackend",)) @override_settings(AUTHENTICATION_BACKENDS=("zproject.backends.ZulipLDAPAuthBackend",))
def test_get_or_build_user_when_user_does_not_exist(self) -> None: def test_get_or_build_user_when_user_does_not_exist(self) -> None:
class _LDAPUser:
attrs = {"fn": ["Full Name"]}
ldap_user_attr_map = {"full_name": "fn"} ldap_user_attr_map = {"full_name": "fn"}
with self.settings(AUTH_LDAP_USER_ATTR_MAP=ldap_user_attr_map): with self.settings(AUTH_LDAP_USER_ATTR_MAP=ldap_user_attr_map):
backend = self.backend backend = self.backend
email = "newuser@zulip.com" email = "newuser@zulip.com"
user_profile, created = backend.get_or_build_user(email, _LDAPUser()) ldap_user = ZulipLDAPUser(backend, email, realm=backend._realm)
ldap_user._user_attrs = {"fn": ["Full Name"]}
user_profile, created = backend.get_or_build_user(email, ldap_user)
self.assertTrue(created) self.assertTrue(created)
self.assertEqual(user_profile.delivery_email, email) self.assertEqual(user_profile.delivery_email, email)
self.assertEqual(user_profile.full_name, "Full Name") self.assertEqual(user_profile.full_name, "Full Name")
@override_settings(AUTHENTICATION_BACKENDS=("zproject.backends.ZulipLDAPAuthBackend",)) @override_settings(AUTHENTICATION_BACKENDS=("zproject.backends.ZulipLDAPAuthBackend",))
def test_get_or_build_user_when_user_has_invalid_name(self) -> None: def test_get_or_build_user_when_user_has_invalid_name(self) -> None:
class _LDAPUser:
attrs = {"fn": ["<invalid name>"]}
ldap_user_attr_map = {"full_name": "fn"} ldap_user_attr_map = {"full_name": "fn"}
with self.settings(AUTH_LDAP_USER_ATTR_MAP=ldap_user_attr_map): with self.settings(AUTH_LDAP_USER_ATTR_MAP=ldap_user_attr_map):
backend = self.backend backend = self.backend
email = "nonexisting@zulip.com" email = "nonexisting@zulip.com"
ldap_user = ZulipLDAPUser(backend, email, realm=backend._realm)
ldap_user._user_attrs = {"fn": ["<invalid name>"]}
with self.assertRaisesRegex(Exception, "Invalid characters in name!"): with self.assertRaisesRegex(Exception, "Invalid characters in name!"):
backend.get_or_build_user(email, _LDAPUser()) backend.get_or_build_user(email, ldap_user)
@override_settings(AUTHENTICATION_BACKENDS=("zproject.backends.ZulipLDAPAuthBackend",)) @override_settings(AUTHENTICATION_BACKENDS=("zproject.backends.ZulipLDAPAuthBackend",))
def test_get_or_build_user_when_realm_is_deactivated(self) -> None: def test_get_or_build_user_when_realm_is_deactivated(self) -> None:
class _LDAPUser:
attrs = {"fn": ["Full Name"]}
ldap_user_attr_map = {"full_name": "fn"} ldap_user_attr_map = {"full_name": "fn"}
with self.settings(AUTH_LDAP_USER_ATTR_MAP=ldap_user_attr_map): with self.settings(AUTH_LDAP_USER_ATTR_MAP=ldap_user_attr_map):
backend = self.backend backend = self.backend
email = "nonexisting@zulip.com" email = "nonexisting@zulip.com"
ldap_user = ZulipLDAPUser(backend, email, realm=backend._realm)
do_deactivate_realm( do_deactivate_realm(
backend._realm, backend._realm,
acting_user=None, acting_user=None,
@@ -7186,27 +7180,23 @@ class TestLDAP(ZulipLDAPTestCase):
email_owners=False, email_owners=False,
) )
with self.assertRaisesRegex(Exception, "Realm has been deactivated"): with self.assertRaisesRegex(Exception, "Realm has been deactivated"):
backend.get_or_build_user(email, _LDAPUser()) backend.get_or_build_user(email, ldap_user)
@override_settings(AUTHENTICATION_BACKENDS=("zproject.backends.ZulipLDAPAuthBackend",)) @override_settings(AUTHENTICATION_BACKENDS=("zproject.backends.ZulipLDAPAuthBackend",))
def test_get_or_build_user_when_ldap_has_no_email_attr(self) -> None: def test_get_or_build_user_when_ldap_has_no_email_attr(self) -> None:
class _LDAPUser:
attrs = {"fn": ["Full Name"], "sn": ["Short Name"]}
nonexisting_attr = "email" nonexisting_attr = "email"
with self.settings(LDAP_EMAIL_ATTR=nonexisting_attr): with self.settings(LDAP_EMAIL_ATTR=nonexisting_attr):
backend = self.backend backend = self.backend
email = "nonexisting@zulip.com" email = "nonexisting@zulip.com"
ldap_user = ZulipLDAPUser(backend, email, realm=backend._realm)
ldap_user._user_attrs = {"fn": ["Full Name"], "sn": ["Short Name"]}
with self.assertRaisesRegex( with self.assertRaisesRegex(
Exception, "LDAP user doesn't have the needed email attribute" Exception, "LDAP user doesn't have the needed email attribute"
): ):
backend.get_or_build_user(email, _LDAPUser()) backend.get_or_build_user(email, ldap_user)
@override_settings(AUTHENTICATION_BACKENDS=("zproject.backends.ZulipLDAPAuthBackend",)) @override_settings(AUTHENTICATION_BACKENDS=("zproject.backends.ZulipLDAPAuthBackend",))
def test_get_or_build_user_email(self) -> None: def test_get_or_build_user_email(self) -> None:
class _LDAPUser:
attrs = {"fn": ["Test User"]}
ldap_user_attr_map = {"full_name": "fn"} ldap_user_attr_map = {"full_name": "fn"}
with self.settings(AUTH_LDAP_USER_ATTR_MAP=ldap_user_attr_map): with self.settings(AUTH_LDAP_USER_ATTR_MAP=ldap_user_attr_map):
@@ -7216,32 +7206,33 @@ class TestLDAP(ZulipLDAPTestCase):
realm.save() realm.save()
email = "spam@mailnator.com" email = "spam@mailnator.com"
ldap_user = ZulipLDAPUser(self.backend, email, realm=realm)
with self.assertRaisesRegex(ZulipLDAPError, "Email validation failed."): with self.assertRaisesRegex(ZulipLDAPError, "Email validation failed."):
self.backend.get_or_build_user(email, _LDAPUser()) self.backend.get_or_build_user(email, ldap_user)
realm.emails_restricted_to_domains = True realm.emails_restricted_to_domains = True
realm.save(update_fields=["emails_restricted_to_domains"]) realm.save(update_fields=["emails_restricted_to_domains"])
email = "spam+spam@mailnator.com" email = "spam+spam@mailnator.com"
ldap_user = ZulipLDAPUser(self.backend, email, realm=realm)
with self.assertRaisesRegex(ZulipLDAPError, "Email validation failed."): with self.assertRaisesRegex(ZulipLDAPError, "Email validation failed."):
self.backend.get_or_build_user(email, _LDAPUser()) self.backend.get_or_build_user(email, ldap_user)
email = "spam@acme.com" email = "spam@acme.com"
ldap_user = ZulipLDAPUser(self.backend, email, realm=realm)
with self.assertRaisesRegex( with self.assertRaisesRegex(
ZulipLDAPError, "This email domain isn't allowed in this organization." ZulipLDAPError, "This email domain isn't allowed in this organization."
): ):
self.backend.get_or_build_user(email, _LDAPUser()) self.backend.get_or_build_user(email, ldap_user)
@override_settings(AUTHENTICATION_BACKENDS=("zproject.backends.ZulipLDAPAuthBackend",)) @override_settings(AUTHENTICATION_BACKENDS=("zproject.backends.ZulipLDAPAuthBackend",))
def test_get_or_build_user_when_ldap_has_no_full_name_mapping(self) -> None: def test_get_or_build_user_when_ldap_has_no_full_name_mapping(self) -> None:
class _LDAPUser:
attrs = {"fn": ["Full Name"], "sn": ["Short Name"]}
with self.settings(AUTH_LDAP_USER_ATTR_MAP={}): with self.settings(AUTH_LDAP_USER_ATTR_MAP={}):
backend = self.backend backend = self.backend
email = "nonexisting@zulip.com" email = "nonexisting@zulip.com"
ldap_user = ZulipLDAPUser(backend, email, realm=backend._realm)
with self.assertRaisesRegex(Exception, "Missing required mapping for user's full name"): with self.assertRaisesRegex(Exception, "Missing required mapping for user's full name"):
backend.get_or_build_user(email, _LDAPUser()) backend.get_or_build_user(email, ldap_user)
@override_settings(AUTHENTICATION_BACKENDS=("zproject.backends.ZulipLDAPAuthBackend",)) @override_settings(AUTHENTICATION_BACKENDS=("zproject.backends.ZulipLDAPAuthBackend",))
def test_login_failure_when_domain_does_not_match(self) -> None: def test_login_failure_when_domain_does_not_match(self) -> None: