paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-04 14:03:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

ldap: Fix realm_creation=True registration flow.

Browse Source 
When creating realm with the ldap backend, the registration flow didn't
properly handle some things - the user wouldn't be set as realm admin,
initial subscriptions and messages weren't created, and the redirect
wasn't happening properly in the case of subdomains.
This commit is contained in:
Mateusz Mandera
2019-11-07 05:13:08 +01:00
committed by Tim Abbott
parent 9ca26e91e0
commit ed40d37e44
3 changed files with 22 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
zerver/tests/test_signup.py
View File

@@ -1728,8 +1728,7 @@ class EmailUnsubscribeTests(ZulipTestCase):
class RealmCreationTest(ZulipTestCase): class RealmCreationTest(ZulipTestCase):
@override_settings(OPEN_REALM_CREATION=True) @override_settings(OPEN_REALM_CREATION=True)
def check_able_to_create_realm(self, email: str) -> None: def check_able_to_create_realm(self, email: str, password: str="test") -> None:
password = "test"
string_id = "zuliptest" string_id = "zuliptest"
# Make sure the realm does not exist # Make sure the realm does not exist
with self.assertRaises(Realm.DoesNotExist): with self.assertRaises(Realm.DoesNotExist):
@@ -1782,6 +1781,13 @@ class RealmCreationTest(ZulipTestCase):
def test_create_realm_existing_email(self) -> None: def test_create_realm_existing_email(self) -> None:
self.check_able_to_create_realm("hamlet@zulip.com") self.check_able_to_create_realm("hamlet@zulip.com")
@override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipLDAPAuthBackend',))
def test_create_realm_ldap_email(self) -> None:
self.init_default_ldap_database()
with self.settings(LDAP_EMAIL_ATTR="mail"):
self.check_able_to_create_realm("newuser_email@zulip.com", self.ldap_password())
def test_create_realm_as_system_bot(self) -> None: def test_create_realm_as_system_bot(self) -> None:
result = self.client_post('/new/', {'email': 'notification-bot@zulip.com'}) result = self.client_post('/new/', {'email': 'notification-bot@zulip.com'})
self.assertEqual(result.status_code, 200) self.assertEqual(result.status_code, 200)

12
zerver/views/registration.py
View File

@@ -249,6 +249,9 @@ def accounts_register(request: HttpRequest) -> HttpResponse:
# But if the realm is using LDAPAuthBackend, we need to verify # But if the realm is using LDAPAuthBackend, we need to verify
# their LDAP password (which will, as a side effect, create # their LDAP password (which will, as a side effect, create
# the user account) here using authenticate. # the user account) here using authenticate.
# pregeg_user.realm_creation carries the information about whether
# we're in realm creation mode, and the ldap flow will handle
# that and create the user with the appropriate parameters.
user_profile = authenticate(request, user_profile = authenticate(request,
username=email, username=email,
password=password, password=password,
@@ -276,9 +279,13 @@ def accounts_register(request: HttpRequest) -> HttpResponse:
# is hidden for most users. # is hidden for most users.
return HttpResponseRedirect(reverse('django.contrib.auth.views.login') + '?email=' + return HttpResponseRedirect(reverse('django.contrib.auth.views.login') + '?email=' +
urllib.parse.quote_plus(email)) urllib.parse.quote_plus(email))
else: elif not realm_creation:
# Since we'll have created a user, we now just log them in. # Since we'll have created a user, we now just log them in.
return login_and_go_to_home(request, user_profile) return login_and_go_to_home(request, user_profile)
else:
# With realm_creation=True, we're going to return further down,
# after finishing up the creation process.
pass
if existing_user_profile is not None and existing_user_profile.is_mirror_dummy: if existing_user_profile is not None and existing_user_profile.is_mirror_dummy:
user_profile = existing_user_profile user_profile = existing_user_profile
@@ -288,7 +295,8 @@ def accounts_register(request: HttpRequest) -> HttpResponse:
do_set_user_display_setting(user_profile, 'timezone', timezone) do_set_user_display_setting(user_profile, 'timezone', timezone)
# TODO: When we clean up the `do_activate_user` code path, # TODO: When we clean up the `do_activate_user` code path,
# make it respect invited_as_admin / is_realm_admin. # make it respect invited_as_admin / is_realm_admin.
else:
if user_profile is None:
user_profile = do_create_user(email, password, realm, full_name, short_name, user_profile = do_create_user(email, password, realm, full_name, short_name,
prereg_user=prereg_user, prereg_user=prereg_user,
is_realm_admin=is_realm_admin, is_realm_admin=is_realm_admin,

5
zproject/backends.py
View File

@@ -619,9 +619,12 @@ class ZulipLDAPAuthBackend(ZulipLDAPAuthBackendBase):
opts = {} # type: Dict[str, Any] opts = {} # type: Dict[str, Any]
if self._prereg_user: if self._prereg_user:
invited_as = self._prereg_user.invited_as invited_as = self._prereg_user.invited_as
realm_creation = self._prereg_user.realm_creation
opts['prereg_user'] = self._prereg_user opts['prereg_user'] = self._prereg_user
opts['is_realm_admin'] = invited_as == PreregistrationUser.INVITE_AS['REALM_ADMIN'] opts['is_realm_admin'] = (
invited_as == PreregistrationUser.INVITE_AS['REALM_ADMIN']) or realm_creation
opts['is_guest'] = invited_as == PreregistrationUser.INVITE_AS['GUEST_USER'] opts['is_guest'] = invited_as == PreregistrationUser.INVITE_AS['GUEST_USER']
opts['realm_creation'] = realm_creation
opts['default_stream_groups'] = get_default_stream_groups(self._realm) opts['default_stream_groups'] = get_default_stream_groups(self._realm)
user_profile = do_create_user(username, None, self._realm, full_name, short_name, **opts) user_profile = do_create_user(username, None, self._realm, full_name, short_name, **opts)