External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-19 14:57:39 -02:30
Code Issues Packages Projects Releases Wiki Activity

fix an LDAP settings bug which can cause LDAP auth to fail

Browse Source 
django-ldap-auth expects the "unset/empty" state of certain LDAP DN
settings (such as AUTH_LDAP_REQUIRE_GROUP and
AUTH_LDAP_USER_DN_TEMPLATE) to be NULL/None (not an empty string).

Resolves #4678
This commit is contained in:
Ryan Petrello
2017-01-23 15:19:44 -05:00
parent 1cac3abc9f
commit 40a5c6cc0b
2 changed files with 27 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
awx/main/tests/functional/api/test_settings.py
View File

@@ -86,6 +86,21 @@ def test_ldap_settings(get, put, patch, delete, admin, enterprise_license):
patch(url, user=admin, data={'AUTH_LDAP_SERVER_URI': 'ldap://ldap.example.com, ldap://ldap2.example.com'}, expect=200) patch(url, user=admin, data={'AUTH_LDAP_SERVER_URI': 'ldap://ldap.example.com, ldap://ldap2.example.com'}, expect=200)
@pytest.mark.parametrize('setting', [
'AUTH_LDAP_USER_DN_TEMPLATE',
'AUTH_LDAP_REQUIRE_GROUP',
'AUTH_LDAP_DENY_GROUP',
])
@pytest.mark.django_db
def test_empty_ldap_dn(get, put, patch, delete, admin, enterprise_license,
setting):
url = reverse('api:setting_singleton_detail', args=('ldap',))
Setting.objects.create(key='LICENSE', value=enterprise_license)
patch(url, user=admin, data={setting: ''}, expect=200)
resp = get(url, user=admin, expect=200)
assert resp.data[setting] is None
@pytest.mark.django_db @pytest.mark.django_db
def test_radius_settings(get, put, patch, delete, admin, enterprise_license, settings): def test_radius_settings(get, put, patch, delete, admin, enterprise_license, settings):
url = reverse('api:setting_singleton_detail', args=('radius',)) url = reverse('api:setting_singleton_detail', args=('radius',))

12
awx/sso/fields.py
View File

@@ -153,6 +153,12 @@ class LDAPDNField(fields.CharField):
super(LDAPDNField, self).__init__(**kwargs) super(LDAPDNField, self).__init__(**kwargs)
self.validators.append(validate_ldap_dn) self.validators.append(validate_ldap_dn)
def run_validation(self, data=empty):
value = super(LDAPDNField, self).run_validation(data)
# django-auth-ldap expects DN fields (like AUTH_LDAP_REQUIRE_GROUP)
# to be either a valid string or ``None`` (not an empty string)
return None if value == '' else value
class LDAPDNWithUserField(fields.CharField): class LDAPDNWithUserField(fields.CharField):
@@ -160,6 +166,12 @@ class LDAPDNWithUserField(fields.CharField):
super(LDAPDNWithUserField, self).__init__(**kwargs) super(LDAPDNWithUserField, self).__init__(**kwargs)
self.validators.append(validate_ldap_dn_with_user) self.validators.append(validate_ldap_dn_with_user)
def run_validation(self, data=empty):
value = super(LDAPDNWithUserField, self).run_validation(data)
# django-auth-ldap expects DN fields (like AUTH_LDAP_USER_DN_TEMPLATE)
# to be either a valid string or ``None`` (not an empty string)
return None if value == '' else value
class LDAPFilterField(fields.CharField): class LDAPFilterField(fields.CharField):