diff -Nru django-python3-ldap-0.11.3/CHANGELOG.rst django-python3-ldap-0.12.0/CHANGELOG.rst --- django-python3-ldap-0.11.3/CHANGELOG.rst 2019-12-03 18:07:33.000000000 +0000 +++ django-python3-ldap-0.12.0/CHANGELOG.rst 2021-07-09 12:35:37.000000000 +0000 @@ -1,6 +1,19 @@ django-python3-ldap changelog ============================= +0.12.0 +------ + +- Added ``connection`` and ``dn`` parameters to the ``LDAP_AUTH_SYNC_USER_RELATIONS`` callback (@nigelm). + See: https://github.com/etianen/django-python3-ldap#sync-user-relations + + +0.11.4 +------ + +- Fix error when using ldap auth backend with other authentication backends (@leavest). + + 0.11.3 ------ diff -Nru django-python3-ldap-0.11.3/debian/changelog django-python3-ldap-0.12.0/debian/changelog --- django-python3-ldap-0.11.3/debian/changelog 2019-12-11 08:33:06.000000000 +0000 +++ django-python3-ldap-0.12.0/debian/changelog 2021-09-01 19:14:51.000000000 +0000 @@ -1,3 +1,24 @@ +django-python3-ldap (0.12.0-1) unstable; urgency=low + + [ Debian Janitor ] + * Update standards version to 4.5.0, no changes needed. + * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository, + Repository-Browse. + + [ Ondřej Nový ] + * d/control: Update Maintainer field with new Debian Python Team + contact address. + * d/control: Update Vcs-* fields with new Debian Python Team Salsa + layout. + + [ Michael Fladischer ] + * New upstream release. + * Bump debhelper version to 13. + * Bump Standards-Version to 4.6.0. + * Use uscan version 4. + + -- Michael Fladischer Wed, 01 Sep 2021 19:14:51 +0000 + django-python3-ldap (0.11.3-1) unstable; urgency=low * New upstream release. diff -Nru django-python3-ldap-0.11.3/debian/control django-python3-ldap-0.12.0/debian/control --- django-python3-ldap-0.11.3/debian/control 2019-12-11 08:33:06.000000000 +0000 +++ django-python3-ldap-0.12.0/debian/control 2021-09-01 19:14:51.000000000 +0000 @@ -1,18 +1,18 @@ Source: django-python3-ldap Section: python Priority: optional -Maintainer: Debian Python Modules Team +Maintainer: Debian Python Team Uploaders: Michael Fladischer , Build-Depends: - debhelper-compat (= 12), + debhelper-compat (= 13), dh-python, python3-all, python3-setuptools, -Standards-Version: 4.4.1 +Standards-Version: 4.6.0 Homepage: https://github.com/etianen/django-python3-ldap -Vcs-Browser: https://salsa.debian.org/python-team/modules/django-python3-ldap -Vcs-Git: https://salsa.debian.org/python-team/modules/django-python3-ldap.git +Vcs-Browser: https://salsa.debian.org/python-team/packages/django-python3-ldap +Vcs-Git: https://salsa.debian.org/python-team/packages/django-python3-ldap.git Testsuite: autopkgtest-pkg-python Rules-Requires-Root: no diff -Nru django-python3-ldap-0.11.3/debian/upstream/metadata django-python3-ldap-0.12.0/debian/upstream/metadata --- django-python3-ldap-0.11.3/debian/upstream/metadata 1970-01-01 00:00:00.000000000 +0000 +++ django-python3-ldap-0.12.0/debian/upstream/metadata 2021-09-01 19:14:51.000000000 +0000 @@ -0,0 +1,4 @@ +Bug-Database: https://github.com/etianen/django-python3-ldap/issues +Bug-Submit: https://github.com/etianen/django-python3-ldap/issues/new +Repository: https://github.com/etianen/django-python3-ldap.git +Repository-Browse: https://github.com/etianen/django-python3-ldap diff -Nru django-python3-ldap-0.11.3/debian/watch django-python3-ldap-0.12.0/debian/watch --- django-python3-ldap-0.11.3/debian/watch 2019-12-11 08:33:06.000000000 +0000 +++ django-python3-ldap-0.12.0/debian/watch 2021-09-01 19:14:51.000000000 +0000 @@ -1,3 +1,3 @@ -version=3 +version=4 opts=uversionmangle=s/(rc|a|b|c)/~$1/ \ https://pypi.debian.net/django-python3-ldap/django-python3-ldap-(.+)\.(?:zip|tgz|tbz|txz|(?:tar\.(?:gz|bz2|xz))) diff -Nru django-python3-ldap-0.11.3/django_python3_ldap/__init__.py django-python3-ldap-0.12.0/django_python3_ldap/__init__.py --- django-python3-ldap-0.11.3/django_python3_ldap/__init__.py 2019-12-03 18:07:33.000000000 +0000 +++ django-python3-ldap-0.12.0/django_python3_ldap/__init__.py 2021-07-09 12:35:37.000000000 +0000 @@ -3,4 +3,4 @@ """ -__version__ = (0, 11, 3) +__version__ = (0, 12, 0) diff -Nru django-python3-ldap-0.11.3/django_python3_ldap/ldap.py django-python3-ldap-0.12.0/django_python3_ldap/ldap.py --- django-python3-ldap-0.11.3/django_python3_ldap/ldap.py 2019-12-03 18:07:33.000000000 +0000 +++ django-python3-ldap-0.12.0/django_python3_ldap/ldap.py 2021-07-09 12:35:37.000000000 +0000 @@ -5,6 +5,7 @@ import ldap3 from ldap3.core.exceptions import LDAPException import logging +from inspect import getfullargspec from contextlib import contextmanager from django.contrib.auth import get_user_model from django_python3_ldap.conf import settings @@ -71,7 +72,18 @@ user.set_unusable_password() user.save() # Update relations - import_func(settings.LDAP_AUTH_SYNC_USER_RELATIONS)(user, attributes) + sync_user_relations_func = import_func(settings.LDAP_AUTH_SYNC_USER_RELATIONS) + sync_user_relations_arginfo = getfullargspec(sync_user_relations_func) + args = {} # additional keyword arguments + for argname in sync_user_relations_arginfo.kwonlyargs: + if argname == "connection": + args["connection"] = self._connection + elif argname == "dn": + args["dn"] = user_data.get("dn") + else: + raise TypeError(f"Unknown kw argument {argname} in signature for LDAP_AUTH_SYNC_USER_RELATIONS") + # call sync_user_relations_func() with original args plus supported named extras + sync_user_relations_func(user, attributes, **args) # All done! logger.info("LDAP user lookup succeeded") return user @@ -195,7 +207,7 @@ The user identifier should be keyword arguments matching the fields in settings.LDAP_AUTH_USER_LOOKUP_FIELDS, plus a `password` argument. """ - password = kwargs.pop("password") + password = kwargs.pop("password", None) # Check that this is valid login data. if not password or frozenset(kwargs.keys()) != frozenset(settings.LDAP_AUTH_USER_LOOKUP_FIELDS): return None diff -Nru django-python3-ldap-0.11.3/django_python3_ldap/tests.py django-python3-ldap-0.12.0/django_python3_ldap/tests.py --- django-python3-ldap-0.11.3/django_python3_ldap/tests.py 2019-12-03 18:07:33.000000000 +0000 +++ django-python3-ldap-0.12.0/django_python3_ldap/tests.py 2021-07-09 12:35:37.000000000 +0000 @@ -1,7 +1,7 @@ # encoding=utf-8 from __future__ import unicode_literals -from unittest import skipUnless +from unittest import skipUnless, skip from io import StringIO from django.test import TestCase @@ -93,6 +93,7 @@ # Ensure that the user isn't recreated on second access. self.assertEqual(user_1.pk, user_2.pk) + @skip("FIXME: test server currently uses outdated TLS cyphers") def testAuthenticateWithTLS(self): with self.settings(LDAP_AUTH_USE_TLS=True): user = authenticate( @@ -104,7 +105,6 @@ def testAuthenticateWithRebind(self): with self.settings( - LDAP_AUTH_USE_TLS=True, LDAP_AUTH_CONNECTION_USERNAME=settings.LDAP_AUTH_TEST_USER_USERNAME, LDAP_AUTH_CONNECTION_PASSWORD=settings.LDAP_AUTH_TEST_USER_PASSWORD, ): @@ -117,7 +117,6 @@ def testAuthenticateWithFailedRebind(self): with self.settings( - LDAP_AUTH_USE_TLS=True, LDAP_AUTH_CONNECTION_USERNAME="bad" + settings.LDAP_AUTH_TEST_USER_USERNAME, LDAP_AUTH_CONNECTION_PASSWORD=settings.LDAP_AUTH_TEST_USER_PASSWORD, ): @@ -167,6 +166,32 @@ call_command("ldap_promote", "missing_user", verbosity=0) def testSyncUserRelations(self): + def check_sync_user_relation(user, data, *, connection=None, dn=None): + # id have been created + self.assertIsNotNone(user.id) + # connection was passed + self.assertIsNotNone(connection) + # dn was passed + self.assertIsNotNone(dn) + # model is saved + self.assertEqual(user.username, User.objects.get(pk=user.id).username) + # save all groups + self.assertIn('cn', data) + ldap_groups = list(data.get('memberOf', ())) + ldap_groups.append('default_group') + for group in ldap_groups: + user.groups.create(name=group) + + with self.settings(LDAP_AUTH_SYNC_USER_RELATIONS=check_sync_user_relation): + user = authenticate( + username=settings.LDAP_AUTH_TEST_USER_USERNAME, + password=settings.LDAP_AUTH_TEST_USER_PASSWORD, + ) + self.assertIsInstance(user, User) + self.assertGreaterEqual(user.groups.count(), 1) + self.assertEqual(user.groups.filter(name='default_group').count(), 1) + + def testOldSyncUserRelations(self): def check_sync_user_relation(user, data): # id have been created self.assertIsNotNone(user.id) diff -Nru django-python3-ldap-0.11.3/django_python3_ldap/utils.py django-python3-ldap-0.12.0/django_python3_ldap/utils.py --- django-python3-ldap-0.11.3/django_python3_ldap/utils.py 2019-12-03 18:07:33.000000000 +0000 +++ django-python3-ldap-0.12.0/django_python3_ldap/utils.py 2021-07-09 12:35:37.000000000 +0000 @@ -107,7 +107,7 @@ return username -def sync_user_relations(user, ldap_attributes): +def sync_user_relations(user, ldap_attributes, *, connection=None, dn=None): # do nothing by default pass diff -Nru django-python3-ldap-0.11.3/django_python3_ldap.egg-info/PKG-INFO django-python3-ldap-0.12.0/django_python3_ldap.egg-info/PKG-INFO --- django-python3-ldap-0.11.3/django_python3_ldap.egg-info/PKG-INFO 2019-12-03 18:08:09.000000000 +0000 +++ django-python3-ldap-0.12.0/django_python3_ldap.egg-info/PKG-INFO 2021-07-09 12:35:45.000000000 +0000 @@ -1,6 +1,6 @@ Metadata-Version: 1.1 Name: django-python3-ldap -Version: 0.11.3 +Version: 0.12.0 Summary: Django LDAP user authentication backend for Python 3. Home-page: https://github.com/etianen/django-python3-ldap Author: Dave Hall diff -Nru django-python3-ldap-0.11.3/PKG-INFO django-python3-ldap-0.12.0/PKG-INFO --- django-python3-ldap-0.11.3/PKG-INFO 2019-12-03 18:08:09.851909600 +0000 +++ django-python3-ldap-0.12.0/PKG-INFO 2021-07-09 12:35:45.974622500 +0000 @@ -1,6 +1,6 @@ Metadata-Version: 1.1 Name: django-python3-ldap -Version: 0.11.3 +Version: 0.12.0 Summary: Django LDAP user authentication backend for Python 3. Home-page: https://github.com/etianen/django-python3-ldap Author: Dave Hall diff -Nru django-python3-ldap-0.11.3/README.rst django-python3-ldap-0.12.0/README.rst --- django-python3-ldap-0.11.3/README.rst 2019-12-03 18:07:33.000000000 +0000 +++ django-python3-ldap-0.12.0/README.rst 2021-07-09 12:35:37.000000000 +0000 @@ -60,8 +60,9 @@ # Use this to customize how data loaded from LDAP is saved to the User model. LDAP_AUTH_CLEAN_USER_DATA = "django_python3_ldap.utils.clean_user_data" - # Path to a callable that takes a user model and a dict of {ldap_field_name: [value]}, - # and saves any additional user relationships based on the LDAP data. + # Path to a callable that takes a user model, a dict of {ldap_field_name: [value]} + # a LDAP connection object (to allow further lookups), and saves any additional + # user relationships based on the LDAP data. # Use this to customize how data loaded from LDAP is saved to User model relations. # For customizing non-related User model fields, use LDAP_AUTH_CLEAN_USER_DATA. LDAP_AUTH_SYNC_USER_RELATIONS = "django_python3_ldap.utils.sync_user_relations" @@ -131,6 +132,28 @@ LDAP_AUTH_OBJECT_CLASS = "user" +Sync User Relations +------------------- + +As part of the user authentication process, django-python3-ldap calls a function specified by the +LDAP_AUTH_SYNC_USER_RELATIONS configuraton item. This function can be used for making additional +updates to the user database (for example updaing the groups the user is a member of), or getting +further information from the LDAP server. + +The signature of the called function is:- + +.. code:: python + + def sync_user_relations(user, ldap_attributes, *, connection=None, dn=None): + +The parameters are:- + +- ``user`` - a Django user model object +- ``ldap_attributes`` - a dict of LDAP attributes +- ``connection`` - the LDAP connection object (optional keyword only parameter) +- ``dn`` - the DN (Distinguished Name) of the LDAP matched user (optional keyword only parameter) + + Can't get authentication to work? ---------------------------------