Auto-create LDAP users (wip)

pirates-cat · Mar 4, 2024 · cbb6319 · cbb6319
1 parent acb227b
commit cbb6319
Show file tree

Hide file tree

Showing 5 changed files with 52 additions and 15 deletions.
diff --git a/Makefile b/Makefile
@@ -9,7 +9,10 @@ test-user-delete:
 	docker-compose run --entrypoint 'ldapdelete -x -H ldap://ldap -D "cn=admin,dc=pirata,dc=cat" -w admin "cn=tester,dc=pirata,dc=cat"' ldap || echo "User doesn't exist"
 
 test-user-create: test-user-delete
-	docker-compose run web ./create_ldap_user.py tester tester
+	docker-compose run web ./create_ldap_user.py tester tester 1001
+
+test-users-delete:
+	make ldap-list | grep tester- | grep sn | cut -d ' ' -f2 | xargs -n1 ./delete_ldap_user.py
 
 shell:
 	./indocker.sh ./manage.py shell
@@ -29,7 +32,7 @@ infra:
 stop:
 	docker-compose down
 
-test: test-user-create
+test: # test-user-create
 	docker-compose run web ./manage.py test -v2
 
 collected: static

diff --git a/delete_ldap_user.py b/delete_ldap_user.py
@@ -0,0 +1,16 @@
+#!/usr/bin/env python
+import sys
+from django.conf import settings
+
+if __name__ == "__main__":
+    if len(sys.argv) < 2:
+        print(f"Usage: {sys.argv[0]} <username>")
+        exit(-1)
+
+    username = sys.argv[1]
+
+    settings.configure()
+    from humans import directory
+
+    conn = directory.connect()
+    directory.delete_user(conn, username)
diff --git a/humans/directory.py b/humans/directory.py
@@ -34,7 +34,6 @@ def create_user(connection, username, uid_number):
 
     user_ldif = modlist.addModlist(user_attrs)
     result = connection.add_s(user_dn, user_ldif)
-    print(result)
     return user_dn, user_attrs
 
 

diff --git a/humans/models.py b/humans/models.py
@@ -1,22 +1,30 @@
+from django.db.models import Max
 from django.contrib.auth.models import AbstractUser
+
 from django_auth_ldap.backend import LDAPBackend, _LDAPUser
 
 from . import directory
 
 
 class User(AbstractUser):
+    def __init__(self, *args, **kwargs):
+        self._password = kwargs.get("password")
+        super().__init__(*args, **kwargs)
+
     def save(self, *args, **kwargs):
         is_new = self.id is None
         if is_new:
             self.__ldap__save()
         password = self._password
         super().save(*args, **kwargs)
-        if password is not None and not is_new:
+        if password is not None:
             self.__ldap__set_password(password)
 
     def __ldap__save(self):
-        # ldap_user = _LDAPUser(LDAPBackend(), username=self.username)
-        # conn = ldap_user.connection
+        max_user_id = User.objects.aggregate(Max("id"))["id__max"] or 1
+        connection = directory.connect()
+        directory.create_user(connection, self.username, max_user_id + 10000)
+        self.is_active = False
         return
 
     def __ldap__set_password(self, password):

diff --git a/shipanaro/tests/test_authentication.py b/shipanaro/tests/test_authentication.py
@@ -1,7 +1,10 @@
+from random import randint
+
 from django.contrib.auth import authenticate, get_user_model
 from django.core import mail
 from django.test import TestCase
 from django.urls import reverse
+from django.utils.translation import gettext_lazy as _
 
 User = get_user_model()
 
@@ -10,12 +13,23 @@
 
 
 class PasswordTest(TestCase):
-    def setUp(self):
-        self.user = User.objects.create_user(
-            username="tester",
-            email="tester@pirates.cat",
+
+    @classmethod
+    def setUpClass(cls):
+        super().setUpClass()
+        name = f"tester-{randint(0, 10000)}"
+        cls.user = User(
+            username=name,
+            email=f"{name}@pirates.cat",
             password=PASSWORD,
         )
+        cls.user.save()
+
+        # set manually to active for test purposes, so they can reset password
+        cls.user.is_active = True
+        cls.user.save()
+
+    def setUp(self):
         # when we start testing, user has the old password
         logged_in = self.client.login(username=self.user.username, password=PASSWORD)
         # subsequent tests may have the modified password
@@ -48,14 +62,11 @@ def test_reset_password(self):
 
         self.assertEqual(response.status_code, 200)
         self.assertTemplateUsed(response, "registration/password_reset_done.html")
-        self.assertContains(
-            response,
-            "We've emailed you instructions for setting your password",
-        )
+
         # verify sent email
         self.assertEqual(len(mail.outbox), 1)
         self.assertIn(
-            "Heu rebut aquest correu",
+            "Rebs aquest correu",
             mail.outbox[0].body,
         )
         self.assertIn(