Commit 1faf0863 authored by Daniel Klaffenbach's avatar Daniel Klaffenbach 🐍

ldap_sync: Also sync `is_active` flag

parent c98b4ce7
# -*- coding: utf-8 -*-
from __future__ import unicode_literals
from django.conf import settings
from django.contrib.auth import get_user_model
from django.core.management.base import BaseCommand
from fountain.ldap import Ldap
from django.contrib.auth import get_user_model
class Command(BaseCommand):
help = "Updates the attributes from all current Django users from a LDAP server."
help = "Updates the attributes of all Django users from the LDAP server."
def handle(self, *args, **options):
verbosity = options.get('verbosity')
sync_is_active = getattr(settings, 'LDAP_SYNC_IS_ACTIVE', True)
User = get_user_model()
l = Ldap()
values = list(l.LDAP_SYNC_USER_ATTRIBUTES.values())
values.append(User.USERNAME_FIELD)
if sync_is_active:
values.append('is_active')
for user_dict in User.objects.all().values(*values).iterator():
username = user_dict[User.USERNAME_FIELD]
attrs = l.get_attributes(username)
changed = False
if sync_is_active:
if attrs:
attrs['is_active'] = True
else:
attrs['is_active'] = False
changed = False
for attr in attrs:
if user_dict[attr] != attrs[attr]:
changed = True
......
......@@ -79,6 +79,52 @@ class LdapTestCase(TestCase):
self.assertEquals(user.first_name, 'Test')
self.assertEquals(user.last_name, 'User')
self.assertNotEqual(user.email, '')
def test_management_command_is_active(self):
"""
Tests if the `is_active` flag is synced correctly for active/inactive
LDAP users.
"""
with self.settings(LDAP_SYNC_IS_ACTIVE=True):
self.USER_MODEL.objects.create(username='test', is_active=True)
self.USER_MODEL.objects.create(username='alice', is_active=False)
self.USER_MODEL.objects.create(username='not_in_ldap', is_active=True)
# Clear user attributes for this test
self.USER_MODEL.objects.all().update(first_name='', last_name='', email='')
# Now run management command to test syncing of `is_active`
management.call_command('ldap_sync')
user = self.USER_MODEL.objects.get(username='test')
self.assertTrue(user.is_active)
user = self.USER_MODEL.objects.get(username='alice')
self.assertTrue(user.is_active)
user = self.USER_MODEL.objects.get(username='not_in_ldap')
self.assertFalse(user.is_active)
def test_management_command_without_is_active_sync(self):
"""
Check if the setting `LDAP_SYNC_IS_ACTIVE` is honored by the
`ldap_sync`sync` management command.
"""
with self.settings(LDAP_SYNC_IS_ACTIVE=False):
self.USER_MODEL.objects.create(username='test', is_active=True)
self.USER_MODEL.objects.create(username='alice', is_active=False)
self.USER_MODEL.objects.create(username='not_in_ldap', is_active=True)
# Clear user attributes for this test
self.USER_MODEL.objects.all().update(first_name='', last_name='', email='')
# Now run management command, it should not touch the `is_active` flags
# as `LDAP_SYNC_IS_ACTIVE` is disabled.
management.call_command('ldap_sync')
user = self.USER_MODEL.objects.get(username='test')
self.assertTrue(user.is_active)
user = self.USER_MODEL.objects.get(username='alice')
self.assertFalse(user.is_active)
user = self.USER_MODEL.objects.get(username='not_in_ldap')
self.assertTrue(user.is_active)
def test_invalid_user(self):
with self.settings():
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment