Use bind_as() to localize LDAP identity changes.

Mangling settings globally means that functions running in parallel will be affected. Instead, use the newly-added bind_as() method to locally change LDAP identity.
author: Michał Górny <mgorny@gentoo.org> 2013-08-17 17:35:19 +0200
committer: Theo Chatzimichos <tampakrap@gentoo.org> 2013-08-17 17:45:59 +0200
commit: 56d1bca30eafb531d9184a5599be41ce0b417bb7 (patch)
tree: 3e817070d149532ab025eb4204120f181c487a48 /okupy/common/ldap_helpers.py
parent: Add tests for not removing unknown hashes in secondary password (diff)
download: identity.gentoo.org-56d1bca30eafb531d9184a5599be41ce0b417bb7.tar.gz
identity.gentoo.org-56d1bca30eafb531d9184a5599be41ce0b417bb7.tar.bz2
identity.gentoo.org-56d1bca30eafb531d9184a5599be41ce0b417bb7.zip
1 files changed, 9 insertions, 9 deletions
diff --git a/okupy/common/ldap_helpers.py b/okupy/common/ldap_helpers.py
index 15ffe09..23a9542 100644
--- a/okupy/common/ldap_helpers.py
+++ b/okupy/common/ldap_helpers.py
@@ -46,11 +46,10 @@ def get_ldap_connection(request=None, username=None, password=None,
 
 def set_secondary_password(request, password):
     """ Generate a secondary passsword and encrypt it in the session """
-    settings.DATABASES['ldap']['USER'] = settings.AUTH_LDAP_USER_DN_TEMPLATE \
-        % {'user': request.user.username}
-    settings.DATABASES['ldap']['PASSWORD'] = password
-
-    user = LDAPUser.objects.get(username=request.user.username)
+    username = request.user.username
+    user = LDAPUser.bind_as(alias='ldap_%s' % username,
+                            username=username,
+                            password=password).objects.get(username=username)
 
     secondary_password = Random.get_random_bytes(48)
     request.session['secondary_password'] = cipher.encrypt(secondary_password)
@@ -70,16 +69,17 @@ def set_secondary_password(request, password):
 
 def remove_secondary_password(request):
     """ Remove secondary password on logout """
-    settings.DATABASES['ldap']['USER'] = settings.AUTH_LDAP_USER_DN_TEMPLATE \
-        % {'user': request.user.username}
     try:
         password = b64encode(cipher.decrypt(
             request.session['secondary_password'], 48))
     except KeyError:
         return
-    settings.DATABASES['ldap']['PASSWORD'] = password
 
-    user = LDAPUser.objects.get(username=request.user.username)
+    username = request.user.username
+    user = LDAPUser.bind_as(alias='ldap_%s' % username,
+                            username=username,
+                            password=password).objects.get(username=username)
+
     if len(user.password) > 1:
         for hash in user.password:
             try:
author	Michał Górny <mgorny@gentoo.org>	2013-08-17 17:35:19 +0200
committer	Theo Chatzimichos <tampakrap@gentoo.org>	2013-08-17 17:45:59 +0200
commit	56d1bca30eafb531d9184a5599be41ce0b417bb7 (patch)
tree	3e817070d149532ab025eb4204120f181c487a48 /okupy/common/ldap_helpers.py
parent	Add tests for not removing unknown hashes in secondary password (diff)
download	identity.gentoo.org-56d1bca30eafb531d9184a5599be41ce0b417bb7.tar.gz identity.gentoo.org-56d1bca30eafb531d9184a5599be41ce0b417bb7.tar.bz2 identity.gentoo.org-56d1bca30eafb531d9184a5599be41ce0b417bb7.zip