aboutsummaryrefslogtreecommitdiff
path: root/okupy
diff options
context:
space:
mode:
authorMichał Górny <mgorny@gentoo.org>2013-09-12 07:11:50 -0700
committerMichał Górny <mgorny@gentoo.org>2013-09-12 07:11:50 -0700
commit0cf7c9ce93a9595fb2d0ff967d6f18a20dcc951c (patch)
tree2a210c9db88cc1e7f278bb899a1fdbb73c43a987 /okupy
parentMerge pull request #90 from mgorny/new-bind_as-2 (diff)
parentClean up settings.DATABASES when get_bound_ldapuser() fails. (diff)
downloadidentity.gentoo.org-0cf7c9ce93a9595fb2d0ff967d6f18a20dcc951c.tar.gz
identity.gentoo.org-0cf7c9ce93a9595fb2d0ff967d6f18a20dcc951c.tar.bz2
identity.gentoo.org-0cf7c9ce93a9595fb2d0ff967d6f18a20dcc951c.zip
Merge pull request #91 from mgorny/ensure-credentials-cleaned_up-on-exception
Ensure credentials cleaned up on exception
Diffstat (limited to 'okupy')
-rw-r--r--okupy/common/ldap_helpers.py6
-rw-r--r--okupy/tests/unit/test_ldapuser.py7
2 files changed, 12 insertions, 1 deletions
diff --git a/okupy/common/ldap_helpers.py b/okupy/common/ldap_helpers.py
index 5b3e76a..43f3e3e 100644
--- a/okupy/common/ldap_helpers.py
+++ b/okupy/common/ldap_helpers.py
@@ -29,7 +29,11 @@ def get_bound_ldapuser(request, password=None):
username=username,
password=password,
)
- return bound_cls.objects.get(username=username)
+ try:
+ return bound_cls.objects.get(username=username)
+ except Exception as e:
+ bound_cls.restore_alias()
+ raise e
def set_secondary_password(request, password):
diff --git a/okupy/tests/unit/test_ldapuser.py b/okupy/tests/unit/test_ldapuser.py
index 410e9f1..85097aa 100644
--- a/okupy/tests/unit/test_ldapuser.py
+++ b/okupy/tests/unit/test_ldapuser.py
@@ -90,6 +90,13 @@ class LDAPUserUnitTests(TestCase):
self.assertRaises(ldap.INVALID_CREDENTIALS, get_bound_ldapuser,
request, 'test')
+ def test_get_bound_ldapuser_invalid_password_cleans_up_settings(self):
+ request = set_request('/', user=vars.USER_ALICE)
+ self.assertRaises(ldap.INVALID_CREDENTIALS, get_bound_ldapuser,
+ request, 'test')
+ db_alias = 'ldap_%s' % request.session.cache_key
+ self.assertNotIn(db_alias, settings.DATABASES)
+
def test_get_bound_ldapuser_context_manager_cleans_up_settings(self):
secondary_password = Random.get_random_bytes(48)
secondary_password_crypt = ldap_md5_crypt.encrypt(b64encode(