aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--okupy/common/ldap_helpers.py6
-rw-r--r--okupy/tests/unit/test_ldapuser.py7
2 files changed, 12 insertions, 1 deletions
diff --git a/okupy/common/ldap_helpers.py b/okupy/common/ldap_helpers.py
index 5b3e76a..43f3e3e 100644
--- a/okupy/common/ldap_helpers.py
+++ b/okupy/common/ldap_helpers.py
@@ -29,7 +29,11 @@ def get_bound_ldapuser(request, password=None):
username=username,
password=password,
)
- return bound_cls.objects.get(username=username)
+ try:
+ return bound_cls.objects.get(username=username)
+ except Exception as e:
+ bound_cls.restore_alias()
+ raise e
def set_secondary_password(request, password):
diff --git a/okupy/tests/unit/test_ldapuser.py b/okupy/tests/unit/test_ldapuser.py
index 410e9f1..85097aa 100644
--- a/okupy/tests/unit/test_ldapuser.py
+++ b/okupy/tests/unit/test_ldapuser.py
@@ -90,6 +90,13 @@ class LDAPUserUnitTests(TestCase):
self.assertRaises(ldap.INVALID_CREDENTIALS, get_bound_ldapuser,
request, 'test')
+ def test_get_bound_ldapuser_invalid_password_cleans_up_settings(self):
+ request = set_request('/', user=vars.USER_ALICE)
+ self.assertRaises(ldap.INVALID_CREDENTIALS, get_bound_ldapuser,
+ request, 'test')
+ db_alias = 'ldap_%s' % request.session.cache_key
+ self.assertNotIn(db_alias, settings.DATABASES)
+
def test_get_bound_ldapuser_context_manager_cleans_up_settings(self):
secondary_password = Random.get_random_bytes(48)
secondary_password_crypt = ldap_md5_crypt.encrypt(b64encode(