1 files changed, 26 insertions, 12 deletions

diff --git a/okupy/tests/unit/test_ldapuser.py b/okupy/tests/unit/test_ldapuser.py
index a160571..410e9f1 100644
--- a/okupy/tests/unit/test_ldapuser.py
+++ b/okupy/tests/unit/test_ldapuser.py
@@ -44,8 +44,8 @@ class LDAPUserUnitTests(TestCase):
         request = set_request('/', user=vars.USER_ALICE)
         request.session['secondary_password'] = cipher.encrypt(
             secondary_password)
-        user = get_bound_ldapuser(request)
-        self.assertEqual(user.username, vars.USER_ALICE.username)
+        with get_bound_ldapuser(request) as user:
+            self.assertEqual(user.username, vars.USER_ALICE.username)
 
     def test_get_bound_ldapuser_bind_as_is_properly_set_from_request(self):
         secondary_password = Random.get_random_bytes(48)
@@ -56,22 +56,22 @@ class LDAPUserUnitTests(TestCase):
         request = set_request('/', user=vars.USER_ALICE)
         request.session['secondary_password'] = cipher.encrypt(
             secondary_password)
-        get_bound_ldapuser(request)
-        db_alias = 'ldap_%s' % request.session.cache_key
-        self.assertEqual(settings.DATABASES[db_alias]['PASSWORD'],
-                         b64encode(secondary_password))
+        with get_bound_ldapuser(request) as user:  # noqa
+            db_alias = 'ldap_%s' % request.session.cache_key
+            self.assertEqual(settings.DATABASES[db_alias]['PASSWORD'],
+                             b64encode(secondary_password))
 
     def test_get_bound_ldapuser_bind_as_is_properly_set_from_password(self):
         request = set_request('/', user=vars.USER_ALICE)
-        get_bound_ldapuser(request, password='ldaptest')
-        db_alias = 'ldap_%s' % request.session.cache_key
-        self.assertTrue(ldap_md5_crypt.verify(settings.DATABASES[db_alias][
-            'PASSWORD'], ldap_users('alice')[1]['userPassword'][0]))
+        with get_bound_ldapuser(request, password='ldaptest') as user:  # noqa
+            db_alias = 'ldap_%s' % request.session.cache_key
+            self.assertTrue(ldap_md5_crypt.verify(settings.DATABASES[db_alias][
+                'PASSWORD'], ldap_users('alice')[1]['userPassword'][0]))
 
     def test_get_bound_ldapuser_password_set(self):
         request = set_request('/', user=vars.USER_ALICE)
-        user = get_bound_ldapuser(request, password='ldaptest')
-        self.assertEqual(user.username, vars.USER_ALICE.username)
+        with get_bound_ldapuser(request, password='ldaptest') as user:
+            self.assertEqual(user.username, vars.USER_ALICE.username)
 
     def test_get_bound_ldapuser_no_password_available(self):
         request = set_request('/', user=vars.USER_ALICE)
@@ -89,3 +89,17 @@ class LDAPUserUnitTests(TestCase):
         request = set_request('/', user=vars.USER_ALICE)
         self.assertRaises(ldap.INVALID_CREDENTIALS, get_bound_ldapuser,
                           request, 'test')
+
+    def test_get_bound_ldapuser_context_manager_cleans_up_settings(self):
+        secondary_password = Random.get_random_bytes(48)
+        secondary_password_crypt = ldap_md5_crypt.encrypt(b64encode(
+            secondary_password))
+        self.ldapobject.directory[ldap_users('alice')[0]][
+            'userPassword'].append(secondary_password_crypt)
+        request = set_request('/', user=vars.USER_ALICE)
+        request.session['secondary_password'] = cipher.encrypt(
+            secondary_password)
+        with get_bound_ldapuser(request) as user:  # noqa
+            pass
+        db_alias = 'ldap_%s' % request.session.cache_key
+        self.assertNotIn(db_alias, settings.DATABASES)