# HG changeset patch
# User Aurelien Campeas <aurelien.campeas@logilab.fr>
# Date 1346425088 -7200
# Node ID fcd048fa6e6d0757f8945ed3f1a44ce50e121302
# Parent  e436688f75f41803e08155deeed99d657dcfa85b
[source/native] only system source users should be authenticated by the native source (closes #2465883)

diff -r e436688f75f4 -r fcd048fa6e6d server/sources/native.py
--- a/server/sources/native.py	Wed Aug 22 17:20:06 2012 +0200
+++ b/server/sources/native.py	Fri Aug 31 16:58:08 2012 +0200
@@ -1595,9 +1595,10 @@
         pass
 
 class LoginPasswordAuthentifier(BaseAuthentifier):
-    passwd_rql = "Any P WHERE X is CWUser, X login %(login)s, X upassword P"
-    auth_rql = "Any X WHERE X is CWUser, X login %(login)s, X upassword %(pwd)s"
-    _sols = ({'X': 'CWUser', 'P': 'Password'},)
+    passwd_rql = 'Any P WHERE X is CWUser, X login %(login)s, X upassword P'
+    auth_rql = ('Any X WHERE X is CWUser, X login %(login)s, X upassword %(pwd)s, '
+                'X cw_source S, S name "system"')
+    _sols = ({'X': 'CWUser', 'P': 'Password', 'S': 'CWSource'},)
 
     def set_schema(self, schema):
         """set the instance'schema"""
diff -r e436688f75f4 -r fcd048fa6e6d server/test/unittest_ldapuser.py
--- a/server/test/unittest_ldapuser.py	Wed Aug 22 17:20:06 2012 +0200
+++ b/server/test/unittest_ldapuser.py	Fri Aug 31 16:58:08 2012 +0200
@@ -136,6 +136,12 @@
         self.assertEqual(self.execute('Any N WHERE U login "syt", '
                                       'U in_state S, S name N').rows[0][0],
                          'deactivated')
+        # test reactivating the user isn't enough to authenticate, as the native source
+        # refuse to authenticate user from other sources
+        user = self.execute('CWUser U WHERE U login "syt"').get_entity(0, 0)
+        user.cw_adapt_to('IWorkflowable').fire_transition('activate')
+        self.commit()
+        self.assertRaises(AuthenticationError, self.repo.connect, 'syt', password='syt')
 
 class LDAPFeedSourceTC(LDAPTestBase):
     test_db_id = 'ldap-feed'
diff -r e436688f75f4 -r fcd048fa6e6d server/test/unittest_repository.py
--- a/server/test/unittest_repository.py	Wed Aug 22 17:20:06 2012 +0200
+++ b/server/test/unittest_repository.py	Fri Aug 31 16:58:08 2012 +0200
@@ -113,6 +113,8 @@
         self.assertRaises(AuthenticationError,
                           self.repo.connect, self.admlogin, password='nimportnawak')
         self.assertRaises(AuthenticationError,
+                          self.repo.connect, self.admlogin, password='')
+        self.assertRaises(AuthenticationError,
                           self.repo.connect, self.admlogin, password=None)
         self.assertRaises(AuthenticationError,
                           self.repo.connect, None, password=None)