[source/native] only system source users should be authenticated by the native source (closes #2465883)
--- a/server/sources/native.py Wed Aug 22 17:20:06 2012 +0200
+++ b/server/sources/native.py Fri Aug 31 16:58:08 2012 +0200
@@ -1595,9 +1595,10 @@
pass
class LoginPasswordAuthentifier(BaseAuthentifier):
- passwd_rql = "Any P WHERE X is CWUser, X login %(login)s, X upassword P"
- auth_rql = "Any X WHERE X is CWUser, X login %(login)s, X upassword %(pwd)s"
- _sols = ({'X': 'CWUser', 'P': 'Password'},)
+ passwd_rql = 'Any P WHERE X is CWUser, X login %(login)s, X upassword P'
+ auth_rql = ('Any X WHERE X is CWUser, X login %(login)s, X upassword %(pwd)s, '
+ 'X cw_source S, S name "system"')
+ _sols = ({'X': 'CWUser', 'P': 'Password', 'S': 'CWSource'},)
def set_schema(self, schema):
"""set the instance'schema"""
--- a/server/test/unittest_ldapuser.py Wed Aug 22 17:20:06 2012 +0200
+++ b/server/test/unittest_ldapuser.py Fri Aug 31 16:58:08 2012 +0200
@@ -136,6 +136,12 @@
self.assertEqual(self.execute('Any N WHERE U login "syt", '
'U in_state S, S name N').rows[0][0],
'deactivated')
+ # test reactivating the user isn't enough to authenticate, as the native source
+ # refuse to authenticate user from other sources
+ user = self.execute('CWUser U WHERE U login "syt"').get_entity(0, 0)
+ user.cw_adapt_to('IWorkflowable').fire_transition('activate')
+ self.commit()
+ self.assertRaises(AuthenticationError, self.repo.connect, 'syt', password='syt')
class LDAPFeedSourceTC(LDAPTestBase):
test_db_id = 'ldap-feed'
--- a/server/test/unittest_repository.py Wed Aug 22 17:20:06 2012 +0200
+++ b/server/test/unittest_repository.py Fri Aug 31 16:58:08 2012 +0200
@@ -113,6 +113,8 @@
self.assertRaises(AuthenticationError,
self.repo.connect, self.admlogin, password='nimportnawak')
self.assertRaises(AuthenticationError,
+ self.repo.connect, self.admlogin, password='')
+ self.assertRaises(AuthenticationError,
self.repo.connect, self.admlogin, password=None)
self.assertRaises(AuthenticationError,
self.repo.connect, None, password=None)