diff --git a/.travis.yml b/.travis.yml index 5c10d8b..f1dc83c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -10,6 +10,7 @@ addons: - python-ldap - python-cerealizer - python-dev + - python-pyrad - libldap2-dev - libsasl2-dev - libssl-dev diff --git a/bin/add_missing_groups.py b/bin/add_missing_groups.py index 5b70a1f..6d659f2 100755 --- a/bin/add_missing_groups.py +++ b/bin/add_missing_groups.py @@ -6,7 +6,7 @@ config = config_mgr.ConfigManager(config_mgr.default_config()) api = Api.create( - 'https://spideroak.com/apis/accounts/v1/', + config.config['api_root'], config.config['api_user'], config.config['api_password'], ) @@ -14,11 +14,13 @@ groups = api.list_groups() + def find_group(group_id): for g in config.config['groups']: if g['group_id'] == group_id: return g - + + for group in groups: if not find_group(group['group_id']): config.config['groups'].append({ @@ -32,4 +34,3 @@ def find_group(group_id): config.apply_config() - diff --git a/netkes/account_mgr/__init__.py b/netkes/account_mgr/__init__.py index 1ab452f..dd26f7c 100644 --- a/netkes/account_mgr/__init__.py +++ b/netkes/account_mgr/__init__.py @@ -116,6 +116,10 @@ def authenticator(config, username, password, use_admin_tokens=True): if use_admin_tokens and admin_token_auth(config, user, username, password): return True + if not user['enabled']: + # Auth should only work for disabled users when using an auth token. + return False + if auth_method == 'ldap': log.debug("Attempting to use LDAP simple bind for authenticating %s" % (username,)) from account_mgr.user_source import ldap_source diff --git a/netkes/account_mgr/test/test_account_mgr.py b/netkes/account_mgr/test/test_account_mgr.py index 746e8b1..f1c715a 100644 --- a/netkes/account_mgr/test/test_account_mgr.py +++ b/netkes/account_mgr/test/test_account_mgr.py @@ -1,11 +1,11 @@ import unittest -from mock import MagicMock, sentinel +from mock import MagicMock, sentinel, patch from datetime import datetime, timedelta import account_mgr -class TestAdminTokenAuth(unittest.TestCase): +class TestAdminAuth(unittest.TestCase): def setUp(self): account_mgr.get_cursor = MagicMock() cur = MagicMock() @@ -14,9 +14,31 @@ def setUp(self): account_mgr.get_api = MagicMock() self.api = MagicMock() account_mgr.get_api.return_value = self.api - self.user = {'avatar_id': sentinel.avatar_id} + self.user = { + 'avatar_id': sentinel.avatar_id, + 'email': sentinel.email, + } + self.api.get_user.return_value = self.user self.time = datetime.now() + timedelta(hours=1) + @patch('account_mgr.user_source.ldap_source') + def test_user_disabled(self, ldap_source): + ldap_source.can_auth.return_value = True + self.cur.rowcount = 0 + self.user['enabled'] = False + self.assertFalse( + account_mgr.authenticator({'auth_method': 'ldap', }, 'test', 'pass') + ) + + @patch('account_mgr.user_source.ldap_source') + def test_user_enabled(self, ldap_source): + ldap_source.can_auth.return_value = True + self.cur.rowcount = 0 + self.user['enabled'] = True + self.assertTrue( + account_mgr.authenticator({'auth_method': 'ldap', }, 'test', 'pass') + ) + def test_no_restrictions(self): self.cur.rowcount = 1 self.cur.fetchone.return_value = (False, False, self.time, False) diff --git a/netkes/account_mgr/user_source/__init__.py b/netkes/account_mgr/user_source/__init__.py index 2cf9d3a..73bf91a 100644 --- a/netkes/account_mgr/user_source/__init__.py +++ b/netkes/account_mgr/user_source/__init__.py @@ -5,3 +5,4 @@ Provides the bits for working with LDAP. """ +import group_manager, ldap_source, local_source, radius_source # NOQA