trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sources/ldap: improve error handling for property mappings 

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-07-21 23:26:33 +02:00
parent 70e000d327
commit a3abbcec6a
2 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
authentik/sources/ldap/sync/base.py
View File

@ -5,6 +5,7 @@ from django.db.models.query import QuerySet
from structlog.stdlib import BoundLogger, get_logger from structlog.stdlib import BoundLogger, get_logger
from authentik.core.exceptions import PropertyMappingExpressionException from authentik.core.exceptions import PropertyMappingExpressionException
from authentik.events.models import Event, EventAction
from authentik.sources.ldap.auth import LDAP_DISTINGUISHED_NAME from authentik.sources.ldap.auth import LDAP_DISTINGUISHED_NAME
from authentik.sources.ldap.models import LDAPPropertyMapping, LDAPSource from authentik.sources.ldap.models import LDAPPropertyMapping, LDAPSource
@ -83,6 +84,11 @@ class BaseLDAPSynchronizer:
else: else:
properties[object_field] = self._flatten(value) properties[object_field] = self._flatten(value)
except PropertyMappingExpressionException as exc: except PropertyMappingExpressionException as exc:
Event.new(
EventAction.CONFIGURATION_ERROR,
message=f"Failed to evaluate property-mapping: {str(exc)}",
mapping=mapping,
).save()
self._logger.warning( self._logger.warning(
"Mapping failed to evaluate", exc=exc, mapping=mapping "Mapping failed to evaluate", exc=exc, mapping=mapping
) )

28
authentik/sources/ldap/tests/test_sync.py
View File

@ -5,6 +5,7 @@ from django.db.models import Q
from django.test import TestCase from django.test import TestCase
from authentik.core.models import Group, User from authentik.core.models import Group, User
from authentik.events.models import Event, EventAction
from authentik.managed.manager import ObjectManager from authentik.managed.manager import ObjectManager
from authentik.providers.oauth2.generators import generate_client_secret from authentik.providers.oauth2.generators import generate_client_secret
from authentik.sources.ldap.models import LDAPPropertyMapping, LDAPSource from authentik.sources.ldap.models import LDAPPropertyMapping, LDAPSource
@ -31,6 +32,33 @@ class LDAPSyncTests(TestCase):
additional_group_dn="ou=groups", additional_group_dn="ou=groups",
) )
def test_sync_error(self):
"""Test user sync"""
self.source.property_mappings.set(
LDAPPropertyMapping.objects.filter(
Q(managed__startswith="goauthentik.io/sources/ldap/default")
| Q(managed__startswith="goauthentik.io/sources/ldap/ms")
)
)
mapping = LDAPPropertyMapping.objects.create(
name="name",
object_field="name",
expression="q",
)
self.source.property_mappings.set([mapping])
self.source.save()
connection = PropertyMock(return_value=mock_ad_connection(LDAP_PASSWORD))
with patch("authentik.sources.ldap.models.LDAPSource.connection", connection):
user_sync = UserLDAPSynchronizer(self.source)
user_sync.sync()
self.assertFalse(User.objects.filter(username="user0_sn").exists())
self.assertFalse(User.objects.filter(username="user1_sn").exists())
events = Event.objects.filter(
action=EventAction.CONFIGURATION_ERROR,
context__message="Failed to evaluate property-mapping: name 'q' is not defined"
)
self.assertTrue(events.exists())
def test_sync_users_ad(self): def test_sync_users_ad(self):
"""Test user sync""" """Test user sync"""
self.source.property_mappings.set( self.source.property_mappings.set(