首頁 探索 說明
登入
mirrors
/
Radicale
镜像来自 https://github.com/Kozea/Radicale
1
0
複刻 0
Files 問題管理 0 Wiki
瀏覽代碼

LDAP auth: calculate attributes to query in __init__()

Remove code duplication by factoring out the calculation of the
LDAP query attributes out of _login2() resp. _login3() into __init__().
Peter Marschall 1 年之前
父節點
841df09312
當前提交
607b3af67b
共有 1 個文件被更改,包括 7 次插入10 次删除
分割檢視 顯示文件統計
  1. 7 10
      radicale/auth/ldap.py

+ 7 - 10
radicale/auth/ldap.py
查看文件 

@@ -43,6 +43,7 @@ class Auth(auth.BaseAuth):
 
     _ldap_reader_dn: str
 
     _ldap_secret: str
 
     _ldap_filter: str
 
+    _ldap_attributes: list[str] = ['memberOf']
 
     _ldap_user_attr: str
 
     _ldap_load_groups: bool
 
     _ldap_module_version: int = 3
 
@@ -109,6 +110,10 @@ class Auth(auth.BaseAuth):
 
                 logger.info("auth.ldap_ssl_ca_file     : %r" % self._ldap_ssl_ca_file)
 
             else:
 
                 logger.info("auth.ldap_ssl_ca_file     : (not provided)")
 
+        """Extend attributes to to be returned in the user query"""
 
+        if self._ldap_user_attr:
 
+            self._ldap_attributes.append(self._ldap_user_attr)
 
+        logger.info("ldap_attributes           : %r" % self._ldap_attributes)
 
 
     def _login2(self, login: str, password: str) -> str:
 
         try:
 
@@ -121,15 +126,11 @@ class Auth(auth.BaseAuth):
 
             """Search for the dn of user to authenticate"""
 
             escaped_login = self.ldap.filter.escape_filter_chars(login)
 
             logger.debug(f"_login2 login escaped for LDAP filters: {escaped_login}")
 
-            attrs = ['memberof']
 
-            if self._ldap_user_attr:
 
-                attrs = ['memberOf', self._ldap_user_attr]
 
-            logger.debug(f"_login2 attrs: {attrs}")
 
             res = conn.search_s(
 
                 self._ldap_base,
 
                 self.ldap.SCOPE_SUBTREE,
 
                 filterstr=self._ldap_filter.format(escaped_login),
 
-                attrlist=attrs
 
+                attrlist=self._ldap_attributes
 
             )
 
             if len(res) != 1:
 
                 """User could not be found unambiguously"""
 
@@ -198,15 +199,11 @@ class Auth(auth.BaseAuth):
 
         """Search the user dn"""
 
         escaped_login = self.ldap3.utils.conv.escape_filter_chars(login)
 
         logger.debug(f"_login3 login escaped for LDAP filters: {escaped_login}")
 
-        attrs = ['memberof']
 
-        if self._ldap_user_attr:
 
-            attrs = ['memberOf', self._ldap_user_attr]
 
-        logger.debug(f"_login3 attrs: {attrs}")
 
         conn.search(
 
             search_base=self._ldap_base,
 
             search_filter=self._ldap_filter.format(escaped_login),
 
             search_scope=self.ldap3.SUBTREE,
 
-            attributes=attrs
 
+            attributes=self._ldap_attributes
 
         )
 
         if len(conn.entries) != 1:
 
             """User could not be found unambiguously"""