cleanup for v0.13.3 release (wip) (#1296)

bihealth · Nov 21, 2023 · 197af50 · 197af50
1 parent 9cbf1d4
commit 197af50
Show file tree

Hide file tree

Showing 9 changed files with 93 additions and 114 deletions.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -13,6 +13,7 @@ Added
 
 - **General**
     - LDAP settings for TLS and user filter (#1340)
+    - ``LDAP_DEBUG`` Django setting
 - **Projectroles**
     - ``_project_badge.html`` template (#1300)
     - ``InvalidFormMixin`` helper mixin (#1310)

diff --git a/config/settings/base.py b/config/settings/base.py
@@ -339,6 +339,7 @@
 # Enable LDAP if configured
 ENABLE_LDAP = env.bool('ENABLE_LDAP', False)
 ENABLE_LDAP_SECONDARY = env.bool('ENABLE_LDAP_SECONDARY', False)
+LDAP_DEBUG = env.bool('LDAP_DEBUG', False)
 
 # Alternative domains for detecting LDAP access by email address
 LDAP_ALT_DOMAINS = env.list('LDAP_ALT_DOMAINS', None, [])
@@ -348,6 +349,8 @@
     import ldap
     from django_auth_ldap.config import LDAPSearch
 
+    if LDAP_DEBUG:
+        ldap.set_option(ldap.OPT_DEBUG_LEVEL, 255)
     # Default values
     LDAP_DEFAULT_CONN_OPTIONS = {ldap.OPT_REFERRALS: 0}
     LDAP_DEFAULT_ATTR_MAP = {

diff --git a/docs/source/app_projectroles_settings.rst b/docs/source/app_projectroles_settings.rst
@@ -379,19 +379,26 @@ This part of the setup is **optional**.
     If only using one LDAP/AD server, you can leave the "secondary LDAP server"
     values unset.
 
+.. hint::
+
+    To help debug possible connection problems with your LDAP server(s), set
+    ``LDAP_DEBUG=1`` in your environment variables.
+
 .. code-block:: python
 
     ENABLE_LDAP = env.bool('ENABLE_LDAP', False)
     ENABLE_LDAP_SECONDARY = env.bool('ENABLE_LDAP_SECONDARY', False)
+    LDAP_DEBUG = env.bool('LDAP_DEBUG', False)
 
     if ENABLE_LDAP:
         import itertools
         import ldap
         from django_auth_ldap.config import LDAPSearch
 
+        if LDAP_DEBUG:
+            ldap.set_option(ldap.OPT_DEBUG_LEVEL, 255)
         # Default values
         LDAP_DEFAULT_CONN_OPTIONS = {ldap.OPT_REFERRALS: 0}
-        LDAP_DEFAULT_FILTERSTR = '(sAMAccountName=%(user)s)'
         LDAP_DEFAULT_ATTR_MAP = {
             'first_name': 'givenName',
             'last_name': 'sn',
@@ -402,12 +409,22 @@ This part of the setup is **optional**.
         AUTH_LDAP_SERVER_URI = env.str('AUTH_LDAP_SERVER_URI', None)
         AUTH_LDAP_BIND_DN = env.str('AUTH_LDAP_BIND_DN', None)
         AUTH_LDAP_BIND_PASSWORD = env.str('AUTH_LDAP_BIND_PASSWORD', None)
-        AUTH_LDAP_CONNECTION_OPTIONS = LDAP_DEFAULT_CONN_OPTIONS
+        AUTH_LDAP_START_TLS = env.str('AUTH_LDAP_START_TLS', False)
+        AUTH_LDAP_CA_CERT_FILE = env.str('AUTH_LDAP_CA_CERT_FILE', None)
+        AUTH_LDAP_CONNECTION_OPTIONS = {**LDAP_DEFAULT_CONN_OPTIONS}
+        if AUTH_LDAP_CA_CERT_FILE is not None:
+            AUTH_LDAP_CONNECTION_OPTIONS[
+                ldap.OPT_X_TLS_CACERTFILE
+            ] = AUTH_LDAP_CA_CERT_FILE
+            AUTH_LDAP_CONNECTION_OPTIONS[ldap.OPT_X_TLS_NEWCTX] = 0
+        AUTH_LDAP_USER_FILTER = env.str(
+            'AUTH_LDAP_USER_FILTER', '(sAMAccountName=%(user)s)'
+        )
 
         AUTH_LDAP_USER_SEARCH = LDAPSearch(
             env.str('AUTH_LDAP_USER_SEARCH_BASE', None),
             ldap.SCOPE_SUBTREE,
-            LDAP_DEFAULT_FILTERSTR,
+            AUTH_LDAP_USER_FILTER,
         )
         AUTH_LDAP_USER_ATTR_MAP = LDAP_DEFAULT_ATTR_MAP
         AUTH_LDAP_USERNAME_DOMAIN = env.str('AUTH_LDAP_USERNAME_DOMAIN', None)
@@ -427,12 +444,22 @@ This part of the setup is **optional**.
             AUTH_LDAP2_SERVER_URI = env.str('AUTH_LDAP2_SERVER_URI', None)
             AUTH_LDAP2_BIND_DN = env.str('AUTH_LDAP2_BIND_DN', None)
             AUTH_LDAP2_BIND_PASSWORD = env.str('AUTH_LDAP2_BIND_PASSWORD', None)
-            AUTH_LDAP2_CONNECTION_OPTIONS = LDAP_DEFAULT_CONN_OPTIONS
+            AUTH_LDAP2_START_TLS = env.str('AUTH_LDAP2_START_TLS', False)
+            AUTH_LDAP2_CA_CERT_FILE = env.str('AUTH_LDAP2_CA_CERT_FILE', None)
+            AUTH_LDAP2_CONNECTION_OPTIONS = {**LDAP_DEFAULT_CONN_OPTIONS}
+            if AUTH_LDAP2_CA_CERT_FILE is not None:
+                AUTH_LDAP2_CONNECTION_OPTIONS[
+                    ldap.OPT_X_TLS_CACERTFILE
+                ] = AUTH_LDAP2_CA_CERT_FILE
+                AUTH_LDAP2_CONNECTION_OPTIONS[ldap.OPT_X_TLS_NEWCTX] = 0
+            AUTH_LDAP2_USER_FILTER = env.str(
+                'AUTH_LDAP2_USER_FILTER', '(sAMAccountName=%(user)s)'
+            )
 
             AUTH_LDAP2_USER_SEARCH = LDAPSearch(
                 env.str('AUTH_LDAP2_USER_SEARCH_BASE', None),
                 ldap.SCOPE_SUBTREE,
-                LDAP_DEFAULT_FILTERSTR,
+                AUTH_LDAP2_USER_FILTER,
             )
             AUTH_LDAP2_USER_ATTR_MAP = LDAP_DEFAULT_ATTR_MAP
             AUTH_LDAP2_USERNAME_DOMAIN = env.str('AUTH_LDAP2_USERNAME_DOMAIN')

diff --git a/docs/source/dev_resource.rst b/docs/source/dev_resource.rst
@@ -80,15 +80,22 @@ arguments in its init function, with the exception of ``queryset``,
 
 The init function also takes new arguments which are specified below:
 
-- ``scope``: Scope of users to include (string)
-    * ``all``: All users on the site
-    * ``project``: Limit search to users in given project
-    * ``project_exclude`` Exclude existing users of given project
-- ``project``: Project object or project UUID string (optional)
-- ``exclude``: List of User objects or User UUIDs to exclude (optional)
-- ``forward``: Parameters to forward to autocomplete view (optional)
-- ``url``: Autocomplete ajax class override (optional)
-- ``widget_class``: Widget class override (optional)
+``scope``
+    Scope of users to include (string). Options:
+
+    - ``all``: All users on the site
+    - ``project``: Limit search to users in given project
+    - ``project_exclude`` Exclude existing users of given project
+``project``
+    Project object or project UUID string (optional)
+``exclude``
+    List of User objects or User UUIDs to exclude (optional)
+``forward``
+    Parameters to forward to autocomplete view (optional)
+``url``
+    Autocomplete ajax class override (optional)
+``widget_class``
+    Widget class override (optional)
 
 Below is an example of the classes usage. Note that you can also define the
 field as a form class member, but the ``project`` or ``exclude`` values are
@@ -477,13 +484,17 @@ UI test classes found in ``projectroles.tests.test_ui``. Default values for
 these settings can be found in ``config/settings/test.py``. The settings are as
 follows:
 
-- ``PROJECTROLES_TEST_UI_CHROME_OPTIONS``: Options for Chrome through Selenium.
-  Can be used to e.g. enable/disable headless testing mode.
-- ``PROJECTROLES_TEST_UI_WINDOW_SIZE``: Custom browser window size.
-- ``PROJECTROLES_TEST_UI_WAIT_TIME``: Maximum wait time for UI test operations
-- ``PROJECTROLES_TEST_UI_LEGACY_LOGIN``: If set ``True``, use the legacy UI
-  login and redirect function for testing with different users. This can be used
-  if e.g. issues with cookie-based logins are encountered.
+``PROJECTROLES_TEST_UI_CHROME_OPTIONS``
+    Options for Chrome through Selenium. Can be used to e.g. enable/disable
+    headless testing mode.
+``PROJECTROLES_TEST_UI_WINDOW_SIZE``
+    Custom browser window size.
+``PROJECTROLES_TEST_UI_WAIT_TIME``
+    Maximum wait time for UI test operations
+``PROJECTROLES_TEST_UI_LEGACY_LOGIN``
+    If set ``True``, use the legacy UI login and redirect function for testing
+    with different users. This can be used if e.g. issues with cookie-based
+    logins are encountered.
 
 Base Test Classes and Helpers
 -----------------------------

diff --git a/docs/source/major_changes.rst b/docs/source/major_changes.rst
@@ -22,6 +22,7 @@ v0.13.3 (WIP)
 - Fix hidden JSON project setting reset on non-superuser project update
 - Fix custom app setting validation calls in forms
 - Fix multiple remote sync app settings updating issues
+- Fix request object not provided to perform_project_modify() on create
 - General bug fixes and minor updates