From c404ddb7fa40ede2b4a149216e432252381d55b4 Mon Sep 17 00:00:00 2001 From: Adam Williamson Date: Dec 25 2023 00:10:28 +0000 Subject: testauth: add a mechanism to specify groups via username This adds a mechanism to control testauth's reported group memberships via the username passed. You can pass a username like 'guest:groups=foo,bar', and you will be logged in as user 'guest' with (only) the group memberships 'foo' and 'bar'. This provides finer-grained options for testing group memberships beyond just setting a default group membership for all users. Signed-off-by: Adam Williamson --- diff --git a/ipsilon/login/authtest.py b/ipsilon/login/authtest.py index a3375f9..23b7a9f 100644 --- a/ipsilon/login/authtest.py +++ b/ipsilon/login/authtest.py @@ -18,19 +18,28 @@ class TestAuth(LoginFormBase): error = None if username and password: + groups = [] + if ":" in username: + userspec = username.split(":") + username = userspec[0] + for cmd in userspec[1:]: + if cmd.startswith("groups="): + groups = cmd[7:].split(",") + else: + err = f"testauth: unhandled username command {cmd} from username {username}" + cherrypy.log.error(err) if password == 'ipsilon': cherrypy.log("User %s successfully authenticated." % username) + if not groups: + groups = [username] + groups.extend(self.lm.groups or []) testdata = { 'givenname': 'Test User δΈ€', 'surname': username, 'fullname': 'Test User %s' % username, 'email': '%s@example.com' % username, - '_groups': [username] + '_groups': groups } - groups = self.lm.groups - if groups is not None: - self.debug('groups is %s' % repr(groups)) - testdata['_groups'].extend(groups) return self.lm.auth_successful(self.trans, username, 'password', testdata) else: @@ -82,6 +91,7 @@ Form based TEST login Manager, DO NOT EVER ACTIVATE IN PRODUCTION """ 'Extra groups') ) + @property def help_text(self): return self.get_config_value('help text') @@ -114,7 +124,7 @@ class Installer(LoginManagerInstaller): group.add_argument('--testauth', choices=['yes', 'no'], default='no', help='Configure PAM authentication') group.add_argument('--testauth-groups', action='store', - help='Extra groups for the testauth user') + help='Extra groups for all testauth users') def configure(self, opts, changes): if opts['testauth'] != 'yes':