Skip to content

fix(auth): Bind with specified credentials for login function if cred…#54

Merged
rezib merged 2 commits intorackslab:mainfrom
Cornelicorn:fix-ldap-bind
Jun 25, 2025
Merged

fix(auth): Bind with specified credentials for login function if cred…#54
rezib merged 2 commits intorackslab:mainfrom
Cornelicorn:fix-ldap-bind

Conversation

@Cornelicorn
Copy link
Contributor

@Cornelicorn Cornelicorn commented Jun 18, 2025

…entials are specified

Allow users to opt-in to the old behaviour by setting user_bind_lookups to True, but default to binding with the specified credentials, if they are given

Needed in order to solve rackslab/Slurm-web#587

Cornelicorn added a commit to Cornelicorn/Slurm-web that referenced this pull request Jun 18, 2025
@Cornelicorn
fix(gateway): Fix ldap binding for setups where users can't read thei…
4547d1b 
…r own groups

Closes rackslab#587

Depends on rackslab/RFL#54
@Cornelicorn Cornelicorn mentioned this pull request Jun 18, 2025
Merged
@Cornelicorn Cornelicorn marked this pull request as draft June 18, 2025 10:30
@Cornelicorn Cornelicorn marked this pull request as ready for review June 18, 2025 10:47
@rezib rezib self-requested a review June 18, 2025 13:28
Cornelicorn added a commit to Cornelicorn/Slurm-web that referenced this pull request Jun 18, 2025
@Cornelicorn
fix(gateway): Fix ldap binding for setups where users can't read thei…
ebe9aff 
…r own groups

Closes rackslab#587

Depends on rackslab/RFL#54
@rezib rezib added this to the v1.5.0 milestone Jun 20, 2025
rezib
rezib requested changes Jun 20, 2025
View reviewed changes
Cornelicorn added a commit to Cornelicorn/Slurm-web that referenced this pull request Jun 23, 2025
@Cornelicorn
fix(gateway): Fix ldap binding for setups where users can't read thei…
4128eed 
…r own groups

Closes rackslab#587

Depends on rackslab/RFL#54
@Cornelicorn Cornelicorn force-pushed the fix-ldap-bind branch 3 times, most recently from 2ea3b44 to 0997aa2 Compare June 23, 2025 07:44
Cornelicorn added a commit to Cornelicorn/Slurm-web that referenced this pull request Jun 23, 2025
@Cornelicorn
fix(gateway): Fix ldap binding for setups where users can't read thei…
1703803 
…r own groups

Closes rackslab#587

Depends on rackslab/RFL#54
@Cornelicorn
Copy link
Contributor Author

Cornelicorn commented Jun 23, 2025

Tested to not break when upgrading just RFL and to use the new defaults when slurm-web is upgraded.

rezib
rezib reviewed Jun 23, 2025
View reviewed changes
Copy link
Contributor

@rezib rezib left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok thanks for the update! I think the logic and naming are fine now. This new code deserves unit tests to:

  • Cover the lookup_as_user attribute assignment logic,
  • Check login() calls _bind() or not, depending on value of look_up_user attribute.

Can you consider adding these tests?

@Cornelicorn
Copy link
Contributor Author

Cornelicorn commented Jun 23, 2025

  • Cover the lookup_as_user attribute assignment logic,
  • Check login() calls _bind() or not, depending on value of look_up_user attribute.

Can you consider adding these tests?

I don't really think these would bring a benefit. look_up_user is boolean and the test would essentially check if python correctly interprets boolean values, and I can't really imagine how the code for this test should actually look.

And testing the attribute assignment logic would essentially be a copy of the block in the __init__ function, so just the same lines of code again. I can add a test for this if you want, but I don't see a benefit in it.

@rezib
Copy link
Contributor

rezib commented Jun 23, 2025

I don't really think these would bring a benefit. look_up_user is boolean and the test would essentially check if python correctly interprets boolean values, and I can't really imagine how the code for this test should actually look.

And testing the attribute assignment logic would essentially be a copy of the block in the __init__ function, so just the same lines of code again. I can add a test for this if you want, but I don't see a benefit in it.

The purpose of these tests is not really to validate the code as today, it is more to check absence of regression with future changes, or at least detect potential impacts in predictable way. Can you please add tests to cover assignment logic?

If you don't figure out how to check _bind() calls, I will add these tests by myself.

@Cornelicorn
Copy link
Contributor Author

Cornelicorn commented Jun 23, 2025

PTAL

@Cornelicorn Cornelicorn requested a review from rezib June 23, 2025 19:34
rezib
rezib approved these changes Jun 25, 2025
View reviewed changes
Copy link
Contributor

@rezib rezib left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. I will just slightly reword the code and commits messages, and update changelog before merging.

Cornelicorn and others added 2 commits June 25, 2025 17:50
@Cornelicorn @rezib
feat(auth): user and group lookups with service dn
1376418 
Allow retrieval of user information and user groups with service bind
credentials after user successful authentication, as an alternative to
using authenticated user permissions.

fix rackslab#57

Co-authored-by: Rémi Palancher <remi@rackslab.io>
@Cornelicorn @rezib
tests(auth): cover lookup_as_user
b60944c 
Co-authored-by: Rémi Palancher <remi@rackslab.io>
@rezib rezib merged commit 066a20b into rackslab:main Jun 25, 2025
15 checks passed
@rezib
Copy link
Contributor

rezib commented Jun 25, 2025

It's merged, thank you @Cornelicorn for your contribution! FYI, I plan to release 1.5.0 with this feature on friday 27/06.

@Cornelicorn Cornelicorn deleted the fix-ldap-bind branch June 26, 2025 11:27
@Cornelicorn
Copy link
Contributor Author

Cornelicorn commented Jun 26, 2025

Just noticed, src/authentication/rfl/tests/test_ldap.py.orig probably shouldn't have been merged?

@rezib
Copy link
Contributor

rezib commented Jun 26, 2025

🤦 Fixed in 44982fa, thanks for letting me known.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rezib rezib rezib approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

v1.5.0

Development

Successfully merging this pull request may close these issues.

2 participants

@Cornelicorn @rezib