Merge d85999b into e2b966f

docs/source/configuration.rst

@@ -32,6 +32,10 @@ Core
                                          server are readonly. Defaults to 
                                          ``True``
 
+``LDAP_CHECK_NAMES``                     Specifies if attribute names should be 
+                                         checked against the schema. Defaults to 
+                                         ``True``
+
 ``LDAP_BIND_DIRECT_CREDENTIALS``         Instead of searching for a DN of a user
                                          you can instead bind directly to the
                                          directory. Setting this ``True`` will 

flask_ldap3_login/__init__.py

@@ -100,6 +100,7 @@ def init_config(self, config):
         self.config.setdefault('LDAP_HOST', None)
         self.config.setdefault('LDAP_USE_SSL', False)
         self.config.setdefault('LDAP_READONLY', True)
+        self.config.setdefault('LDAP_CHECK_NAMES', True)
         self.config.setdefault('LDAP_BIND_DIRECT_CREDENTIALS', False)
         self.config.setdefault('LDAP_BIND_DIRECT_PREFIX', '')
         self.config.setdefault('LDAP_BIND_DIRECT_SUFFIX', '')
@@ -786,7 +787,7 @@ def _make_connection(self, bind_user=None, bind_password=None,
             password=bind_password,
             client_strategy=ldap3.SYNC,
             authentication=authentication,
-            check_names=True,
+            check_names=self.config['LDAP_CHECK_NAMES'],
             raise_exceptions=True,
             **kwargs
         )

flask_ldap3_login_tests/MockTypes.py

@@ -1,9 +1,10 @@
-import mock
-from .Directory import get_directory_base, BIND_DIRECT_USERS
-import ldap3
 import logging
 import re
 
+import ldap3
+import mock
+
+from .Directory import get_directory_base, BIND_DIRECT_USERS
 
 log = logging.getLogger(__name__)
 single_filter = re.compile(r'([A-Za-z0-9_\-]+)=(.+)')

flask_ldap3_login_tests/test_ldap3_login.py

@@ -1,16 +1,16 @@
+import logging
 import unittest
-import flask_ldap3_login as ldap3_login
+
 import flask
 import mock
 from flask import abort
-import logging
 from ldap3 import Tls
 
+import flask_ldap3_login as ldap3_login
+from flask_ldap3_login.forms import LDAPLoginForm
 from .Directory import DIRECTORY
 from .MockTypes import Server, Connection, ServerPool
 
-from flask_ldap3_login.forms import LDAPLoginForm
-
 try:
     from flask import _app_ctx_stack as stack
 except ImportError:
@@ -302,7 +302,6 @@ def test_login(self):
             r.status, ldap3_login.AuthenticationResponseStatus.fail)
 
     def test_save_user(self):
-
         users = {}
 
         @self.manager.save_user
@@ -397,17 +396,13 @@ def test_group_membership(self):
         groups = self.manager.get_user_groups(
             dn='cn=Nick Whyte,ou=users,dc=mydomain,dc=com')
 
-        assert DIRECTORY['dc=com']['dc=mydomain'][
-            'ou=groups']['cn=Staff'] in groups
-        assert DIRECTORY['dc=com']['dc=mydomain'][
-            'ou=groups']['cn=Admins'] in groups
+        assert DIRECTORY['dc=com']['dc=mydomain']['ou=groups']['cn=Staff'] in groups
+        assert DIRECTORY['dc=com']['dc=mydomain']['ou=groups']['cn=Admins'] in groups
 
         groups = self.manager.get_user_groups(
             dn='cn=Fake User,ou=users,dc=mydomain,dc=com')
-        assert DIRECTORY['dc=com']['dc=mydomain'][
-            'ou=groups']['cn=Staff'] in groups
-        assert DIRECTORY['dc=com']['dc=mydomain'][
-            'ou=groups']['cn=Admins'] not in groups
+        assert DIRECTORY['dc=com']['dc=mydomain']['ou=groups']['cn=Staff'] in groups
+        assert DIRECTORY['dc=com']['dc=mydomain']['ou=groups']['cn=Admins'] not in groups
 
 
 @mock.patch('ldap3.ServerPool', new=ServerPool)
@@ -420,7 +415,7 @@ def test_get_user_info_for_username(self):
             'nick@nickwhyte.com'
         )
         self.assertEqual(user, DIRECTORY['dc=com']['dc=mydomain'][
-                         'ou=users']['cn=Nick Whyte'])
+            'ou=users']['cn=Nick Whyte'])
 
 
 @mock.patch('ldap3.ServerPool', new=ServerPool)
@@ -448,12 +443,12 @@ def tearDown(self):
     def test_group_exists(self):
         group = self.manager.get_group_info(
             dn='cn=Staff,ou=groups,dc=mydomain,dc=com')
-        self.assertEqual(DIRECTORY['dc=com']['dc=mydomain'][
-                         'ou=groups']['cn=Staff'], group)
+        self.assertEqual(
+            DIRECTORY['dc=com']['dc=mydomain']['ou=groups']['cn=Staff'], group)
         group = self.manager.get_group_info(
             dn='cn=Admins,ou=groups,dc=mydomain,dc=com')
-        self.assertEqual(DIRECTORY['dc=com']['dc=mydomain'][
-                         'ou=groups']['cn=Admins'], group)
+        self.assertEqual(
+            DIRECTORY['dc=com']['dc=mydomain']['ou=groups']['cn=Admins'], group)
 
 
 @mock.patch('ldap3.ServerPool', new=ServerPool)
@@ -643,3 +638,31 @@ def test_server_with_tls_with_ssl(self):
         server = ldap3_manager._server_pool.servers[-1]
         self.assertEqual(server.tls, fake_tls_ctx)
         self.assertTrue(server.use_ssl)
+
+
+@mock.patch('ldap3.ServerPool', new=ServerPool)
+@mock.patch('ldap3.Server', new=Server)
+class LdapCheckNamesTestCase(BaseTestCase):
+    @mock.patch('ldap3.Connection')
+    def test_check_names_default(self, connection):
+        self.manager.authenticate('janecitizen', 'fake321')
+        connection.assert_called_once()
+        self.assertEqual(connection.call_args[1]['check_names'], True)
+
+    @mock.patch('ldap3.Connection')
+    def test_check_names_true(self, connection):
+        self.manager.config.update({
+            'LDAP_CHECK_NAMES': True
+        })
+        self.manager.authenticate('janecitizen', 'fake321')
+        connection.assert_called_once()
+        self.assertEqual(connection.call_args[1]['check_names'], True)
+
+    @mock.patch('ldap3.Connection')
+    def test_check_names_false(self, connection):
+        self.manager.config.update({
+            'LDAP_CHECK_NAMES': False
+        })
+        self.manager.authenticate('janecitizen', 'fake321')
+        connection.assert_called_once()
+        self.assertEqual(connection.call_args[1]['check_names'], False)