Skip to content

Commit

Permalink
Merge pull request #49 from alan-turing-institute/46-restrict-users-t…
Browse files Browse the repository at this point in the history 
…o-selected-domain

Restrict users to selected domain
  • Loading branch information
@jemrobinson
jemrobinson authored Jul 26, 2024
2 parents eaa4d51 + ebb79a2 commit 2ed58aa
Show file tree
Hide file tree
Showing 2 changed files with 75 additions and 68 deletions.
31 changes: 19 additions & 12 deletions apricot/oauth/oauth_data_adaptor.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ def __init__(
# Retrieve and validate user and group information
annotated_groups, annotated_users = self._retrieve_entries()
self.validated_groups = self._validate_groups(annotated_groups)
self.validated_users = self._validate_users(annotated_users)
self.validated_users = self._validate_users(annotated_users, domain)
if self.debug:
log.msg(
f"Validated {len(self.validated_groups)} groups and {len(self.validated_users)} users.",
Expand Down Expand Up @@ -195,34 +195,41 @@ def _validate_groups(
)
except ValidationError as exc:
name = group_dict.get("cn", "unknown")
log.msg(f"Validation failed for group '{name}'.")
log.msg(f"... group '{name}' failed validation.")
for error in exc.errors():
log.msg(
f"... '{error['loc'][0]}': {error['msg']} but '{error['input']}' was provided.",
f" -> '{error['loc'][0]}': {error['msg']} but '{error['input']}' was provided.",
)
return output

def _validate_users(
self: Self,
annotated_users: list[tuple[JSONDict, list[type[LDAPObjectClass]]]],
domain: str,
) -> list[LDAPAttributeAdaptor]:
"""Return a list of LDAPAttributeAdaptors representing validated user data."""
if self.debug:
log.msg(f"Attempting to validate {len(annotated_users)} users.")
output = []
for user_dict, required_classes in annotated_users:
name = user_dict.get("cn", "unknown")
try:
output.append(
LDAPAttributeAdaptor.from_attributes(
user_dict,
required_classes=required_classes,
),
)
if (user_domain := user_dict.get("domain", None)) == domain:
output.append(
LDAPAttributeAdaptor.from_attributes(
user_dict,
required_classes=required_classes,
),
)
else:
log.msg(f"... user '{name}' failed validation.")
log.msg(
f" -> 'domain': expected '{domain}' but '{user_domain}' was provided.",
)
except ValidationError as exc:
name = user_dict.get("cn", "unknown")
log.msg(f"Validation failed for user '{name}'.")
log.msg(f"... user '{name}' failed validation.")
for error in exc.errors():
log.msg(
f"... '{error['loc'][0]}': {error['msg']} but '{error['input']}' was provided.",
f" -> '{error['loc'][0]}': {error['msg']} but '{error['input']}' was provided.",
)
return output
112 changes: 56 additions & 56 deletions pyproject.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,62 +80,62 @@ target-version = ["py310", "py311"]
[tool.ruff.lint]
select = [
# See https://beta.ruff.rs/docs/rules/
"A", # flake8-builtins
"AIR", # Airflow
"ANN", # flake8-annotations
"ARG", # flake8-unused-arguments
"ASYNC", # flake8-async
"B", # flake8-bugbear
"BLE", # flake8-blind-except
"C", # complexity, mcabe and flake8-comprehensions
"COM", # flake8-commas
"D", # pydocstyle
"DTZ", # flake8-datetimez
"E", # pycodestyle errors
"EM", # flake8-errmsg
"ERA", # eradicate
"EXE", # flake8-executable
"F", # pyflakes
"FA", # flake8-future-annotations
"FBT", # flake8-boolean-trap
"FIX", # flake8-fixme
"FLY", # flynt
"FURB", # refurb
"G", # flake8-logging-format
"I", # isort
"ICN", # flake8-import-conventions
"INP", # flake8-no-pep420
"INT", # flake8-gettext
"ISC", # flake8-implicit-str-concat
"LOG", # flake8-logging
"N", # pep8-naming
"NPY", # numpy-specific-rules
"PD", # pandas-vet
"PGH", # pygrep-hooks
"PIE", # flake8-pie
"PLC", # pylint convention
"PLE", # pylint error
"PLR", # pylint refactor
"PLW", # pylint warning
"PT", # flake8-pytest-style
"PTH", # flake8-use-pathlib
"PYI", # flake8-pyi
"Q", # flake8-quotes
"RET", # flake8-return
"RSE", # flake8-raise
"RUF", # ruff rules
"S", # flake8-bandit
"SIM", # flake8-simplify
"SLOT", # flake8-slot
"T", # flake8-debugger and flake8-print
"TCH", # flake8-type-checking
"TD", # flake8-todos
"TID", # flake8-tidy-imports
"TRIO", # flake8-trio
"TRY", # tryceratops
"UP", # pyupgrade
"W", # pycodestyle warnings
"YTT", # flake8-2020
"A", # flake8-builtins
"AIR", # Airflow
"ANN", # flake8-annotations
"ARG", # flake8-unused-arguments
"ASYNC", # flake8-async
"ASYNC1", # flake8-trio
"B", # flake8-bugbear
"BLE", # flake8-blind-except
"C", # complexity, mcabe and flake8-comprehensions
"COM", # flake8-commas
"D", # pydocstyle
"DTZ", # flake8-datetimez
"E", # pycodestyle errors
"EM", # flake8-errmsg
"ERA", # eradicate
"EXE", # flake8-executable
"F", # pyflakes
"FA", # flake8-future-annotations
"FBT", # flake8-boolean-trap
"FIX", # flake8-fixme
"FLY", # flynt
"FURB", # refurb
"G", # flake8-logging-format
"I", # isort
"ICN", # flake8-import-conventions
"INP", # flake8-no-pep420
"INT", # flake8-gettext
"ISC", # flake8-implicit-str-concat
"LOG", # flake8-logging
"N", # pep8-naming
"NPY", # numpy-specific-rules
"PD", # pandas-vet
"PGH", # pygrep-hooks
"PIE", # flake8-pie
"PLC", # pylint convention
"PLE", # pylint error
"PLR", # pylint refactor
"PLW", # pylint warning
"PT", # flake8-pytest-style
"PTH", # flake8-use-pathlib
"PYI", # flake8-pyi
"Q", # flake8-quotes
"RET", # flake8-return
"RSE", # flake8-raise
"RUF", # ruff rules
"S", # flake8-bandit
"SIM", # flake8-simplify
"SLOT", # flake8-slot
"T", # flake8-debugger and flake8-print
"TCH", # flake8-type-checking
"TD", # flake8-todos
"TID", # flake8-tidy-imports
"TRY", # tryceratops
"UP", # pyupgrade
"W", # pycodestyle warnings
"YTT", # flake8-2020
]
ignore = [
"D100", # missing-docstring-in-module
Expand Down

0 comments on commit 2ed58aa

Please sign in to comment.