diff --git a/app/ldap_protocol/ldap_requests/modify.py b/app/ldap_protocol/ldap_requests/modify.py index 1d79fcfd6..676550e3e 100644 --- a/app/ldap_protocol/ldap_requests/modify.py +++ b/app/ldap_protocol/ldap_requests/modify.py @@ -37,17 +37,11 @@ from ldap_protocol.policies.password import PasswordPolicyUseCases from ldap_protocol.session_storage import SessionStorage from ldap_protocol.utils.cte import check_root_group_membership_intersection -from ldap_protocol.utils.helpers import ( - create_user_name, - ft_to_dt, - is_dn_in_base_directory, - validate_entry, -) +from ldap_protocol.utils.helpers import ft_to_dt, validate_entry from ldap_protocol.utils.queries import ( add_lock_and_expire_attributes, clear_group_membership, extend_group_membership, - get_base_directories, get_directories, get_directory_by_rid, get_filter_from_path, @@ -275,9 +269,7 @@ async def handle( await self._add(*add_args) await ctx.session.flush() - await ctx.session.execute( - update(Directory).filter_by(id=directory.id), - ) + except MODIFY_EXCEPTION_STACK as err: await ctx.session.rollback() result_code, message = self._match_bad_response(err) @@ -857,17 +849,12 @@ async def _add( # noqa: C901 await session.execute( delete(Attribute) - .filter_by( - name="nsAccountLock", - directory=directory, - ), - ) # fmt: skip - - await session.execute( - delete(Attribute) - .filter_by( - name="shadowExpire", - directory=directory, + .where( + or_( + qa(Attribute.name) == "nsAccountLock", + qa(Attribute.name) == "shadowExpire", + ), + qa(Attribute.directory) == directory, ), ) # fmt: skip @@ -891,30 +878,6 @@ async def _add( # noqa: C901 ) elif name in User.search_fields: - if not directory.user: - path_dn = directory.path_dn - for base_directory in await get_base_directories(session): - if is_dn_in_base_directory(base_directory, path_dn): - base_dn = base_directory - break - - sam_account_name = create_user_name(directory.id) - user_principal_name = f"{sam_account_name}@{base_dn.name}" - user = User( - sam_account_name=sam_account_name, - user_principal_name=user_principal_name, - directory_id=directory.id, - ) - uac_attr = Attribute( - name="userAccountControl", - value=str(UserAccountControlFlag.NORMAL_ACCOUNT), - directory_id=directory.id, - ) - - session.add_all([user, uac_attr]) - await session.flush() - await session.refresh(directory) - if name == "accountexpires": new_value = ft_to_dt(int(value)) if value != "0" else None else: @@ -925,14 +888,6 @@ async def _add( # noqa: C901 .filter_by(directory=directory) .values({name: new_value}), ) - - elif name in Group.search_fields and directory.group: - await session.execute( - update(Group) - .filter_by(directory=directory) - .values({name: value}), - ) - elif name in ("userpassword", "unicodepwd") and directory.user: if not settings.USE_CORE_TLS: raise PermissionError("TLS required") diff --git a/interface b/interface index 95ed5e191..f31962020 160000 --- a/interface +++ b/interface @@ -1 +1 @@ -Subproject commit 95ed5e191cdafa07b1dfac96a1659926679ead97 +Subproject commit f31962020a6689e6a4c61fb3349db5b5c7895f92 diff --git a/tests/test_api/test_main/conftest.py b/tests/test_api/test_main/conftest.py index bdf9e3f4e..8f1b58dea 100644 --- a/tests/test_api/test_main/conftest.py +++ b/tests/test_api/test_main/conftest.py @@ -47,9 +47,21 @@ async def adding_test_user( "type": "testing_attr", "vals": ["test"], }, + { + "type": "sAMAccountName", + "vals": ["test"], + }, { "type": "objectClass", - "vals": ["organization", "top", "user"], + "vals": [ + "top", + "user", + "person", + "organizationalPerson", + "posixAccount", + "shadowAccount", + "inetOrgPerson", + ], }, ], }, @@ -62,13 +74,6 @@ async def adding_test_user( json={ "object": test_user_dn, "changes": [ - { - "operation": Operation.ADD, - "modification": { - "type": "sAMAccountName", - "vals": ["Test"], - }, - }, { "operation": Operation.ADD, "modification": { diff --git a/tests/test_ldap/test_util/test_modify.py b/tests/test_ldap/test_util/test_modify.py index c141914a4..02b174b4b 100644 --- a/tests/test_ldap/test_util/test_modify.py +++ b/tests/test_ldap/test_util/test_modify.py @@ -777,8 +777,6 @@ async def try_modify() -> int: ] assert attributes["jpegPhoto"] == ["modme.jpeg"] - assert directory.user - assert directory.user.mail == "modme@student.of.life.edu" assert "posixEmail" not in attributes