Fix breakages and improve maintainability in the LDAP support.
Review Request #8964 — Created May 23, 2017 and submitted
Our LDAP support had a regression a while back that prevented importing
a user on demand when entering their username in a list of reviewers.
This was due to a contribution that added required arguments (the
LDAP connection and the base user DN) to theget_or_create_user()
method. The expectation in the patch was that this would only be called
byauthenticate()
, which wasn't true.To fix this,
authenticate()
itself was split up a bit. The connection
creation and the user DN query code have been split into reusable
functions, which bothauthenticate()
andget_or_create_user()
both
use.get_or_create_user()
still allows the connection and base user
DN to be provided, but they're now optional and will be looked up if
needed.While here, I cleaned up much of the LDAP support. The errors are now a
lot more clear and useful, styling has been fixed, and the whole class
is fully documented.Unit tests have also been added to ensure that this does not regress and
that behavior does not unexpectedly change.
Unit tests pass.
Tested authenticating users against a real LDAP server.
Tested adding users (ones in the existing DB, ones not in the DB but in
LDAP, and ones in neither) to a review request. Verified that the users
were looked up and created when needed.Tested that the error messages seemed reasonable.