Merge pull request #49 from alan-turing-institute/46-restrict-users-to-selected-domain

jemrobinson · web-flow · commit 2ed58aa12a31 · 2024-07-26T15:01:47.000+01:00
Restrict users to selected domain
diff --git a/apricot/oauth/oauth_data_adaptor.py b/apricot/oauth/oauth_data_adaptor.py
@@ -47,7 +47,7 @@ def __init__(
         # Retrieve and validate user and group information
         annotated_groups, annotated_users = self._retrieve_entries()
         self.validated_groups = self._validate_groups(annotated_groups)
-        self.validated_users = self._validate_users(annotated_users)
+        self.validated_users = self._validate_users(annotated_users, domain)
         if self.debug:
             log.msg(
                 f"Validated {len(self.validated_groups)} groups and {len(self.validated_users)} users.",
@@ -195,34 +195,41 @@ def _validate_groups(
                 )
             except ValidationError as exc:
                 name = group_dict.get("cn", "unknown")
-                log.msg(f"Validation failed for group '{name}'.")
+                log.msg(f"... group '{name}' failed validation.")
                 for error in exc.errors():
                     log.msg(
-                        f"... '{error['loc'][0]}': {error['msg']} but '{error['input']}' was provided.",
+                        f" -> '{error['loc'][0]}': {error['msg']} but '{error['input']}' was provided.",
                     )
         return output
 
     def _validate_users(
         self: Self,
         annotated_users: list[tuple[JSONDict, list[type[LDAPObjectClass]]]],
+        domain: str,
     ) -> list[LDAPAttributeAdaptor]:
         """Return a list of LDAPAttributeAdaptors representing validated user data."""
         if self.debug:
             log.msg(f"Attempting to validate {len(annotated_users)} users.")
         output = []
         for user_dict, required_classes in annotated_users:
+            name = user_dict.get("cn", "unknown")
             try:
-                output.append(
-                    LDAPAttributeAdaptor.from_attributes(
-                        user_dict,
-                        required_classes=required_classes,
-                    ),
-                )
+                if (user_domain := user_dict.get("domain", None)) == domain:
+                    output.append(
+                        LDAPAttributeAdaptor.from_attributes(
+                            user_dict,
+                            required_classes=required_classes,
+                        ),
+                    )
+                else:
+                    log.msg(f"... user '{name}' failed validation.")
+                    log.msg(
+                        f" -> 'domain': expected '{domain}' but '{user_domain}' was provided.",
+                    )
             except ValidationError as exc:
-                name = user_dict.get("cn", "unknown")
-                log.msg(f"Validation failed for user '{name}'.")
+                log.msg(f"... user '{name}' failed validation.")
                 for error in exc.errors():
                     log.msg(
-                        f"... '{error['loc'][0]}': {error['msg']} but '{error['input']}' was provided.",
+                        f" -> '{error['loc'][0]}': {error['msg']} but '{error['input']}' was provided.",
                     )
         return output
diff --git a/pyproject.toml b/pyproject.toml
@@ -80,62 +80,62 @@ target-version = ["py310", "py311"]
 [tool.ruff.lint]
 select = [
   # See https://beta.ruff.rs/docs/rules/
-  "A",     # flake8-builtins
-  "AIR",   # Airflow
-  "ANN",   # flake8-annotations
-  "ARG",   # flake8-unused-arguments
-  "ASYNC", # flake8-async
-  "B",     # flake8-bugbear
-  "BLE",   # flake8-blind-except
-  "C",     # complexity, mcabe and flake8-comprehensions
-  "COM",   # flake8-commas
-  "D",     # pydocstyle
-  "DTZ",   # flake8-datetimez
-  "E",     # pycodestyle errors
-  "EM",    # flake8-errmsg
-  "ERA",   # eradicate
-  "EXE",   # flake8-executable
-  "F",     # pyflakes
-  "FA",    # flake8-future-annotations
-  "FBT",   # flake8-boolean-trap
-  "FIX",   # flake8-fixme
-  "FLY",   # flynt
-  "FURB",  # refurb
-  "G",     # flake8-logging-format
-  "I",     # isort
-  "ICN",   # flake8-import-conventions
-  "INP",   # flake8-no-pep420
-  "INT",   # flake8-gettext
-  "ISC",   # flake8-implicit-str-concat
-  "LOG",   # flake8-logging
-  "N",     # pep8-naming
-  "NPY",   # numpy-specific-rules
-  "PD",    # pandas-vet
-  "PGH",   # pygrep-hooks
-  "PIE",   # flake8-pie
-  "PLC",   # pylint convention
-  "PLE",   # pylint error
-  "PLR",   # pylint refactor
-  "PLW",   # pylint warning
-  "PT",    # flake8-pytest-style
-  "PTH",   # flake8-use-pathlib
-  "PYI",   # flake8-pyi
-  "Q",     # flake8-quotes
-  "RET",   # flake8-return
-  "RSE",   # flake8-raise
-  "RUF",   # ruff rules
-  "S",     # flake8-bandit
-  "SIM",   # flake8-simplify
-  "SLOT",  # flake8-slot
-  "T",     # flake8-debugger and flake8-print
-  "TCH",   # flake8-type-checking
-  "TD",    # flake8-todos
-  "TID",   # flake8-tidy-imports
-  "TRIO",  # flake8-trio
-  "TRY",   # tryceratops
-  "UP",    # pyupgrade
-  "W",     # pycodestyle warnings
-  "YTT",   # flake8-2020
+  "A",      # flake8-builtins
+  "AIR",    # Airflow
+  "ANN",    # flake8-annotations
+  "ARG",    # flake8-unused-arguments
+  "ASYNC",  # flake8-async
+  "ASYNC1", # flake8-trio
+  "B",      # flake8-bugbear
+  "BLE",    # flake8-blind-except
+  "C",      # complexity, mcabe and flake8-comprehensions
+  "COM",    # flake8-commas
+  "D",      # pydocstyle
+  "DTZ",    # flake8-datetimez
+  "E",      # pycodestyle errors
+  "EM",     # flake8-errmsg
+  "ERA",    # eradicate
+  "EXE",    # flake8-executable
+  "F",      # pyflakes
+  "FA",     # flake8-future-annotations
+  "FBT",    # flake8-boolean-trap
+  "FIX",    # flake8-fixme
+  "FLY",    # flynt
+  "FURB",   # refurb
+  "G",      # flake8-logging-format
+  "I",      # isort
+  "ICN",    # flake8-import-conventions
+  "INP",    # flake8-no-pep420
+  "INT",    # flake8-gettext
+  "ISC",    # flake8-implicit-str-concat
+  "LOG",    # flake8-logging
+  "N",      # pep8-naming
+  "NPY",    # numpy-specific-rules
+  "PD",     # pandas-vet
+  "PGH",    # pygrep-hooks
+  "PIE",    # flake8-pie
+  "PLC",    # pylint convention
+  "PLE",    # pylint error
+  "PLR",    # pylint refactor
+  "PLW",    # pylint warning
+  "PT",     # flake8-pytest-style
+  "PTH",    # flake8-use-pathlib
+  "PYI",    # flake8-pyi
+  "Q",      # flake8-quotes
+  "RET",    # flake8-return
+  "RSE",    # flake8-raise
+  "RUF",    # ruff rules
+  "S",      # flake8-bandit
+  "SIM",    # flake8-simplify
+  "SLOT",   # flake8-slot
+  "T",      # flake8-debugger and flake8-print
+  "TCH",    # flake8-type-checking
+  "TD",     # flake8-todos
+  "TID",    # flake8-tidy-imports
+  "TRY",    # tryceratops
+  "UP",     # pyupgrade
+  "W",      # pycodestyle warnings
+  "YTT",    # flake8-2020
 ]
 ignore = [
   "D100",     # missing-docstring-in-module
