diff --git a/apricot/oauth/oauth_data_adaptor.py b/apricot/oauth/oauth_data_adaptor.py index 31aecb5..0545319 100644 --- a/apricot/oauth/oauth_data_adaptor.py +++ b/apricot/oauth/oauth_data_adaptor.py @@ -47,7 +47,7 @@ def __init__( # Retrieve and validate user and group information annotated_groups, annotated_users = self._retrieve_entries() self.validated_groups = self._validate_groups(annotated_groups) - self.validated_users = self._validate_users(annotated_users) + self.validated_users = self._validate_users(annotated_users, domain) if self.debug: log.msg( f"Validated {len(self.validated_groups)} groups and {len(self.validated_users)} users.", @@ -195,34 +195,41 @@ def _validate_groups( ) except ValidationError as exc: name = group_dict.get("cn", "unknown") - log.msg(f"Validation failed for group '{name}'.") + log.msg(f"... group '{name}' failed validation.") for error in exc.errors(): log.msg( - f"... '{error['loc'][0]}': {error['msg']} but '{error['input']}' was provided.", + f" -> '{error['loc'][0]}': {error['msg']} but '{error['input']}' was provided.", ) return output def _validate_users( self: Self, annotated_users: list[tuple[JSONDict, list[type[LDAPObjectClass]]]], + domain: str, ) -> list[LDAPAttributeAdaptor]: """Return a list of LDAPAttributeAdaptors representing validated user data.""" if self.debug: log.msg(f"Attempting to validate {len(annotated_users)} users.") output = [] for user_dict, required_classes in annotated_users: + name = user_dict.get("cn", "unknown") try: - output.append( - LDAPAttributeAdaptor.from_attributes( - user_dict, - required_classes=required_classes, - ), - ) + if (user_domain := user_dict.get("domain", None)) == domain: + output.append( + LDAPAttributeAdaptor.from_attributes( + user_dict, + required_classes=required_classes, + ), + ) + else: + log.msg(f"... user '{name}' failed validation.") + log.msg( + f" -> 'domain': expected '{domain}' but '{user_domain}' was provided.", + ) except ValidationError as exc: - name = user_dict.get("cn", "unknown") - log.msg(f"Validation failed for user '{name}'.") + log.msg(f"... user '{name}' failed validation.") for error in exc.errors(): log.msg( - f"... '{error['loc'][0]}': {error['msg']} but '{error['input']}' was provided.", + f" -> '{error['loc'][0]}': {error['msg']} but '{error['input']}' was provided.", ) return output diff --git a/pyproject.toml b/pyproject.toml index 39e69ec..3fdf026 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -80,62 +80,62 @@ target-version = ["py310", "py311"] [tool.ruff.lint] select = [ # See https://beta.ruff.rs/docs/rules/ - "A", # flake8-builtins - "AIR", # Airflow - "ANN", # flake8-annotations - "ARG", # flake8-unused-arguments - "ASYNC", # flake8-async - "B", # flake8-bugbear - "BLE", # flake8-blind-except - "C", # complexity, mcabe and flake8-comprehensions - "COM", # flake8-commas - "D", # pydocstyle - "DTZ", # flake8-datetimez - "E", # pycodestyle errors - "EM", # flake8-errmsg - "ERA", # eradicate - "EXE", # flake8-executable - "F", # pyflakes - "FA", # flake8-future-annotations - "FBT", # flake8-boolean-trap - "FIX", # flake8-fixme - "FLY", # flynt - "FURB", # refurb - "G", # flake8-logging-format - "I", # isort - "ICN", # flake8-import-conventions - "INP", # flake8-no-pep420 - "INT", # flake8-gettext - "ISC", # flake8-implicit-str-concat - "LOG", # flake8-logging - "N", # pep8-naming - "NPY", # numpy-specific-rules - "PD", # pandas-vet - "PGH", # pygrep-hooks - "PIE", # flake8-pie - "PLC", # pylint convention - "PLE", # pylint error - "PLR", # pylint refactor - "PLW", # pylint warning - "PT", # flake8-pytest-style - "PTH", # flake8-use-pathlib - "PYI", # flake8-pyi - "Q", # flake8-quotes - "RET", # flake8-return - "RSE", # flake8-raise - "RUF", # ruff rules - "S", # flake8-bandit - "SIM", # flake8-simplify - "SLOT", # flake8-slot - "T", # flake8-debugger and flake8-print - "TCH", # flake8-type-checking - "TD", # flake8-todos - "TID", # flake8-tidy-imports - "TRIO", # flake8-trio - "TRY", # tryceratops - "UP", # pyupgrade - "W", # pycodestyle warnings - "YTT", # flake8-2020 + "A", # flake8-builtins + "AIR", # Airflow + "ANN", # flake8-annotations + "ARG", # flake8-unused-arguments + "ASYNC", # flake8-async + "ASYNC1", # flake8-trio + "B", # flake8-bugbear + "BLE", # flake8-blind-except + "C", # complexity, mcabe and flake8-comprehensions + "COM", # flake8-commas + "D", # pydocstyle + "DTZ", # flake8-datetimez + "E", # pycodestyle errors + "EM", # flake8-errmsg + "ERA", # eradicate + "EXE", # flake8-executable + "F", # pyflakes + "FA", # flake8-future-annotations + "FBT", # flake8-boolean-trap + "FIX", # flake8-fixme + "FLY", # flynt + "FURB", # refurb + "G", # flake8-logging-format + "I", # isort + "ICN", # flake8-import-conventions + "INP", # flake8-no-pep420 + "INT", # flake8-gettext + "ISC", # flake8-implicit-str-concat + "LOG", # flake8-logging + "N", # pep8-naming + "NPY", # numpy-specific-rules + "PD", # pandas-vet + "PGH", # pygrep-hooks + "PIE", # flake8-pie + "PLC", # pylint convention + "PLE", # pylint error + "PLR", # pylint refactor + "PLW", # pylint warning + "PT", # flake8-pytest-style + "PTH", # flake8-use-pathlib + "PYI", # flake8-pyi + "Q", # flake8-quotes + "RET", # flake8-return + "RSE", # flake8-raise + "RUF", # ruff rules + "S", # flake8-bandit + "SIM", # flake8-simplify + "SLOT", # flake8-slot + "T", # flake8-debugger and flake8-print + "TCH", # flake8-type-checking + "TD", # flake8-todos + "TID", # flake8-tidy-imports + "TRY", # tryceratops + "UP", # pyupgrade + "W", # pycodestyle warnings + "YTT", # flake8-2020 ] ignore = [ "D100", # missing-docstring-in-module