Let ldap_authenticated default to true for existing users

This is only set if LDAP is enabled on the site being migrated, to ensure the change in 534e3ec1 does not leave existing sites vulnerable to users authenticating with shadow copies created before the change.

Let ldap_authenticated default to true for existing users
2bccd426 · Nik | Klampfradler · ec750b84 · 2bccd426
Verified Commit 2bccd426 authored 3 years ago by Nik | Klampfradler
--- a/aleksis/core/migrations/0030_user_attributes.py
+++ b/aleksis/core/migrations/0030_user_attributes.py
@@ -2,10 +2,29 @@

 import aleksis.core.mixins
 from django.conf import settings
+from django.contrib.auth import get_user_model
 from django.db import migrations, models
 import django.db.models.deletion


+def assume_ldap_authenticated_true(apps, schema_editor):
+    """Set ldap_authenticated user attribute to True to protect existing sites."""
+    if not hasattr(settings, "AUTH_LDAP_SERVER_URI"):
+        # Skip if LDAP is not used on site
+        return
+
+    User = get_user_model()
+    UserAdditionalAttributes = apps.get_model("core", "UserAdditionalAttributes")
+
+    db_alias = schema_editor.connection.alias
+
+    attributes = [
+        UserAdditionalAttributes(user_id=user.pk, attributes={"ldap_authenticated": True})
+        for user in User.objects.using(db_alias).all()
+    ]
+    UserAdditionalAttributes.objects.using(db_alias).bulk_create(attributes)
+
+
 class Migration(migrations.Migration):

    dependencies = [
@@ -23,4 +42,5 @@ class Migration(migrations.Migration):
            ],
            bases=(models.Model, aleksis.core.mixins.PureDjangoModel),
        ),
+        migrations.RunPython(assume_ldap_authenticated_true, lambda a, s: None),
    ]