django-DefectDojo icon indicating copy to clipboard operation
django-DefectDojo copied to clipboard

Published 20 hours ago verified publisher icon DefectDojo

changed type to regular django type to also pick up creation events f…

Open lme-nca opened this issue 2 years ago • 8 comments

changed the type of user_post_save to generic Django user so all users created (ldap, oauth, ui) will trigger this function. This should fix #6626

lme-nca avatar Aug 16 '22 15:08 lme-nca

@lme-nca please see the failing tests. You may have to base your change from the dev branch to make the helm lint test pass

ghost avatar Aug 16 '22 20:08 ghost

Hi @cody-m-tibco I changed the base to dev and fixed a unused import. Let me know if there is anything else i'm supposed to do.

lme-nca avatar Aug 17 '22 07:08 lme-nca

Hard to tell without testing it. The failing unit tests look like it might not work for the normal creation of users anymore. @lme-nca Have you tested it with creating users via OAuth2 and creating users with the user interface?

StefanFl avatar Aug 17 '22 20:08 StefanFl

@StefanFl Hi Stefan, you were right it was not being triggered for Dojo users (created through the UI) now. I expected this to work because of inheritance, however I am not that familiar with how Python handles this. It seems the easiest solution is just adding both types as separate annotations. I tested this and it now works for both Dojo as well as Django Users.

I have not tested it with Oauth, as I don't have a test setup for this, however as this also creates a Django user type i'm confident this would fix the issue.

lme-nca avatar Aug 18 '22 12:08 lme-nca

I am nervous about double dipping here. For example, if you edit a user in the UI (should be a Dojo_User) would the post save be triggered once for the Dojo_User, and then a second time for the Django user?

Maffooch avatar Aug 18 '22 15:08 Maffooch

@Maffooch well clearly it wasn't being triggered for the Dojo_User, because the user was not added in the group and also the notification templates were not created, this triggered the test to fail.

however alternatively we could remove the sender restriction all together and do something like this: https://stackoverflow.com/questions/7792287/how-to-use-django-model-inheritance-with-signals i.e. if isinstance(user, Dojo_User) or isinstance(user, User)

Personally I don't like this solution.

lme-nca avatar Aug 18 '22 16:08 lme-nca

@Maffooch @StefanFl The test are passing now, ready for review ?

lme-nca avatar Aug 22 '22 16:08 lme-nca

@Maffooch could you add a second reviewer for approval ?

lme-nca avatar Aug 25 '22 14:08 lme-nca

created a new pull request from the DEV branch: https://github.com/DefectDojo/django-DefectDojo/pull/6918

lme-nca avatar Sep 30 '22 08:09 lme-nca