From a9a8b273fe5db3ea546d439fa529cd06c5e42eb9 Mon Sep 17 00:00:00 2001 From: "m.shvets" Date: Fri, 16 Jan 2026 16:52:52 +0300 Subject: [PATCH 1/2] Refactor: streamline attribute deletion and user creation in ModifyRequest class --- app/ldap_protocol/ldap_requests/modify.py | 43 +++++++++-------------- interface | 2 +- 2 files changed, 17 insertions(+), 28 deletions(-) diff --git a/app/ldap_protocol/ldap_requests/modify.py b/app/ldap_protocol/ldap_requests/modify.py index 1d79fcfd6..ec711d3cb 100644 --- a/app/ldap_protocol/ldap_requests/modify.py +++ b/app/ldap_protocol/ldap_requests/modify.py @@ -275,9 +275,7 @@ async def handle( await self._add(*add_args) await ctx.session.flush() - await ctx.session.execute( - update(Directory).filter_by(id=directory.id), - ) + except MODIFY_EXCEPTION_STACK as err: await ctx.session.rollback() result_code, message = self._match_bad_response(err) @@ -857,17 +855,12 @@ async def _add( # noqa: C901 await session.execute( delete(Attribute) - .filter_by( - name="nsAccountLock", - directory=directory, - ), - ) # fmt: skip - - await session.execute( - delete(Attribute) - .filter_by( - name="shadowExpire", - directory=directory, + .where( + or_( + qa(Attribute.name) == "nsAccountLock", + qa(Attribute.name) == "shadowExpire", + ), + qa(Attribute.directory) == directory, ), ) # fmt: skip @@ -900,18 +893,21 @@ async def _add( # noqa: C901 sam_account_name = create_user_name(directory.id) user_principal_name = f"{sam_account_name}@{base_dn.name}" - user = User( - sam_account_name=sam_account_name, - user_principal_name=user_principal_name, - directory_id=directory.id, - ) + if directory.object_class in ("user", "person"): + user = User( + sam_account_name=sam_account_name, + user_principal_name=user_principal_name, + directory_id=directory.id, + ) + session.add(user) + uac_attr = Attribute( name="userAccountControl", value=str(UserAccountControlFlag.NORMAL_ACCOUNT), directory_id=directory.id, ) - session.add_all([user, uac_attr]) + session.add(uac_attr) await session.flush() await session.refresh(directory) @@ -926,13 +922,6 @@ async def _add( # noqa: C901 .values({name: new_value}), ) - elif name in Group.search_fields and directory.group: - await session.execute( - update(Group) - .filter_by(directory=directory) - .values({name: value}), - ) - elif name in ("userpassword", "unicodepwd") and directory.user: if not settings.USE_CORE_TLS: raise PermissionError("TLS required") diff --git a/interface b/interface index 97bbc08dd..f31962020 160000 --- a/interface +++ b/interface @@ -1 +1 @@ -Subproject commit 97bbc08dda7584f579f756d8b09abe60db67b47b +Subproject commit f31962020a6689e6a4c61fb3349db5b5c7895f92 From bd0863ae941f49b1daca11c1627a4ee50f959da3 Mon Sep 17 00:00:00 2001 From: "m.shvets" Date: Fri, 16 Jan 2026 18:08:41 +0300 Subject: [PATCH 2/2] Refactor: simplify user attribute updates in ModifyRequest class by removing unnecessary user creation logic --- app/ldap_protocol/ldap_requests/modify.py | 52 +++++------------------ 1 file changed, 11 insertions(+), 41 deletions(-) diff --git a/app/ldap_protocol/ldap_requests/modify.py b/app/ldap_protocol/ldap_requests/modify.py index ec711d3cb..2cabe8bd2 100644 --- a/app/ldap_protocol/ldap_requests/modify.py +++ b/app/ldap_protocol/ldap_requests/modify.py @@ -37,17 +37,11 @@ from ldap_protocol.policies.password import PasswordPolicyUseCases from ldap_protocol.session_storage import SessionStorage from ldap_protocol.utils.cte import check_root_group_membership_intersection -from ldap_protocol.utils.helpers import ( - create_user_name, - ft_to_dt, - is_dn_in_base_directory, - validate_entry, -) +from ldap_protocol.utils.helpers import ft_to_dt, validate_entry from ldap_protocol.utils.queries import ( add_lock_and_expire_attributes, clear_group_membership, extend_group_membership, - get_base_directories, get_directories, get_directory_by_rid, get_filter_from_path, @@ -884,44 +878,20 @@ async def _add( # noqa: C901 ) elif name in User.search_fields: - if not directory.user: - path_dn = directory.path_dn - for base_directory in await get_base_directories(session): - if is_dn_in_base_directory(base_directory, path_dn): - base_dn = base_directory - break - - sam_account_name = create_user_name(directory.id) - user_principal_name = f"{sam_account_name}@{base_dn.name}" - if directory.object_class in ("user", "person"): - user = User( - sam_account_name=sam_account_name, - user_principal_name=user_principal_name, - directory_id=directory.id, + if directory.user: + if name == "accountexpires": + new_value = ( + ft_to_dt(int(value)) if value != "0" else None ) - session.add(user) + else: + new_value = value # type: ignore - uac_attr = Attribute( - name="userAccountControl", - value=str(UserAccountControlFlag.NORMAL_ACCOUNT), - directory_id=directory.id, + await session.execute( + update(User) + .filter_by(directory=directory) + .values({name: new_value}), ) - session.add(uac_attr) - await session.flush() - await session.refresh(directory) - - if name == "accountexpires": - new_value = ft_to_dt(int(value)) if value != "0" else None - else: - new_value = value # type: ignore - - await session.execute( - update(User) - .filter_by(directory=directory) - .values({name: new_value}), - ) - elif name in ("userpassword", "unicodepwd") and directory.user: if not settings.USE_CORE_TLS: raise PermissionError("TLS required")