0002-add-request-as-first-argument-to-all-backends-33992.patch
| src/authentic2/api_views.py | ||
|---|---|---|
| 17 | 17 |
import logging |
| 18 | 18 |
import smtplib |
| 19 | 19 | |
| 20 |
import django |
|
| 20 | 21 |
from django.db import models |
| 21 | 22 |
from django.contrib.auth import get_user_model |
| 22 | 23 |
from django.core.exceptions import MultipleObjectsReturned |
| ... | ... | |
| 34 | 35 |
from rest_framework.routers import SimpleRouter |
| 35 | 36 |
from rest_framework.generics import GenericAPIView |
| 36 | 37 |
from rest_framework.response import Response |
| 37 |
from rest_framework import permissions, status |
|
| 38 |
from rest_framework import permissions, status, authentication
|
|
| 38 | 39 |
from rest_framework.exceptions import PermissionDenied, AuthenticationFailed |
| 39 | 40 |
from rest_framework.fields import CreateOnlyDefault |
| 40 | 41 |
from rest_framework.decorators import list_route, detail_route |
| ... | ... | |
| 52 | 53 |
from .a2_rbac.utils import get_default_ou |
| 53 | 54 | |
| 54 | 55 | |
| 56 |
# Retro-compatibility with Django 1.8 |
|
| 57 |
if django.VERSION < (1, 11): |
|
| 58 |
authentication.authenticate = utils.authenticate |
|
| 59 | ||
| 60 | ||
| 55 | 61 |
class HookMixin(object): |
| 56 | 62 |
def get_serializer(self, *args, **kwargs): |
| 57 | 63 |
serializer = super(HookMixin, self).get_serializer(*args, **kwargs) |
| src/authentic2/backends/ldap_backend.py | ||
|---|---|---|
| 1374 | 1374 | |
| 1375 | 1375 | |
| 1376 | 1376 |
class LDAPBackendPasswordLost(LDAPBackend): |
| 1377 |
def authenticate(self, user=None): |
|
| 1377 |
def authenticate(self, request, user=None):
|
|
| 1378 | 1378 |
if not user: |
| 1379 | 1379 |
return |
| 1380 | 1380 |
config = self.get_config() |
| src/authentic2/backends/models_backend.py | ||
|---|---|---|
| 68 | 68 |
from .. import models |
| 69 | 69 |
return bool(models.PasswordReset.filter(user=user).count()) |
| 70 | 70 | |
| 71 |
def authenticate(self, username=None, password=None, realm=None, ou=None, **kwargs):
|
|
| 71 |
def authenticate(self, request, username=None, password=None, realm=None, ou=None):
|
|
| 72 | 72 |
UserModel = get_user_model() |
| 73 |
if username is None: |
|
| 74 |
username = kwargs.get(UserModel.USERNAME_FIELD) |
|
| 75 | 73 |
if not username: |
| 76 | 74 |
return |
| 77 | 75 |
query = self.get_query(username=username, realm=realm, ou=ou) |
| ... | ... | |
| 99 | 97 | |
| 100 | 98 | |
| 101 | 99 |
class DummyModelBackend(ModelBackend): |
| 102 |
def authenticate(self, user=None): |
|
| 100 |
def authenticate(self, request, user=None):
|
|
| 103 | 101 |
if user is not None: |
| 104 | 102 |
return user |
| src/authentic2/forms/authentication.py | ||
|---|---|---|
| 21 | 21 |
from django.contrib.auth import forms as auth_forms |
| 22 | 22 |
from django.utils import html |
| 23 | 23 | |
| 24 |
from django.contrib.auth import authenticate |
|
| 25 | ||
| 26 | 24 |
from authentic2.forms.fields import PasswordField |
| 27 | 25 | |
| 28 | 26 |
from ..a2_rbac.models import OrganizationalUnit as OU |
| ... | ... | |
| 98 | 96 |
ou = self.cleaned_data.get('ou')
|
| 99 | 97 | |
| 100 | 98 |
if username is not None and password: |
| 101 |
self.user_cache = authenticate(username=username, password=password, ou=ou, request=self.request)
|
|
| 99 |
self.user_cache = utils.authenticate(self.request, username=username, password=password, ou=ou)
|
|
| 102 | 100 |
if self.user_cache is None: |
| 103 | 101 |
raise forms.ValidationError( |
| 104 | 102 |
self.error_messages['invalid_login'], |
| src/authentic2/utils.py | ||
|---|---|---|
| 32 | 32 |
from django.core.exceptions import ImproperlyConfigured, PermissionDenied |
| 33 | 33 |
from django.http.request import QueryDict |
| 34 | 34 |
from django.contrib.auth import (REDIRECT_FIELD_NAME, login as auth_login, SESSION_KEY, |
| 35 |
HASH_SESSION_KEY, BACKEND_SESSION_KEY, authenticate, |
|
| 35 |
HASH_SESSION_KEY, BACKEND_SESSION_KEY, authenticate as dj_authenticate,
|
|
| 36 | 36 |
get_user_model) |
| 37 | 37 |
from django import forms |
| 38 | 38 |
from django.forms.utils import ErrorList, to_current_timezone |
| ... | ... | |
| 834 | 834 |
for key in (SESSION_KEY, BACKEND_SESSION_KEY, HASH_SESSION_KEY, |
| 835 | 835 |
constants.LAST_LOGIN_SESSION_KEY): |
| 836 | 836 |
switched[key] = request.session[key] |
| 837 |
user = authenticate(user=new_user) |
|
| 837 |
user = authenticate(request, user=new_user)
|
|
| 838 | 838 |
login(request, user, 'switch') |
| 839 | 839 |
request.session[constants.SWITCH_USER_SESSION_KEY] = switched |
| 840 | 840 |
if constants.LAST_LOGIN_SESSION_KEY not in request.session: |
| ... | ... | |
| 1144 | 1144 |
if session is not None: |
| 1145 | 1145 |
return session.get(constants.AUTHENTICATION_EVENTS_SESSION_KEY, []) |
| 1146 | 1146 |
return [] |
| 1147 | ||
| 1148 | ||
| 1149 |
def authenticate(request=None, **kwargs): |
|
| 1150 |
# Compatibility layer with Django 1.8 |
|
| 1151 |
return dj_authenticate(request=request, **kwargs) |
|
| src/authentic2/views.py | ||
|---|---|---|
| 43 | 43 |
from django.contrib.auth.decorators import login_required |
| 44 | 44 |
from django.db.models.fields import FieldDoesNotExist |
| 45 | 45 |
from django.db.models.query import Q |
| 46 |
from django.contrib.auth import get_user_model, authenticate
|
|
| 46 |
from django.contrib.auth import get_user_model |
|
| 47 | 47 |
from django.http import Http404 |
| 48 | 48 |
from django.utils.http import urlsafe_base64_decode |
| 49 | 49 |
from django.views.generic.edit import CreateView |
| ... | ... | |
| 690 | 690 |
try: |
| 691 | 691 |
uid = urlsafe_base64_decode(uidb64) |
| 692 | 692 |
# use authenticate to eventually get an LDAPUser |
| 693 |
self.user = authenticate(user=UserModel._default_manager.get(pk=uid))
|
|
| 693 |
self.user = utils.authenticate(request, user=UserModel._default_manager.get(pk=uid))
|
|
| 694 | 694 |
except (TypeError, ValueError, OverflowError, |
| 695 | 695 |
UserModel.DoesNotExist): |
| 696 | 696 |
validlink = False |
| src/authentic2_auth_fc/views.py | ||
|---|---|---|
| 26 | 26 |
import django |
| 27 | 27 |
from django.views.generic import View, FormView |
| 28 | 28 |
from django.http import HttpResponseRedirect, Http404 |
| 29 |
from django.contrib.auth import authenticate, REDIRECT_FIELD_NAME, get_user_model
|
|
| 29 |
from django.contrib.auth import REDIRECT_FIELD_NAME, get_user_model |
|
| 30 | 30 |
from django.contrib import messages |
| 31 | 31 |
from django.shortcuts import resolve_url, render |
| 32 | 32 |
from django.utils.translation import ugettext as _ |
| ... | ... | |
| 402 | 402 | |
| 403 | 403 |
default_ou = get_default_ou() |
| 404 | 404 |
email_is_unique = a2_app_settings.A2_EMAIL_IS_UNIQUE or default_ou.email_is_unique |
| 405 |
user = authenticate(sub=self.sub, user_info=self.user_info, |
|
| 406 |
token=self.token) |
|
| 405 |
user = a2_utils.authenticate( |
|
| 406 |
request, |
|
| 407 |
sub=self.sub, |
|
| 408 |
user_info=self.user_info, |
|
| 409 |
token=self.token) |
|
| 407 | 410 |
if not user and self.user_info.get('email') and email_is_unique:
|
| 408 | 411 |
email = self.user_info['email'] |
| 409 | 412 |
User = get_user_model() |
| ... | ... | |
| 428 | 431 |
self.logger.info(u'fc link created sub %s user %s', self.sub, user) |
| 429 | 432 |
hooks.call_hooks('event', name='fc-link', user=user, sub=self.sub,
|
| 430 | 433 |
request=request) |
| 431 |
user = authenticate(sub=self.sub, user_info=self.user_info, |
|
| 432 |
token=self.token) |
|
| 434 |
user = a2_utils.authenticate( |
|
| 435 |
request=request, |
|
| 436 |
sub=self.sub, |
|
| 437 |
user_info=self.user_info, |
|
| 438 |
token=self.token) |
|
| 433 | 439 |
else: |
| 434 | 440 |
messages.warning( |
| 435 | 441 |
request, |
| src/authentic2_auth_oidc/backends.py | ||
|---|---|---|
| 36 | 36 | |
| 37 | 37 | |
| 38 | 38 |
class OIDCBackend(ModelBackend): |
| 39 |
def authenticate(self, access_token=None, id_token=None, nonce=None, **kwargs):
|
|
| 39 |
def authenticate(self, request, access_token=None, id_token=None, nonce=None):
|
|
| 40 | 40 |
logger = logging.getLogger(__name__) |
| 41 | 41 |
if id_token is None: |
| 42 | 42 |
return |
| src/authentic2_auth_oidc/views.py | ||
|---|---|---|
| 23 | 23 |
from django.core.urlresolvers import reverse |
| 24 | 24 |
from django.utils.translation import get_language, ugettext as _ |
| 25 | 25 |
from django.contrib import messages |
| 26 |
from django.contrib.auth import REDIRECT_FIELD_NAME, authenticate
|
|
| 26 |
from django.contrib.auth import REDIRECT_FIELD_NAME |
|
| 27 | 27 |
from django.conf import settings |
| 28 | 28 |
from django.views.generic.base import View |
| 29 | 29 |
from django.http import HttpResponseBadRequest |
| 30 | 30 | |
| 31 | 31 |
from authentic2.decorators import setting_enabled |
| 32 |
from authentic2.utils import redirect, login, good_next_url |
|
| 32 |
from authentic2.utils import redirect, login, good_next_url, authenticate
|
|
| 33 | 33 | |
| 34 | 34 |
from . import app_settings, models |
| 35 | 35 |
from .utils import get_provider, get_provider_by_issuer |
| ... | ... | |
| 198 | 198 |
return self.continue_to_next_url() |
| 199 | 199 |
logger.info(u'got token response %s', result) |
| 200 | 200 |
access_token = result.get('access_token')
|
| 201 |
user = authenticate(access_token=access_token, nonce=nonce, id_token=result['id_token']) |
|
| 201 |
user = authenticate(request, access_token=access_token, nonce=nonce, id_token=result['id_token'])
|
|
| 202 | 202 |
if user: |
| 203 | 203 |
# remember last tokens for logout |
| 204 | 204 |
tokens = request.session.setdefault('auth_oidc', {}).setdefault('tokens', [])
|
| src/authentic2_auth_saml/backends.py | ||
|---|---|---|
| 22 | 22 | |
| 23 | 23 | |
| 24 | 24 |
class SAMLBackend(SAMLBackend): |
| 25 |
def authenticate(self, saml_attributes, request=None):
|
|
| 25 |
def authenticate(self, request, saml_attributes):
|
|
| 26 | 26 |
if not app_settings.enable: |
| 27 | 27 |
return None |
| 28 | 28 |
return super(SAMLBackend, self).authenticate(saml_attributes=saml_attributes, request=request) |
| tests/test_all.py | ||
|---|---|---|
| 253 | 253 |
user_editable=True, |
| 254 | 254 |
user_visible=True, |
| 255 | 255 |
kind='string') |
| 256 |
self.assertTrue(self.client.login(username='testbot', |
|
| 256 |
self.assertTrue(self.client.login(request=None, |
|
| 257 |
username='testbot', |
|
| 257 | 258 |
password='secret')) |
| 258 | 259 | |
| 259 | 260 |
# get the edit page in order to check form's prefix |
| ... | ... | |
| 298 | 299 |
user_visible=False, |
| 299 | 300 |
kind='string') |
| 300 | 301 | |
| 301 |
self.assertTrue(self.client.login(username='testbot', |
|
| 302 |
self.assertTrue(self.client.login(request=None, |
|
| 303 |
username='testbot', |
|
| 302 | 304 |
password='secret')) |
| 303 | 305 |
response = self.client.get(reverse('profile_edit'))
|
| 304 | 306 |
form = get_response_form(response) |
| tests/test_api.py | ||
|---|---|---|
| 75 | 75 |
assert response.content == b'{}'
|
| 76 | 76 | |
| 77 | 77 |
# login |
| 78 |
client.login(username='john.doe', password='password') |
|
| 78 |
client.login(request=None, username='john.doe', password='password')
|
|
| 79 | 79 |
response = client.get('/api/user/', HTTP_ORIGIN='http://testserver')
|
| 80 | 80 |
data = json.loads(response.content) |
| 81 | 81 |
assert isinstance(data, dict) |
| tests/test_backends.py | ||
|---|---|---|
| 14 | 14 |
# You should have received a copy of the GNU Affero General Public License |
| 15 | 15 |
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 16 | 16 | |
| 17 |
from django.contrib.auth import authenticate
|
|
| 17 |
from authentic2.utils import authenticate
|
|
| 18 | 18 |
from authentic2.backends import is_user_authenticable |
| 19 | 19 | |
| 20 | 20 | |
| tests/test_ldap.py | ||
|---|---|---|
| 24 | 24 |
from ldap.dn import escape_dn_chars |
| 25 | 25 | |
| 26 | 26 |
from ldaptools.slapd import Slapd, has_slapd |
| 27 |
from django.contrib.auth import get_user_model, authenticate
|
|
| 27 |
from django.contrib.auth import get_user_model |
|
| 28 | 28 |
from django.core.exceptions import ImproperlyConfigured |
| 29 | 29 |
from django.core import management |
| 30 | 30 |
from django.core import mail |
| ... | ... | |
| 35 | 35 |
from authentic2.a2_rbac.utils import get_default_ou |
| 36 | 36 |
from django_rbac.utils import get_ou_model |
| 37 | 37 |
from authentic2.backends import ldap_backend |
| 38 |
from authentic2.utils import authenticate |
|
| 38 | 39 |
from authentic2 import crypto, models |
| 39 | 40 | |
| 40 | 41 |
import utils |
| tests/test_utils.py | ||
|---|---|---|
| 15 | 15 |
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 16 | 16 |
# authentic2 |
| 17 | 17 | |
| 18 |
from django.contrib.auth import authenticate |
|
| 19 | 18 |
from django.contrib.auth.middleware import AuthenticationMiddleware |
| 20 | 19 |
from django.contrib.sessions.middleware import SessionMiddleware |
| 21 | 20 | |
| 22 | 21 |
from authentic2.utils import (good_next_url, same_origin, select_next_url, |
| 23 | 22 |
user_can_change_password, login, |
| 24 |
get_authentication_events) |
|
| 23 |
get_authentication_events, authenticate)
|
|
| 25 | 24 | |
| 26 | 25 | |
| 27 | 26 |
def test_good_next_url(db, rf, settings): |
| 28 |
- |
|