0001-backends-prevent-authentication-by-deleted-user.patch
src/authentic2/backends/__init__.py | ||
---|---|---|
23 | 23 | |
24 | 24 |
qs = User.objects.all() |
25 | 25 | |
26 |
qs = qs.filter(deleted__isnull=True) |
|
27 | ||
26 | 28 |
if app_settings.A2_USER_FILTER: |
27 | 29 |
qs = qs.filter(**app_settings.A2_USER_FILTER) |
28 | 30 |
src/authentic2/backends/models_backend.py | ||
---|---|---|
87 | 87 |
def get_user(self, user_id): |
88 | 88 |
UserModel = get_user_model() |
89 | 89 |
try: |
90 |
return UserModel._default_manager.get(pk=user_id)
|
|
90 |
user = UserModel._default_manager.get(pk=user_id)
|
|
91 | 91 |
except UserModel.DoesNotExist: |
92 | 92 |
return None |
93 |
if user.deleted: |
|
94 |
return None |
|
95 |
return user |
|
93 | 96 | |
94 | 97 |
def get_saml2_authn_context(self): |
95 | 98 |
import lasso |
96 |
- |