Projet

Général

Profil

0001-backends-prevent-authentication-by-deleted-user.patch

Benjamin Dauvergne, 22 avril 2020 02:39

Télécharger (1,46 ko)

Voir les différences: 

Subject: [PATCH 1/3] backends: prevent authentication by deleted user


 src/authentic2/backends/__init__.py       | 2 ++
 src/authentic2/backends/models_backend.py | 5 ++++-
 2 files changed, 6 insertions(+), 1 deletion(-)
src/authentic2/backends/__init__.py
23 23 

  		




  24
  24
  
    
    qs = User.objects.all()

  		




  25
  25
  
    

  		




  
  26
  
    
    qs = qs.filter(deleted__isnull=True)

  		




  
  27
  
    

  		




  26
  28
  
    
    if app_settings.A2_USER_FILTER:

  		




  27
  29
  
    
        qs = qs.filter(**app_settings.A2_USER_FILTER)

  		




  28
  30
  
    

  		












  

    
      src/authentic2/backends/models_backend.py
    
  





  87
  87
  
    
    def get_user(self, user_id):

  		




  88
  88
  
    
        UserModel = get_user_model()

  		




  89
  89
  
    
        try:

  		




  90
  
  
    
            return UserModel._default_manager.get(pk=user_id)

  		




  
  90
  
    
            user = UserModel._default_manager.get(pk=user_id)

  		




  91
  91
  
    
        except UserModel.DoesNotExist:

  		




  92
  92
  
    
            return None

  		




  
  93
  
    
        if user.deleted:

  		




  
  94
  
    
            return None

  		




  
  95
  
    
        return user

  		




  93
  96
  
    

  		




  94
  97
  
    
    def get_saml2_authn_context(self):

  		




  95
  98
  
    
        import lasso

  		




  96
  
  
    
-