0001-ldap-record-users-ldap-accounts-51211.patch
| src/authentic2/backends/__init__.py | ||
|---|---|---|
| 42 | 42 |
if not app_settings.A2_USER_FILTER and not app_settings.A2_USER_EXCLUDE: |
| 43 | 43 |
return True |
| 44 | 44 |
return get_user_queryset().filter(pk=user.pk).exists() |
| 45 | ||
| 46 | ||
| 47 |
from .ldap_backend import LDAPBackend # noqa: F401 |
|
| 48 |
from .models_backend import ModelBackend # noqa: F401 |
|
| src/authentic2/backends/apps.py | ||
|---|---|---|
| 1 |
# authentic2 - versatile identity manager |
|
| 2 |
# Copyright (C) 2010-2021 Entr'ouvert |
|
| 3 |
# |
|
| 4 |
# This program is free software: you can redistribute it and/or modify it |
|
| 5 |
# under the terms of the GNU Affero General Public License as published |
|
| 6 |
# by the Free Software Foundation, either version 3 of the License, or |
|
| 7 |
# (at your option) any later version. |
|
| 8 |
# |
|
| 9 |
# This program is distributed in the hope that it will be useful, |
|
| 10 |
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
| 11 |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
| 12 |
# GNU Affero General Public License for more details. |
|
| 13 |
# |
|
| 14 |
# You should have received a copy of the GNU Affero General Public License |
|
| 15 |
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
| 16 | ||
| 17 |
import django.apps |
|
| 18 |
from django import template |
|
| 19 | ||
| 20 | ||
| 21 |
class AppConfig(django.apps.AppConfig): |
|
| 22 |
name = 'authentic2.backends' |
|
| 23 |
verbose_name = _('Backends')
|
|
| 24 | ||
| 25 |
def a2_hook_manager_user_data(self, view, user): |
|
| 26 |
context = {'user': user}
|
|
| 27 |
return [ |
|
| 28 |
template.loader.get_template('authentic2_auth_oidc/manager_user_sidebar.html').render(context)
|
|
| 29 |
] |
|
| src/authentic2/backends/ldap_backend.py | ||
|---|---|---|
| 44 | 44 |
from django.contrib.auth.models import Group |
| 45 | 45 |
from django.core.cache import cache |
| 46 | 46 |
from django.core.exceptions import ImproperlyConfigured |
| 47 |
from django.db import models |
|
| 47 | 48 |
from django.utils.encoding import force_bytes, force_text |
| 48 | 49 |
from django.utils.translation import ngettext |
| 49 | 50 |
from django.utils.translation import ugettext as _ |
| ... | ... | |
| 1472 | 1473 |
def _return_django_user(self, dn, username, password, conn, block, attributes): |
| 1473 | 1474 |
from authentic2.manager.journal_event_types import ManagerUserActivation |
| 1474 | 1475 | |
| 1476 |
ldap_uri = conn.get_option(ldap.OPT_URI) |
|
| 1475 | 1477 |
user = self.lookup_existing_user(username, block, attributes) |
| 1476 | 1478 |
if user: |
| 1477 | 1479 |
log.debug('found existing user %r', user)
|
| 1480 |
LDAPAccount.objects.get_or_create(user=user, origin=ldap_uri) |
|
| 1478 | 1481 |
else: |
| 1479 | 1482 |
user = LDAPUser(username=username) |
| 1480 | 1483 |
user.set_unusable_password() |
| ... | ... | |
| 1483 | 1486 |
self.populate_user(user, dn, username, conn, block, attributes) |
| 1484 | 1487 |
if not user.pk or getattr(user, '_changed', False): |
| 1485 | 1488 |
user.save() |
| 1489 |
LDAPAccount.objects.update_or_create(user=user, origin=ldap_uri) |
|
| 1486 | 1490 | |
| 1487 | 1491 |
if not is_user_authenticable(user): |
| 1488 | 1492 |
return None |
| ... | ... | |
| 1875 | 1879 | |
| 1876 | 1880 |
LDAPUser.ldap_backend = LDAPBackend |
| 1877 | 1881 |
LDAPBackendPasswordLost.ldap_backend = LDAPBackend |
| 1882 | ||
| 1883 | ||
| 1884 |
class LDAPAccount(models.Model): |
|
| 1885 |
created = models.DateTimeField(verbose_name=_('created'), auto_now_add=True)
|
|
| 1886 |
modified = models.DateTimeField(verbose_name=_('modified'), auto_now=True)
|
|
| 1887 |
origin = models.CharField(verbose_name=_('server url'), max_length=256)
|
|
| 1888 |
user = models.OneToOneField( |
|
| 1889 |
to=settings.AUTH_USER_MODEL, |
|
| 1890 |
verbose_name=_('user'),
|
|
| 1891 |
related_name='ldap_account', |
|
| 1892 |
on_delete=models.CASCADE, |
|
| 1893 |
) |
|
| src/authentic2/backends/templates/authentic2/backends/manager_user_sidebar.html | ||
|---|---|---|
| 1 |
{% load i18n %}
|
|
| 2 |
{% if user.ldap_account %}
|
|
| 3 |
<p> |
|
| 4 |
{% blocktrans trimmed with modified=user.ldap_account.modified origin=user.ldap_account.origin %}
|
|
| 5 |
Linked with LDAP server {{ name }} (last modified on {{ modified }}).
|
|
| 6 |
{% endblocktrans %}
|
|
| 7 |
</p> |
|
| 8 |
{% endif %}
|
|
| src/authentic2/migrations/0034_ldapaccount.py | ||
|---|---|---|
| 1 |
# Generated by Django 2.2.19 on 2021-07-07 14:15 |
|
| 2 | ||
| 3 |
import django.db.models.deletion |
|
| 4 |
from django.conf import settings |
|
| 5 |
from django.db import migrations, models |
|
| 6 | ||
| 7 | ||
| 8 |
class Migration(migrations.Migration): |
|
| 9 | ||
| 10 |
dependencies = [ |
|
| 11 |
migrations.swappable_dependency(settings.AUTH_USER_MODEL), |
|
| 12 |
('authentic2', '0033_recreate_immutable_unaccent'),
|
|
| 13 |
] |
|
| 14 | ||
| 15 |
operations = [ |
|
| 16 |
migrations.CreateModel( |
|
| 17 |
name='LDAPAccount', |
|
| 18 |
fields=[ |
|
| 19 |
( |
|
| 20 |
'id', |
|
| 21 |
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'), |
|
| 22 |
), |
|
| 23 |
('created', models.DateTimeField(auto_now_add=True, verbose_name='création')),
|
|
| 24 |
('modified', models.DateTimeField(auto_now=True, verbose_name='modifié')),
|
|
| 25 |
('origin', models.CharField(max_length=256, verbose_name='server url')),
|
|
| 26 |
( |
|
| 27 |
'user', |
|
| 28 |
models.OneToOneField( |
|
| 29 |
on_delete=django.db.models.deletion.CASCADE, |
|
| 30 |
related_name='ldap_account', |
|
| 31 |
to=settings.AUTH_USER_MODEL, |
|
| 32 |
verbose_name='utilisateur', |
|
| 33 |
), |
|
| 34 |
), |
|
| 35 |
], |
|
| 36 |
), |
|
| 37 |
] |
|
| 0 |
- |
|