0001-ldap-record-users-ldap-accounts-51211.patch
src/authentic2/backends/__init__.py | ||
---|---|---|
42 | 42 |
if not app_settings.A2_USER_FILTER and not app_settings.A2_USER_EXCLUDE: |
43 | 43 |
return True |
44 | 44 |
return get_user_queryset().filter(pk=user.pk).exists() |
45 | ||
46 | ||
47 |
from .ldap_backend import LDAPBackend # noqa: F401 |
|
48 |
from .models_backend import ModelBackend # noqa: F401 |
src/authentic2/backends/apps.py | ||
---|---|---|
1 |
# authentic2 - versatile identity manager |
|
2 |
# Copyright (C) 2010-2021 Entr'ouvert |
|
3 |
# |
|
4 |
# This program is free software: you can redistribute it and/or modify it |
|
5 |
# under the terms of the GNU Affero General Public License as published |
|
6 |
# by the Free Software Foundation, either version 3 of the License, or |
|
7 |
# (at your option) any later version. |
|
8 |
# |
|
9 |
# This program is distributed in the hope that it will be useful, |
|
10 |
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
11 |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
12 |
# GNU Affero General Public License for more details. |
|
13 |
# |
|
14 |
# You should have received a copy of the GNU Affero General Public License |
|
15 |
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
16 | ||
17 |
import django.apps |
|
18 |
from django import template |
|
19 | ||
20 | ||
21 |
class AppConfig(django.apps.AppConfig): |
|
22 |
name = 'authentic2.backends' |
|
23 |
verbose_name = _('Backends') |
|
24 | ||
25 |
def a2_hook_manager_user_data(self, view, user): |
|
26 |
context = {'user': user} |
|
27 |
return [ |
|
28 |
template.loader.get_template('authentic2_auth_oidc/manager_user_sidebar.html').render(context) |
|
29 |
] |
src/authentic2/backends/ldap_backend.py | ||
---|---|---|
44 | 44 |
from django.contrib.auth.models import Group |
45 | 45 |
from django.core.cache import cache |
46 | 46 |
from django.core.exceptions import ImproperlyConfigured |
47 |
from django.db import models |
|
47 | 48 |
from django.utils.encoding import force_bytes, force_text |
48 | 49 |
from django.utils.translation import ngettext |
49 | 50 |
from django.utils.translation import ugettext as _ |
... | ... | |
1472 | 1473 |
def _return_django_user(self, dn, username, password, conn, block, attributes): |
1473 | 1474 |
from authentic2.manager.journal_event_types import ManagerUserActivation |
1474 | 1475 | |
1476 |
ldap_uri = conn.get_option(ldap.OPT_URI) |
|
1475 | 1477 |
user = self.lookup_existing_user(username, block, attributes) |
1476 | 1478 |
if user: |
1477 | 1479 |
log.debug('found existing user %r', user) |
1480 |
LDAPAccount.objects.get_or_create(user=user, origin=ldap_uri) |
|
1478 | 1481 |
else: |
1479 | 1482 |
user = LDAPUser(username=username) |
1480 | 1483 |
user.set_unusable_password() |
... | ... | |
1483 | 1486 |
self.populate_user(user, dn, username, conn, block, attributes) |
1484 | 1487 |
if not user.pk or getattr(user, '_changed', False): |
1485 | 1488 |
user.save() |
1489 |
LDAPAccount.objects.update_or_create(user=user, origin=ldap_uri) |
|
1486 | 1490 | |
1487 | 1491 |
if not is_user_authenticable(user): |
1488 | 1492 |
return None |
... | ... | |
1875 | 1879 | |
1876 | 1880 |
LDAPUser.ldap_backend = LDAPBackend |
1877 | 1881 |
LDAPBackendPasswordLost.ldap_backend = LDAPBackend |
1882 | ||
1883 | ||
1884 |
class LDAPAccount(models.Model): |
|
1885 |
created = models.DateTimeField(verbose_name=_('created'), auto_now_add=True) |
|
1886 |
modified = models.DateTimeField(verbose_name=_('modified'), auto_now=True) |
|
1887 |
origin = models.CharField(verbose_name=_('server url'), max_length=256) |
|
1888 |
user = models.OneToOneField( |
|
1889 |
to=settings.AUTH_USER_MODEL, |
|
1890 |
verbose_name=_('user'), |
|
1891 |
related_name='ldap_account', |
|
1892 |
on_delete=models.CASCADE, |
|
1893 |
) |
src/authentic2/backends/templates/authentic2/backends/manager_user_sidebar.html | ||
---|---|---|
1 |
{% load i18n %} |
|
2 |
{% if user.ldap_account %} |
|
3 |
<p> |
|
4 |
{% blocktrans trimmed with modified=user.ldap_account.modified origin=user.ldap_account.origin %} |
|
5 |
Linked with LDAP server {{ name }} (last modified on {{ modified }}). |
|
6 |
{% endblocktrans %} |
|
7 |
</p> |
|
8 |
{% endif %} |
src/authentic2/migrations/0034_ldapaccount.py | ||
---|---|---|
1 |
# Generated by Django 2.2.19 on 2021-07-07 14:15 |
|
2 | ||
3 |
import django.db.models.deletion |
|
4 |
from django.conf import settings |
|
5 |
from django.db import migrations, models |
|
6 | ||
7 | ||
8 |
class Migration(migrations.Migration): |
|
9 | ||
10 |
dependencies = [ |
|
11 |
migrations.swappable_dependency(settings.AUTH_USER_MODEL), |
|
12 |
('authentic2', '0033_recreate_immutable_unaccent'), |
|
13 |
] |
|
14 | ||
15 |
operations = [ |
|
16 |
migrations.CreateModel( |
|
17 |
name='LDAPAccount', |
|
18 |
fields=[ |
|
19 |
( |
|
20 |
'id', |
|
21 |
models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'), |
|
22 |
), |
|
23 |
('created', models.DateTimeField(auto_now_add=True, verbose_name='création')), |
|
24 |
('modified', models.DateTimeField(auto_now=True, verbose_name='modifié')), |
|
25 |
('origin', models.CharField(max_length=256, verbose_name='server url')), |
|
26 |
( |
|
27 |
'user', |
|
28 |
models.OneToOneField( |
|
29 |
on_delete=django.db.models.deletion.CASCADE, |
|
30 |
related_name='ldap_account', |
|
31 |
to=settings.AUTH_USER_MODEL, |
|
32 |
verbose_name='utilisateur', |
|
33 |
), |
|
34 |
), |
|
35 |
], |
|
36 |
), |
|
37 |
] |
|
0 |
- |