2018-02-27 04:18:36 +00:00
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
#
|
2020-04-26 12:36:17 +00:00
|
|
|
from django.conf import settings
|
2021-05-17 11:32:12 +00:00
|
|
|
from django.db.models.signals import post_save
|
2023-02-08 02:14:09 +00:00
|
|
|
from django.dispatch import receiver
|
2023-05-12 09:22:18 +00:00
|
|
|
from django.utils.translation import ugettext_lazy as _
|
2023-02-08 02:14:09 +00:00
|
|
|
from django_auth_ldap.backend import populate_user
|
|
|
|
from django_cas_ng.signals import cas_user_authenticated
|
2018-02-27 04:18:36 +00:00
|
|
|
|
2023-02-08 02:14:09 +00:00
|
|
|
from authentication.backends.oauth2.signals import oauth2_create_or_update_user
|
2022-02-25 11:23:59 +00:00
|
|
|
from authentication.backends.oidc.signals import openid_create_or_update_user
|
2021-12-09 07:47:21 +00:00
|
|
|
from authentication.backends.saml2.signals import saml2_create_or_update_user
|
2023-02-08 02:14:09 +00:00
|
|
|
from common.decorators import on_transaction_commit
|
2018-02-27 04:18:36 +00:00
|
|
|
from common.utils import get_logger
|
2023-05-12 09:22:18 +00:00
|
|
|
from jumpserver.utils import get_current_request
|
2021-05-17 11:32:12 +00:00
|
|
|
from .models import User, UserPasswordHistory
|
2023-02-08 02:14:09 +00:00
|
|
|
from .signals import post_user_create
|
2020-04-26 12:36:17 +00:00
|
|
|
|
2018-02-27 04:18:36 +00:00
|
|
|
logger = get_logger(__file__)
|
|
|
|
|
|
|
|
|
2023-05-12 10:11:10 +00:00
|
|
|
def check_only_allow_exist_user_auth(created):
|
2021-12-09 07:47:21 +00:00
|
|
|
if created and settings.ONLY_ALLOW_EXIST_USER_AUTH:
|
2023-05-12 09:22:18 +00:00
|
|
|
request = get_current_request()
|
|
|
|
request.user_need_delete = True
|
|
|
|
request.error_message = _(
|
|
|
|
'''The administrator has enabled "Only allow existing users to log in",
|
|
|
|
and the current user is not in the user list. Please contact the administrator.'''
|
|
|
|
)
|
|
|
|
return False
|
|
|
|
return True
|
|
|
|
|
|
|
|
|
|
|
|
def user_authenticated_handle(user, created, source, attrs=None, **kwargs):
|
2021-12-09 07:47:21 +00:00
|
|
|
if created:
|
|
|
|
user.source = source
|
|
|
|
user.save()
|
2022-03-17 06:08:16 +00:00
|
|
|
|
2023-05-17 03:11:39 +00:00
|
|
|
if not check_only_allow_exist_user_auth(created):
|
|
|
|
return
|
|
|
|
|
2022-08-04 06:40:33 +00:00
|
|
|
if not attrs:
|
|
|
|
return
|
|
|
|
|
|
|
|
always_update = getattr(settings, 'AUTH_%s_ALWAYS_UPDATE_USER' % source.upper(), False)
|
|
|
|
if not created and always_update:
|
2021-12-09 07:47:21 +00:00
|
|
|
attr_whitelist = ('user', 'username', 'email', 'phone', 'comment')
|
|
|
|
logger.debug(
|
2022-08-04 06:40:33 +00:00
|
|
|
"Receive {} user updated signal: {}, "
|
2021-12-09 07:47:21 +00:00
|
|
|
"Update user info: {},"
|
|
|
|
"(Update only properties in the whitelist. [{}])"
|
2022-08-04 06:40:33 +00:00
|
|
|
"".format(source, user, str(attrs), ','.join(attr_whitelist))
|
2021-12-09 07:47:21 +00:00
|
|
|
)
|
2022-03-17 06:08:16 +00:00
|
|
|
for key, value in attrs.items():
|
|
|
|
if key in attr_whitelist and value:
|
|
|
|
setattr(user, key, value)
|
|
|
|
user.save()
|
2021-12-09 07:47:21 +00:00
|
|
|
|
|
|
|
|
2021-05-17 11:32:12 +00:00
|
|
|
@receiver(post_save, sender=User)
|
|
|
|
def save_passwd_change(sender, instance: User, **kwargs):
|
2023-02-08 02:14:09 +00:00
|
|
|
passwords = UserPasswordHistory.objects \
|
2022-03-17 06:08:16 +00:00
|
|
|
.filter(user=instance) \
|
2023-02-08 02:14:09 +00:00
|
|
|
.order_by('-date_created') \
|
2022-03-08 05:35:40 +00:00
|
|
|
.values_list('password', flat=True)
|
|
|
|
passwords = passwords[:int(settings.OLD_PASSWORD_HISTORY_LIMIT_COUNT)]
|
2021-05-17 11:32:12 +00:00
|
|
|
|
2022-03-08 05:35:40 +00:00
|
|
|
for p in passwords:
|
2021-05-17 11:32:12 +00:00
|
|
|
if instance.password == p:
|
|
|
|
break
|
|
|
|
else:
|
|
|
|
UserPasswordHistory.objects.create(
|
|
|
|
user=instance, password=instance.password,
|
|
|
|
date_created=instance.date_password_last_updated
|
|
|
|
)
|
|
|
|
|
|
|
|
|
2022-03-21 10:06:33 +00:00
|
|
|
def update_role_superuser_if_need(user):
|
|
|
|
if not user._update_superuser:
|
|
|
|
return
|
|
|
|
value = user._is_superuser
|
|
|
|
if value:
|
|
|
|
user.system_roles.add_role_system_admin()
|
|
|
|
else:
|
|
|
|
user.system_roles.remove_role_system_admin()
|
|
|
|
|
|
|
|
|
2022-03-17 06:08:16 +00:00
|
|
|
@receiver(post_save, sender=User)
|
|
|
|
@on_transaction_commit
|
|
|
|
def on_user_create_set_default_system_role(sender, instance, created, **kwargs):
|
2022-03-21 10:06:33 +00:00
|
|
|
update_role_superuser_if_need(instance)
|
2022-03-17 06:08:16 +00:00
|
|
|
if not created:
|
|
|
|
return
|
|
|
|
has_system_role = instance.system_roles.all().exists()
|
|
|
|
if not has_system_role:
|
|
|
|
logger.debug("Receive user create signal, set default role")
|
2022-03-21 08:40:14 +00:00
|
|
|
instance.system_roles.add_role_system_user()
|
2022-03-17 06:08:16 +00:00
|
|
|
|
|
|
|
|
2018-04-03 08:28:58 +00:00
|
|
|
@receiver(post_user_create)
|
|
|
|
def on_user_create(sender, user=None, **kwargs):
|
|
|
|
logger.debug("Receive user `{}` create signal".format(user.name))
|
|
|
|
from .utils import send_user_created_mail
|
|
|
|
logger.info(" - Sending welcome mail ...".format(user.name))
|
2020-03-13 04:33:09 +00:00
|
|
|
if user.can_send_created_mail():
|
2018-04-03 08:28:58 +00:00
|
|
|
send_user_created_mail(user)
|
2019-11-06 09:18:39 +00:00
|
|
|
|
|
|
|
|
2020-03-12 08:24:38 +00:00
|
|
|
@receiver(cas_user_authenticated)
|
|
|
|
def on_cas_user_authenticated(sender, user, created, **kwargs):
|
2021-12-09 07:47:21 +00:00
|
|
|
source = user.Source.cas.value
|
|
|
|
user_authenticated_handle(user, created, source)
|
|
|
|
|
|
|
|
|
|
|
|
@receiver(saml2_create_or_update_user)
|
|
|
|
def on_saml2_create_or_update_user(sender, user, created, attrs, **kwargs):
|
|
|
|
source = user.Source.saml2.value
|
|
|
|
user_authenticated_handle(user, created, source, attrs, **kwargs)
|
2020-04-26 12:36:17 +00:00
|
|
|
|
|
|
|
|
2022-08-04 06:40:33 +00:00
|
|
|
@receiver(oauth2_create_or_update_user)
|
|
|
|
def on_oauth2_create_or_update_user(sender, user, created, attrs, **kwargs):
|
|
|
|
source = user.Source.oauth2.value
|
|
|
|
user_authenticated_handle(user, created, source, attrs, **kwargs)
|
|
|
|
|
|
|
|
|
2020-04-26 12:36:17 +00:00
|
|
|
@receiver(populate_user)
|
|
|
|
def on_ldap_create_user(sender, user, ldap_user, **kwargs):
|
|
|
|
if user and user.username not in ['admin']:
|
|
|
|
exists = User.objects.filter(username=user.username).exists()
|
|
|
|
if not exists:
|
2020-12-09 10:43:13 +00:00
|
|
|
user.source = user.Source.ldap.value
|
2020-04-26 12:36:17 +00:00
|
|
|
user.save()
|
|
|
|
|
|
|
|
|
2020-04-28 14:29:56 +00:00
|
|
|
@receiver(openid_create_or_update_user)
|
|
|
|
def on_openid_create_or_update_user(sender, request, user, created, name, username, email, **kwargs):
|
2020-04-28 13:00:22 +00:00
|
|
|
if created:
|
2020-04-28 16:43:54 +00:00
|
|
|
logger.debug(
|
|
|
|
"Receive OpenID user created signal: {}, "
|
2020-12-09 10:43:13 +00:00
|
|
|
"Set user source is: {}".format(user, User.Source.openid.value)
|
2020-04-28 16:43:54 +00:00
|
|
|
)
|
2020-12-09 10:43:13 +00:00
|
|
|
user.source = User.Source.openid.value
|
2020-04-28 13:00:22 +00:00
|
|
|
user.save()
|
2023-05-17 11:05:28 +00:00
|
|
|
|
|
|
|
if not check_only_allow_exist_user_auth(created):
|
|
|
|
return
|
|
|
|
|
|
|
|
if not created and settings.AUTH_OPENID_ALWAYS_UPDATE_USER:
|
2020-04-28 16:43:54 +00:00
|
|
|
logger.debug(
|
|
|
|
"Receive OpenID user updated signal: {}, "
|
|
|
|
"Update user info: {}"
|
|
|
|
"".format(user, "name: {}|username: {}|email: {}".format(name, username, email))
|
|
|
|
)
|
2020-04-28 13:00:22 +00:00
|
|
|
user.name = name
|
|
|
|
user.username = username
|
|
|
|
user.email = email
|
|
|
|
user.save()
|