jumpserver/apps/authentication/backends/custom.py

from django.conf import settings
from django.utils.module_loading import import_string
from common.utils import get_logger
from django.contrib.auth import get_user_model
from authentication.signals import user_auth_failed, user_auth_success

from .base import JMSModelBackend

logger = get_logger(__file__)

custom_authenticate_method = None

if settings.AUTH_CUSTOM:
    """ 保证自定义认证方法在服务运行时不能被更改，只在第一次调用时加载一次 """
    try:
        custom_auth_method_path = 'data.auth.main.authenticate'
        custom_authenticate_method = import_string(custom_auth_method_path)
    except Exception as e:
        logger.warning('Import custom auth method failed: {}, Maybe not enabled'.format(e))


class CustomAuthBackend(JMSModelBackend):

    def is_enabled(self):
        return settings.AUTH_CUSTOM and callable(custom_authenticate_method)

    @staticmethod
    def get_or_create_user_from_userinfo(userinfo: dict):
        username = userinfo['username']
        attrs = ['name', 'username', 'email', 'is_active']
        defaults = {attr: userinfo[attr] for attr in attrs}
        user, created = get_user_model().objects.get_or_create(
            username=username, defaults=defaults
        )
        return user, created

    def authenticate(self, request, username=None, password=None, **kwargs):
        try:
            userinfo: dict = custom_authenticate_method(
                username=username, password=password, **kwargs
            )
            user, created = self.get_or_create_user_from_userinfo(userinfo)
        except Exception as e:
            logger.error('Custom authenticate error: {}'.format(e))
            return None

        if self.user_can_authenticate(user):
            logger.info(f'Custom authenticate success: {user.username}')
            user_auth_success.send(
                sender=self.__class__, request=request, user=user,
                backend=settings.AUTH_BACKEND_CUSTOM
            )
            return user
        else:
            logger.info(f'Custom authenticate failed: {user.username}')
            user_auth_failed.send(
                sender=self.__class__, request=request, username=user.username,
                reason=_('User invalid, disabled or expired'),
                backend=settings.AUTH_BACKEND_CUSTOM
            )
            return None
feat: 支持自定义认证 backend；统一其他认证方式的信号触发逻辑； 2 years ago			`from django.conf import settings`
			`from django.utils.module_loading import import_string`
			`from common.utils import get_logger`
			`from django.contrib.auth import get_user_model`
			`from authentication.signals import user_auth_failed, user_auth_success`

			`from .base import JMSModelBackend`

			`logger = get_logger(__file__)`

perf: 优化 custom 认证模块加载逻辑，判断MD5值，启动时只加载一次 2 years ago			`custom_authenticate_method = None`
feat: 支持自定义认证 backend；统一其他认证方式的信号触发逻辑； 2 years ago
perf: 优化 custom 认证模块加载逻辑，判断MD5值，启动时只加载一次 2 years ago			`if settings.AUTH_CUSTOM:`
			`""" 保证自定义认证方法在服务运行时不能被更改，只在第一次调用时加载一次 """`
			`try:`
			`custom_auth_method_path = 'data.auth.main.authenticate'`
			`custom_authenticate_method = import_string(custom_auth_method_path)`
			`except Exception as e:`
			`logger.warning('Import custom auth method failed: {}, Maybe not enabled'.format(e))`
feat: 支持自定义认证 backend；统一其他认证方式的信号触发逻辑； 2 years ago
perf: 优化 custom 认证模块加载逻辑，判断MD5值，启动时只加载一次 2 years ago
			`class CustomAuthBackend(JMSModelBackend):`
feat: 支持自定义认证 backend；统一其他认证方式的信号触发逻辑； 2 years ago
feat: 支持自定义认证 backend；统一其他认证方式的信号触发逻辑； 2 years ago			`def is_enabled(self):`
perf: 优化 custom 认证模块加载逻辑，判断MD5值，启动时只加载一次 2 years ago			`return settings.AUTH_CUSTOM and callable(custom_authenticate_method)`
feat: 支持自定义认证 backend；统一其他认证方式的信号触发逻辑； 2 years ago
			`@staticmethod`
			`def get_or_create_user_from_userinfo(userinfo: dict):`
			`username = userinfo['username']`
feat: 支持自定义认证 backend；统一其他认证方式的信号触发逻辑； 2 years ago			`attrs = ['name', 'username', 'email', 'is_active']`
feat: 支持自定义认证 backend；统一其他认证方式的信号触发逻辑； 2 years ago			`defaults = {attr: userinfo[attr] for attr in attrs}`
			`user, created = get_user_model().objects.get_or_create(`
			`username=username, defaults=defaults`
			`)`
			`return user, created`

			`def authenticate(self, request, username=None, password=None, **kwargs):`
			`try:`
perf: 优化 custom 认证模块加载逻辑，判断MD5值，启动时只加载一次 2 years ago			`userinfo: dict = custom_authenticate_method(`
			`username=username, password=password, **kwargs`
			`)`
feat: 支持自定义认证 backend；统一其他认证方式的信号触发逻辑； 2 years ago			`user, created = self.get_or_create_user_from_userinfo(userinfo)`
			`except Exception as e:`
			`logger.error('Custom authenticate error: {}'.format(e))`
			`return None`

			`if self.user_can_authenticate(user):`
			`logger.info(f'Custom authenticate success: {user.username}')`
			`user_auth_success.send(`
			`sender=self.__class__, request=request, user=user,`
			`backend=settings.AUTH_BACKEND_CUSTOM`
			`)`
			`return user`
			`else:`
			`logger.info(f'Custom authenticate failed: {user.username}')`
			`user_auth_failed.send(`
			`sender=self.__class__, request=request, username=user.username,`
			`reason=_('User invalid, disabled or expired'),`
			`backend=settings.AUTH_BACKEND_CUSTOM`
			`)`
			`return None`