mirror of https://github.com/jumpserver/jumpserver
fix: fixed an issue where auth backend could pass inspect
parent
3796af78a6
commit
817957dbac
|
@ -5,7 +5,7 @@ from django.utils.translation import gettext_lazy as _
|
|||
|
||||
from authentication.signals import user_auth_failed, user_auth_success
|
||||
from common.utils import get_logger
|
||||
from .base import JMSModelBackend
|
||||
from .base import JMSBaseAuthBackend
|
||||
|
||||
logger = get_logger(__file__)
|
||||
|
||||
|
@ -20,9 +20,10 @@ if settings.AUTH_CUSTOM:
|
|||
logger.warning('Import custom auth method failed: {}, Maybe not enabled'.format(e))
|
||||
|
||||
|
||||
class CustomAuthBackend(JMSModelBackend):
|
||||
class CustomAuthBackend(JMSBaseAuthBackend):
|
||||
|
||||
def is_enabled(self):
|
||||
@staticmethod
|
||||
def is_enabled():
|
||||
return settings.AUTH_CUSTOM and callable(custom_authenticate_method)
|
||||
|
||||
@staticmethod
|
||||
|
@ -35,10 +36,10 @@ class CustomAuthBackend(JMSModelBackend):
|
|||
)
|
||||
return user, created
|
||||
|
||||
def authenticate(self, request, username=None, password=None, **kwargs):
|
||||
def authenticate(self, request, username=None, password=None):
|
||||
try:
|
||||
userinfo: dict = custom_authenticate_method(
|
||||
username=username, password=password, **kwargs
|
||||
username=username, password=password
|
||||
)
|
||||
user, created = self.get_or_create_user_from_userinfo(userinfo)
|
||||
except Exception as e:
|
||||
|
|
|
@ -18,7 +18,7 @@ from common.exceptions import JMSException
|
|||
from .signals import (
|
||||
oauth2_create_or_update_user
|
||||
)
|
||||
from ..base import JMSModelBackend
|
||||
from ..base import JMSBaseAuthBackend
|
||||
|
||||
|
||||
__all__ = ['OAuth2Backend']
|
||||
|
@ -26,7 +26,7 @@ __all__ = ['OAuth2Backend']
|
|||
logger = get_logger(__name__)
|
||||
|
||||
|
||||
class OAuth2Backend(JMSModelBackend):
|
||||
class OAuth2Backend(JMSBaseAuthBackend):
|
||||
@staticmethod
|
||||
def is_enabled():
|
||||
return settings.AUTH_OAUTH2
|
||||
|
@ -68,7 +68,7 @@ class OAuth2Backend(JMSModelBackend):
|
|||
response_data = response_data['data']
|
||||
return response_data
|
||||
|
||||
def authenticate(self, request, code=None, **kwargs):
|
||||
def authenticate(self, request, code=None):
|
||||
log_prompt = "Process authenticate [OAuth2Backend]: {}"
|
||||
logger.debug(log_prompt.format('Start'))
|
||||
if code is None:
|
||||
|
|
|
@ -86,7 +86,7 @@ class OIDCAuthCodeBackend(OIDCBaseBackend):
|
|||
"""
|
||||
|
||||
@ssl_verification
|
||||
def authenticate(self, request, nonce=None, code_verifier=None, **kwargs):
|
||||
def authenticate(self, request, nonce=None, code_verifier=None):
|
||||
""" Authenticates users in case of the OpenID Connect Authorization code flow. """
|
||||
log_prompt = "Process authenticate [OIDCAuthCodeBackend]: {}"
|
||||
logger.debug(log_prompt.format('start'))
|
||||
|
@ -233,15 +233,15 @@ class OIDCAuthCodeBackend(OIDCBaseBackend):
|
|||
class OIDCAuthPasswordBackend(OIDCBaseBackend):
|
||||
|
||||
@ssl_verification
|
||||
def authenticate(self, request, username=None, password=None, **kwargs):
|
||||
def authenticate(self, request, username=None, password=None):
|
||||
try:
|
||||
return self._authenticate(request, username, password, **kwargs)
|
||||
return self._authenticate(request, username, password)
|
||||
except Exception as e:
|
||||
error = f'Authenticate exception: {e}'
|
||||
logger.error(error, exc_info=True)
|
||||
return
|
||||
|
||||
def _authenticate(self, request, username=None, password=None, **kwargs):
|
||||
def _authenticate(self, request, username=None, password=None):
|
||||
"""
|
||||
https://oauth.net/2/
|
||||
https://aaronparecki.com/oauth-2-simplified/#password
|
||||
|
|
|
@ -4,7 +4,9 @@
|
|||
import warnings
|
||||
import contextlib
|
||||
import requests
|
||||
import inspect
|
||||
|
||||
from functools import wraps
|
||||
from django.conf import settings
|
||||
from urllib3.exceptions import InsecureRequestWarning
|
||||
|
||||
|
@ -52,6 +54,7 @@ def no_ssl_verification():
|
|||
|
||||
|
||||
def ssl_verification(func):
|
||||
@wraps(func)
|
||||
def wrapper(*args, **kwargs):
|
||||
if not settings.AUTH_OPENID_IGNORE_SSL_VERIFICATION:
|
||||
return func(*args, **kwargs)
|
||||
|
|
|
@ -51,10 +51,10 @@ class RadiusBaseBackend(CreateUserMixin, JMSBaseAuthBackend):
|
|||
|
||||
|
||||
class RadiusBackend(RadiusBaseBackend, RADIUSBackend):
|
||||
def authenticate(self, request, username='', password='', **kwargs):
|
||||
def authenticate(self, request, username='', password=''):
|
||||
return super().authenticate(request, username=username, password=password)
|
||||
|
||||
|
||||
class RadiusRealmBackend(RadiusBaseBackend, RADIUSRealmBackend):
|
||||
def authenticate(self, request, username='', password='', realm=None, **kwargs):
|
||||
def authenticate(self, request, username='', password='', realm=None):
|
||||
return super().authenticate(request, username=username, password=password, realm=realm)
|
||||
|
|
|
@ -10,14 +10,14 @@ from .signals import (
|
|||
saml2_create_or_update_user
|
||||
)
|
||||
from authentication.signals import user_auth_failed, user_auth_success
|
||||
from ..base import JMSModelBackend
|
||||
from ..base import JMSBaseAuthBackend
|
||||
|
||||
__all__ = ['SAML2Backend']
|
||||
|
||||
logger = get_logger(__name__)
|
||||
|
||||
|
||||
class SAML2Backend(JMSModelBackend):
|
||||
class SAML2Backend(JMSBaseAuthBackend):
|
||||
@staticmethod
|
||||
def is_enabled():
|
||||
return settings.AUTH_SAML2
|
||||
|
@ -42,7 +42,7 @@ class SAML2Backend(JMSModelBackend):
|
|||
)
|
||||
return user, created
|
||||
|
||||
def authenticate(self, request, saml_user_data=None, **kwargs):
|
||||
def authenticate(self, request, saml_user_data=None):
|
||||
log_prompt = "Process authenticate [SAML2Backend]: {}"
|
||||
logger.debug(log_prompt.format('Start'))
|
||||
if saml_user_data is None:
|
||||
|
|
|
@ -1,57 +1,41 @@
|
|||
from django.conf import settings
|
||||
|
||||
from .base import JMSModelBackend
|
||||
from .base import JMSBaseAuthBackend
|
||||
|
||||
|
||||
class SSOAuthentication(JMSModelBackend):
|
||||
"""
|
||||
什么也不做呀😺
|
||||
"""
|
||||
|
||||
class SSOAuthentication(JMSBaseAuthBackend):
|
||||
@staticmethod
|
||||
def is_enabled():
|
||||
return settings.AUTH_SSO
|
||||
|
||||
def authenticate(self, request, sso_token=None, **kwargs):
|
||||
def authenticate(self):
|
||||
pass
|
||||
|
||||
|
||||
class WeComAuthentication(JMSModelBackend):
|
||||
"""
|
||||
什么也不做呀😺
|
||||
"""
|
||||
|
||||
class WeComAuthentication(JMSBaseAuthBackend):
|
||||
@staticmethod
|
||||
def is_enabled():
|
||||
return settings.AUTH_WECOM
|
||||
|
||||
def authenticate(self, request, **kwargs):
|
||||
def authenticate(self):
|
||||
pass
|
||||
|
||||
|
||||
class DingTalkAuthentication(JMSModelBackend):
|
||||
"""
|
||||
什么也不做呀😺
|
||||
"""
|
||||
|
||||
class DingTalkAuthentication(JMSBaseAuthBackend):
|
||||
@staticmethod
|
||||
def is_enabled():
|
||||
return settings.AUTH_DINGTALK
|
||||
|
||||
def authenticate(self, request, **kwargs):
|
||||
def authenticate(self):
|
||||
pass
|
||||
|
||||
|
||||
class FeiShuAuthentication(JMSModelBackend):
|
||||
"""
|
||||
什么也不做呀😺
|
||||
"""
|
||||
|
||||
class FeiShuAuthentication(JMSBaseAuthBackend):
|
||||
@staticmethod
|
||||
def is_enabled():
|
||||
return settings.AUTH_FEISHU
|
||||
|
||||
def authenticate(self, request, **kwargs):
|
||||
def authenticate(self):
|
||||
pass
|
||||
|
||||
|
||||
|
@ -61,23 +45,15 @@ class LarkAuthentication(FeiShuAuthentication):
|
|||
return settings.AUTH_LARK
|
||||
|
||||
|
||||
class SlackAuthentication(JMSModelBackend):
|
||||
"""
|
||||
什么也不做呀😺
|
||||
"""
|
||||
|
||||
class SlackAuthentication(JMSBaseAuthBackend):
|
||||
@staticmethod
|
||||
def is_enabled():
|
||||
return settings.AUTH_SLACK
|
||||
|
||||
def authenticate(self, request, **kwargs):
|
||||
def authenticate(self):
|
||||
pass
|
||||
|
||||
|
||||
class AuthorizationTokenAuthentication(JMSModelBackend):
|
||||
"""
|
||||
什么也不做呀😺
|
||||
"""
|
||||
|
||||
def authenticate(self, request, **kwargs):
|
||||
class AuthorizationTokenAuthentication(JMSBaseAuthBackend):
|
||||
def authenticate(self):
|
||||
pass
|
||||
|
|
|
@ -3,13 +3,17 @@ from django.conf import settings
|
|||
from django.core.exceptions import PermissionDenied
|
||||
|
||||
from authentication.models import TempToken
|
||||
from .base import JMSModelBackend
|
||||
from .base import JMSBaseAuthBackend
|
||||
|
||||
|
||||
class TempTokenAuthBackend(JMSModelBackend):
|
||||
class TempTokenAuthBackend(JMSBaseAuthBackend):
|
||||
model = TempToken
|
||||
|
||||
def authenticate(self, request, username='', password='', *args, **kwargs):
|
||||
@staticmethod
|
||||
def is_enabled():
|
||||
return settings.AUTH_TEMP_TOKEN
|
||||
|
||||
def authenticate(self, request, username='', password=''):
|
||||
token = self.model.objects.filter(username=username, secret=password).first()
|
||||
if not token:
|
||||
return None
|
||||
|
@ -21,6 +25,3 @@ class TempTokenAuthBackend(JMSModelBackend):
|
|||
token.save()
|
||||
return token.user
|
||||
|
||||
@staticmethod
|
||||
def is_enabled():
|
||||
return settings.AUTH_TEMP_TOKEN
|
||||
|
|
|
@ -9,7 +9,7 @@ class RBACBackend(JMSBaseAuthBackend):
|
|||
def is_enabled():
|
||||
return True
|
||||
|
||||
def authenticate(self, *args, **kwargs):
|
||||
def authenticate(self):
|
||||
return None
|
||||
|
||||
def username_allow_authenticate(self, username):
|
||||
|
|
Loading…
Reference in New Issue