fix: fixed an issue where auth backend could pass inspect

pull/14620/head
Bai 2024-12-09 14:13:44 +08:00 committed by 老广
parent 3796af78a6
commit 817957dbac
9 changed files with 42 additions and 61 deletions

View File

@ -5,7 +5,7 @@ from django.utils.translation import gettext_lazy as _
from authentication.signals import user_auth_failed, user_auth_success
from common.utils import get_logger
from .base import JMSModelBackend
from .base import JMSBaseAuthBackend
logger = get_logger(__file__)
@ -20,9 +20,10 @@ if settings.AUTH_CUSTOM:
logger.warning('Import custom auth method failed: {}, Maybe not enabled'.format(e))
class CustomAuthBackend(JMSModelBackend):
class CustomAuthBackend(JMSBaseAuthBackend):
def is_enabled(self):
@staticmethod
def is_enabled():
return settings.AUTH_CUSTOM and callable(custom_authenticate_method)
@staticmethod
@ -35,10 +36,10 @@ class CustomAuthBackend(JMSModelBackend):
)
return user, created
def authenticate(self, request, username=None, password=None, **kwargs):
def authenticate(self, request, username=None, password=None):
try:
userinfo: dict = custom_authenticate_method(
username=username, password=password, **kwargs
username=username, password=password
)
user, created = self.get_or_create_user_from_userinfo(userinfo)
except Exception as e:

View File

@ -18,7 +18,7 @@ from common.exceptions import JMSException
from .signals import (
oauth2_create_or_update_user
)
from ..base import JMSModelBackend
from ..base import JMSBaseAuthBackend
__all__ = ['OAuth2Backend']
@ -26,7 +26,7 @@ __all__ = ['OAuth2Backend']
logger = get_logger(__name__)
class OAuth2Backend(JMSModelBackend):
class OAuth2Backend(JMSBaseAuthBackend):
@staticmethod
def is_enabled():
return settings.AUTH_OAUTH2
@ -68,7 +68,7 @@ class OAuth2Backend(JMSModelBackend):
response_data = response_data['data']
return response_data
def authenticate(self, request, code=None, **kwargs):
def authenticate(self, request, code=None):
log_prompt = "Process authenticate [OAuth2Backend]: {}"
logger.debug(log_prompt.format('Start'))
if code is None:

View File

@ -86,7 +86,7 @@ class OIDCAuthCodeBackend(OIDCBaseBackend):
"""
@ssl_verification
def authenticate(self, request, nonce=None, code_verifier=None, **kwargs):
def authenticate(self, request, nonce=None, code_verifier=None):
""" Authenticates users in case of the OpenID Connect Authorization code flow. """
log_prompt = "Process authenticate [OIDCAuthCodeBackend]: {}"
logger.debug(log_prompt.format('start'))
@ -233,15 +233,15 @@ class OIDCAuthCodeBackend(OIDCBaseBackend):
class OIDCAuthPasswordBackend(OIDCBaseBackend):
@ssl_verification
def authenticate(self, request, username=None, password=None, **kwargs):
def authenticate(self, request, username=None, password=None):
try:
return self._authenticate(request, username, password, **kwargs)
return self._authenticate(request, username, password)
except Exception as e:
error = f'Authenticate exception: {e}'
logger.error(error, exc_info=True)
return
def _authenticate(self, request, username=None, password=None, **kwargs):
def _authenticate(self, request, username=None, password=None):
"""
https://oauth.net/2/
https://aaronparecki.com/oauth-2-simplified/#password

View File

@ -4,7 +4,9 @@
import warnings
import contextlib
import requests
import inspect
from functools import wraps
from django.conf import settings
from urllib3.exceptions import InsecureRequestWarning
@ -52,6 +54,7 @@ def no_ssl_verification():
def ssl_verification(func):
@wraps(func)
def wrapper(*args, **kwargs):
if not settings.AUTH_OPENID_IGNORE_SSL_VERIFICATION:
return func(*args, **kwargs)

View File

@ -51,10 +51,10 @@ class RadiusBaseBackend(CreateUserMixin, JMSBaseAuthBackend):
class RadiusBackend(RadiusBaseBackend, RADIUSBackend):
def authenticate(self, request, username='', password='', **kwargs):
def authenticate(self, request, username='', password=''):
return super().authenticate(request, username=username, password=password)
class RadiusRealmBackend(RadiusBaseBackend, RADIUSRealmBackend):
def authenticate(self, request, username='', password='', realm=None, **kwargs):
def authenticate(self, request, username='', password='', realm=None):
return super().authenticate(request, username=username, password=password, realm=realm)

View File

@ -10,14 +10,14 @@ from .signals import (
saml2_create_or_update_user
)
from authentication.signals import user_auth_failed, user_auth_success
from ..base import JMSModelBackend
from ..base import JMSBaseAuthBackend
__all__ = ['SAML2Backend']
logger = get_logger(__name__)
class SAML2Backend(JMSModelBackend):
class SAML2Backend(JMSBaseAuthBackend):
@staticmethod
def is_enabled():
return settings.AUTH_SAML2
@ -42,7 +42,7 @@ class SAML2Backend(JMSModelBackend):
)
return user, created
def authenticate(self, request, saml_user_data=None, **kwargs):
def authenticate(self, request, saml_user_data=None):
log_prompt = "Process authenticate [SAML2Backend]: {}"
logger.debug(log_prompt.format('Start'))
if saml_user_data is None:

View File

@ -1,57 +1,41 @@
from django.conf import settings
from .base import JMSModelBackend
from .base import JMSBaseAuthBackend
class SSOAuthentication(JMSModelBackend):
"""
什么也不做呀😺
"""
class SSOAuthentication(JMSBaseAuthBackend):
@staticmethod
def is_enabled():
return settings.AUTH_SSO
def authenticate(self, request, sso_token=None, **kwargs):
def authenticate(self):
pass
class WeComAuthentication(JMSModelBackend):
"""
什么也不做呀😺
"""
class WeComAuthentication(JMSBaseAuthBackend):
@staticmethod
def is_enabled():
return settings.AUTH_WECOM
def authenticate(self, request, **kwargs):
def authenticate(self):
pass
class DingTalkAuthentication(JMSModelBackend):
"""
什么也不做呀😺
"""
class DingTalkAuthentication(JMSBaseAuthBackend):
@staticmethod
def is_enabled():
return settings.AUTH_DINGTALK
def authenticate(self, request, **kwargs):
def authenticate(self):
pass
class FeiShuAuthentication(JMSModelBackend):
"""
什么也不做呀😺
"""
class FeiShuAuthentication(JMSBaseAuthBackend):
@staticmethod
def is_enabled():
return settings.AUTH_FEISHU
def authenticate(self, request, **kwargs):
def authenticate(self):
pass
@ -61,23 +45,15 @@ class LarkAuthentication(FeiShuAuthentication):
return settings.AUTH_LARK
class SlackAuthentication(JMSModelBackend):
"""
什么也不做呀😺
"""
class SlackAuthentication(JMSBaseAuthBackend):
@staticmethod
def is_enabled():
return settings.AUTH_SLACK
def authenticate(self, request, **kwargs):
def authenticate(self):
pass
class AuthorizationTokenAuthentication(JMSModelBackend):
"""
什么也不做呀😺
"""
def authenticate(self, request, **kwargs):
class AuthorizationTokenAuthentication(JMSBaseAuthBackend):
def authenticate(self):
pass

View File

@ -3,13 +3,17 @@ from django.conf import settings
from django.core.exceptions import PermissionDenied
from authentication.models import TempToken
from .base import JMSModelBackend
from .base import JMSBaseAuthBackend
class TempTokenAuthBackend(JMSModelBackend):
class TempTokenAuthBackend(JMSBaseAuthBackend):
model = TempToken
def authenticate(self, request, username='', password='', *args, **kwargs):
@staticmethod
def is_enabled():
return settings.AUTH_TEMP_TOKEN
def authenticate(self, request, username='', password=''):
token = self.model.objects.filter(username=username, secret=password).first()
if not token:
return None
@ -21,6 +25,3 @@ class TempTokenAuthBackend(JMSModelBackend):
token.save()
return token.user
@staticmethod
def is_enabled():
return settings.AUTH_TEMP_TOKEN

View File

@ -9,7 +9,7 @@ class RBACBackend(JMSBaseAuthBackend):
def is_enabled():
return True
def authenticate(self, *args, **kwargs):
def authenticate(self):
return None
def username_allow_authenticate(self, username):