diff --git a/apps/authentication/views/login.py b/apps/authentication/views/login.py index e4955e289..084004a3a 100644 --- a/apps/authentication/views/login.py +++ b/apps/authentication/views/login.py @@ -66,10 +66,12 @@ class UserLoginView(mixins.AuthMixin, FormView): return None login_redirect = settings.LOGIN_REDIRECT_TO_BACKEND.lower() - if login_redirect == ['CAS', 'cas'] and cas_auth_url: + if login_redirect in ['cas'] and cas_auth_url: auth_url = cas_auth_url - else: + elif login_redirect in ['openid', 'oidc'] and openid_auth_url: auth_url = openid_auth_url + else: + auth_url = openid_auth_url or cas_auth_url if settings.LOGIN_REDIRECT_TO_BACKEND or not settings.LOGIN_REDIRECT_MSG_ENABLED: redirect_url = auth_url diff --git a/apps/jumpserver/settings/auth.py b/apps/jumpserver/settings/auth.py index 048c76a39..06eb5e7b6 100644 --- a/apps/jumpserver/settings/auth.py +++ b/apps/jumpserver/settings/auth.py @@ -147,6 +147,7 @@ AUTH_BACKEND_AUTH_TOKEN = 'authentication.backends.api.AuthorizationTokenAuthent AUTHENTICATION_BACKENDS = [ AUTH_BACKEND_MODEL, AUTH_BACKEND_PUBKEY, AUTH_BACKEND_WECOM, AUTH_BACKEND_DINGTALK, AUTH_BACKEND_FEISHU, AUTH_BACKEND_AUTH_TOKEN, + AUTH_BACKEND_SSO, ] if AUTH_CAS: @@ -156,8 +157,6 @@ if AUTH_OPENID: AUTHENTICATION_BACKENDS.insert(0, AUTH_BACKEND_OIDC_CODE) if AUTH_RADIUS: AUTHENTICATION_BACKENDS.insert(0, AUTH_BACKEND_RADIUS) -if AUTH_SSO: - AUTHENTICATION_BACKENDS.append(AUTH_BACKEND_SSO) ONLY_ALLOW_EXIST_USER_AUTH = CONFIG.ONLY_ALLOW_EXIST_USER_AUTH diff --git a/apps/settings/models.py b/apps/settings/models.py index 1660e318d..0ad7d116d 100644 --- a/apps/settings/models.py +++ b/apps/settings/models.py @@ -86,20 +86,48 @@ class Setting(models.Model): setattr(settings, self.name, self.cleaned_value) @classmethod - def refresh_AUTH_LDAP(cls): - setting = cls.objects.filter(name='AUTH_LDAP').first() + def refresh_authentications(cls, name): + setting = cls.objects.filter(name=name).first() if not setting: return - ldap_backend = settings.AUTH_BACKEND_LDAP - backends = settings.AUTHENTICATION_BACKENDS - has = ldap_backend in backends - if setting.cleaned_value and not has: - settings.AUTHENTICATION_BACKENDS.insert(0, ldap_backend) - if not setting.cleaned_value and has: - index = backends.index(ldap_backend) - backends.pop(index) - settings.AUTH_LDAP = setting.cleaned_value + backends_map = { + 'AUTH_LDAP': [settings.AUTH_BACKEND_LDAP], + 'AUTH_OPENID': [settings.AUTH_BACKEND_OIDC_CODE, settings.AUTH_BACKEND_OIDC_PASSWORD], + 'AUTH_RADIUS': [settings.AUTH_BACKEND_RADIUS], + 'AUTH_CAS': [settings.AUTH_BACKEND_CAS], + } + setting_backends = backends_map[name] + auth_backends = settings.AUTHENTICATION_BACKENDS + + for backend in setting_backends: + has = backend in auth_backends + + # 添加 + if setting.cleaned_value and not has: + logger.debug('Add auth backend: ', name) + settings.AUTHENTICATION_BACKENDS.insert(0, backend) + + # 去掉 + if not setting.cleaned_value and has: + index = auth_backends.index(backend) + logger.debug('Pop auth backend: ', name) + auth_backends.pop(index) + + # 设置内存值 + setattr(settings, name, setting.cleaned_value) + + @classmethod + def refresh_AUTH_LDAP(cls): + cls.refresh_authentications('AUTH_LDAP') + + @classmethod + def refresh_AUTH_OPENID(cls): + cls.refresh_authentications('AUTH_OPENID') + + @classmethod + def refresh_AUTH_RADIUS(cls): + cls.refresh_authentications('AUTH_RADIUS') @classmethod def update_or_create(cls, name='', value='', encrypted=False, category=''):