perf: 优化登录backends

apps/authentication/views/login.py

@@ -66,10 +66,12 @@ class UserLoginView(mixins.AuthMixin, FormView):
             return None
 
         login_redirect = settings.LOGIN_REDIRECT_TO_BACKEND.lower()
-        if login_redirect == ['CAS', 'cas'] and cas_auth_url:
+        if login_redirect in ['cas'] and cas_auth_url:
             auth_url = cas_auth_url
-        else:
+        elif login_redirect in ['openid', 'oidc'] and openid_auth_url:
             auth_url = openid_auth_url
+        else:
+            auth_url = openid_auth_url or cas_auth_url
 
         if settings.LOGIN_REDIRECT_TO_BACKEND or not settings.LOGIN_REDIRECT_MSG_ENABLED:
             redirect_url = auth_url

apps/jumpserver/settings/auth.py

@@ -147,6 +147,7 @@ AUTH_BACKEND_AUTH_TOKEN = 'authentication.backends.api.AuthorizationTokenAuthent
 AUTHENTICATION_BACKENDS = [
     AUTH_BACKEND_MODEL, AUTH_BACKEND_PUBKEY, AUTH_BACKEND_WECOM,
     AUTH_BACKEND_DINGTALK, AUTH_BACKEND_FEISHU, AUTH_BACKEND_AUTH_TOKEN,
+    AUTH_BACKEND_SSO,
 ]
 
 if AUTH_CAS:
@@ -156,8 +157,6 @@ if AUTH_OPENID:
     AUTHENTICATION_BACKENDS.insert(0, AUTH_BACKEND_OIDC_CODE)
 if AUTH_RADIUS:
     AUTHENTICATION_BACKENDS.insert(0, AUTH_BACKEND_RADIUS)
-if AUTH_SSO:
-    AUTHENTICATION_BACKENDS.append(AUTH_BACKEND_SSO)
 
 
 ONLY_ALLOW_EXIST_USER_AUTH = CONFIG.ONLY_ALLOW_EXIST_USER_AUTH

apps/settings/models.py

@@ -86,20 +86,48 @@ class Setting(models.Model):
             setattr(settings, self.name, self.cleaned_value)
 
     @classmethod
-    def refresh_AUTH_LDAP(cls):
+    def refresh_authentications(cls, name):
-        setting = cls.objects.filter(name='AUTH_LDAP').first()
+        setting = cls.objects.filter(name=name).first()
         if not setting:
             return
-        ldap_backend = settings.AUTH_BACKEND_LDAP
-        backends = settings.AUTHENTICATION_BACKENDS
-        has = ldap_backend in backends
-        if setting.cleaned_value and not has:
-            settings.AUTHENTICATION_BACKENDS.insert(0, ldap_backend)
 
+        backends_map = {
+            'AUTH_LDAP': [settings.AUTH_BACKEND_LDAP],
+            'AUTH_OPENID': [settings.AUTH_BACKEND_OIDC_CODE, settings.AUTH_BACKEND_OIDC_PASSWORD],
+            'AUTH_RADIUS': [settings.AUTH_BACKEND_RADIUS],
+            'AUTH_CAS': [settings.AUTH_BACKEND_CAS],
+        }
+        setting_backends = backends_map[name]
+        auth_backends = settings.AUTHENTICATION_BACKENDS
+
+        for backend in setting_backends:
+            has = backend in auth_backends
+
+            # 添加
+            if setting.cleaned_value and not has:
+                logger.debug('Add auth backend: ', name)
+                settings.AUTHENTICATION_BACKENDS.insert(0, backend)
+
+            # 去掉
             if not setting.cleaned_value and has:
-            index = backends.index(ldap_backend)
+                index = auth_backends.index(backend)
-            backends.pop(index)
+                logger.debug('Pop auth backend: ', name)
-        settings.AUTH_LDAP = setting.cleaned_value
+                auth_backends.pop(index)
+
+        # 设置内存值
+        setattr(settings, name, setting.cleaned_value)
+
+    @classmethod
+    def refresh_AUTH_LDAP(cls):
+        cls.refresh_authentications('AUTH_LDAP')
+
+    @classmethod
+    def refresh_AUTH_OPENID(cls):
+        cls.refresh_authentications('AUTH_OPENID')
+
+    @classmethod
+    def refresh_AUTH_RADIUS(cls):
+        cls.refresh_authentications('AUTH_RADIUS')
 
     @classmethod
     def update_or_create(cls, name='', value='', encrypted=False, category=''):