fix: 过期用户登录提示不明确

2021-07-06 19:03:58 +08:00 · 2021-07-06 19:03:58 +08:00 · a9f814a515
parent c4bbeaaccc
commit a9f814a515
3 changed files with 23 additions and 8 deletions
--- a/apps/authentication/backends/api.py
+++ b/apps/authentication/backends/api.py
@ -8,7 +8,7 @@ from django.core.cache import cache
 from django.utils.translation import ugettext as _
 from six import text_type
 from django.contrib.auth import get_user_model
-from django.contrib.auth.backends import ModelBackend as DJModelBackend
+from django.contrib.auth.backends import ModelBackend
 from rest_framework import HTTP_HEADER_ENCODING
 from rest_framework import authentication, exceptions
 from common.auth import signature
@ -17,6 +17,9 @@ from common.utils import get_object_or_none, make_signature, http_to_unixtime
 from ..models import AccessKey, PrivateToken


+UserModel = get_user_model()
+
+
 def get_request_date_header(request):
    date = request.META.get('HTTP_DATE', b'')
    if isinstance(date, text_type):
@ -25,9 +28,16 @@ def get_request_date_header(request):
    return date


-class ModelBackend(DJModelBackend):
+class JMSModelBackend(ModelBackend):
    def user_can_authenticate(self, user):
-        return user.is_valid
+        return True
+
+    def get_user(self, user_id):
+        try:
+            user = UserModel._default_manager.get(pk=user_id)
+        except UserModel.DoesNotExist:
+            return None
+        return user if user.is_valid else None


 class AccessKeyAuthentication(authentication.BaseAuthentication):
@ -203,7 +213,7 @@ class SignatureAuthentication(signature.SignatureAuthentication):
            return None, None


-class SSOAuthentication(ModelBackend):
+class SSOAuthentication(JMSModelBackend):
    """
    什么也不做呀😺
    """
@ -212,7 +222,7 @@ class SSOAuthentication(ModelBackend):
        pass


-class WeComAuthentication(ModelBackend):
+class WeComAuthentication(JMSModelBackend):
    """
    什么也不做呀😺
    """
@ -221,7 +231,7 @@ class WeComAuthentication(ModelBackend):
        pass


-class DingTalkAuthentication(ModelBackend):
+class DingTalkAuthentication(JMSModelBackend):
    """
    什么也不做呀😺
    """
@ -230,7 +240,7 @@ class DingTalkAuthentication(ModelBackend):
        pass


-class AuthorizationTokenAuthentication(ModelBackend):
+class AuthorizationTokenAuthentication(JMSModelBackend):
    """
    什么也不做呀😺
    """
--- a/apps/authentication/mixins.py
+++ b/apps/authentication/mixins.py
@ -236,6 +236,11 @@ class AuthMixin:
        ip = self.get_request_ip()
        request = self.request

+        if user.is_expired:
+            self.raise_credential_error(errors.reason_user_expired)
+        elif not user.is_active:
+            self.raise_credential_error(errors.reason_user_inactive)
+
        self._set_partial_credential_error(user.username, ip, request)
        self._check_is_local_user(user)
        self._check_is_block(user.username)
--- a/apps/jumpserver/settings/auth.py
+++ b/apps/jumpserver/settings/auth.py
@ -120,7 +120,7 @@ LOGIN_CONFIRM_ENABLE = CONFIG.LOGIN_CONFIRM_ENABLE
 OTP_IN_RADIUS = CONFIG.OTP_IN_RADIUS


-AUTH_BACKEND_MODEL = 'authentication.backends.api.ModelBackend'
+AUTH_BACKEND_MODEL = 'authentication.backends.api.JMSModelBackend'
 AUTH_BACKEND_PUBKEY = 'authentication.backends.pubkey.PublicKeyAuthBackend'
 AUTH_BACKEND_LDAP = 'authentication.backends.ldap.LDAPAuthorizationBackend'
 AUTH_BACKEND_OIDC_PASSWORD = 'jms_oidc_rp.backends.OIDCAuthPasswordBackend'