From cea336a8cef3e4bf093100276c24ad7c3109fc0d Mon Sep 17 00:00:00 2001 From: BaiJiangJie <32935519+BaiJiangJie@users.noreply.github.com> Date: Mon, 9 Dec 2019 16:12:48 +0800 Subject: [PATCH] =?UTF-8?q?[Update]=20=E7=94=A8=E6=88=B7=E7=AC=AC=E4=B8=89?= =?UTF-8?q?=E6=96=B9=E8=AE=A4=E8=AF=81=E5=90=8E=EF=BC=8C=E5=8F=AA=E5=9C=A8?= =?UTF-8?q?=E5=88=9B=E5=BB=BA=E6=97=B6=E4=BF=AE=E6=94=B9=E7=94=A8=E6=88=B7?= =?UTF-8?q?=E6=9D=A5=E6=BA=90=E4=BF=A1=E6=81=AF=EF=BC=9B=E4=BF=AE=E6=94=B9?= =?UTF-8?q?=E6=A3=80=E9=AA=8C=E7=94=A8=E6=88=B7=E6=9C=89=E6=95=88=E6=80=A7?= =?UTF-8?q?=E9=80=BB=E8=BE=91=EF=BC=9B=20(#3517)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [Update] 用户第三方认证后,只在创建时修改用户来源信息 * [Update] 修改检验用户有效性逻辑(解决启用LDAP等认证时,显示用户名不存在) * [Update] 修改检验用户有效性逻辑(解决启用LDAP等认证时,显示用户名不存在)2 --- apps/authentication/backends/openid/models.py | 8 +++--- .../authentication/backends/openid/signals.py | 2 +- apps/authentication/signals_handlers.py | 15 ++++++----- apps/authentication/utils.py | 26 ++++--------------- 4 files changed, 20 insertions(+), 31 deletions(-) diff --git a/apps/authentication/backends/openid/models.py b/apps/authentication/backends/openid/models.py index b99ba402a..863aafd6a 100644 --- a/apps/authentication/backends/openid/models.py +++ b/apps/authentication/backends/openid/models.py @@ -6,7 +6,7 @@ from django.contrib.auth import get_user_model from keycloak.realm import KeycloakRealm from keycloak.keycloak_openid import KeycloakOpenID -from .signals import post_create_openid_user +from .signals import post_create_or_update_openid_user from .decorator import ssl_verification OIDT_ACCESS_TOKEN = 'oidt_access_token' @@ -155,7 +155,7 @@ class Client(object): """ userinfo = self.get_userinfo(token=token_response['access_token']) with transaction.atomic(): - user, _ = get_user_model().objects.update_or_create( + user, created = get_user_model().objects.update_or_create( username=userinfo.get('preferred_username', ''), defaults={ 'email': userinfo.get('email', ''), @@ -169,7 +169,9 @@ class Client(object): refresh_token=token_response['refresh_token'], ) if user: - post_create_openid_user.send(sender=user.__class__, user=user) + post_create_or_update_openid_user.send( + sender=user.__class__, user=user, created=created + ) return oidt_profile diff --git a/apps/authentication/backends/openid/signals.py b/apps/authentication/backends/openid/signals.py index d5e57a005..ad81bca4a 100644 --- a/apps/authentication/backends/openid/signals.py +++ b/apps/authentication/backends/openid/signals.py @@ -1,5 +1,5 @@ from django.dispatch import Signal -post_create_openid_user = Signal(providing_args=('user',)) +post_create_or_update_openid_user = Signal(providing_args=('user',)) post_openid_login_success = Signal(providing_args=('user', 'request')) diff --git a/apps/authentication/signals_handlers.py b/apps/authentication/signals_handlers.py index 17cfae362..aac64df4c 100644 --- a/apps/authentication/signals_handlers.py +++ b/apps/authentication/signals_handlers.py @@ -4,9 +4,10 @@ from django.dispatch import receiver from django.contrib.auth.signals import user_logged_out from django_auth_ldap.backend import populate_user +from users.models import User from .backends.openid import new_client from .backends.openid.signals import ( - post_create_openid_user, post_openid_login_success + post_create_or_update_openid_user, post_openid_login_success ) from .signals import post_auth_success @@ -29,9 +30,9 @@ def on_user_logged_out(sender, request, user, **kwargs): request.COOKIES['next'] = openid_logout_url -@receiver(post_create_openid_user) -def on_post_create_openid_user(sender, user=None, **kwargs): - if user and user.username != 'admin': +@receiver(post_create_or_update_openid_user) +def on_post_create_or_update_openid_user(sender, user=None, created=True, **kwargs): + if created and user and user.username != 'admin': user.source = user.SOURCE_OPENID user.save() @@ -44,8 +45,10 @@ def on_openid_login_success(sender, user=None, request=None, **kwargs): @receiver(populate_user) def on_ldap_create_user(sender, user, ldap_user, **kwargs): if user and user.username not in ['admin']: - user.source = user.SOURCE_LDAP - user.save() + exists = User.objects.filter(username=user.username).exists() + if not exists: + user.source = user.SOURCE_LDAP + user.save() diff --git a/apps/authentication/utils.py b/apps/authentication/utils.py index eb1649885..197aa113a 100644 --- a/apps/authentication/utils.py +++ b/apps/authentication/utils.py @@ -1,31 +1,20 @@ # -*- coding: utf-8 -*- # -from django.utils.translation import ugettext as _ from django.contrib.auth import authenticate -from common.utils import ( - get_ip_city, get_object_or_none, validate_ip -) -from users.models import User from . import errors def check_user_valid(**kwargs): password = kwargs.pop('password', None) public_key = kwargs.pop('public_key', None) - email = kwargs.pop('email', None) username = kwargs.pop('username', None) request = kwargs.get('request') - if username: - user = get_object_or_none(User, username=username) - elif email: - user = get_object_or_none(User, email=email) - else: - user = None - - if user is None: - return None, errors.reason_user_not_exist + user = authenticate(request, username=username, + password=password, public_key=public_key) + if not user: + return None, errors.reason_password_failed elif user.is_expired: return None, errors.reason_user_inactive elif not user.is_active: @@ -33,9 +22,4 @@ def check_user_valid(**kwargs): elif user.password_has_expired: return None, errors.reason_password_expired - if password or public_key: - user = authenticate(request, username=username, - password=password, public_key=public_key) - if user: - return user, '' - return None, errors.reason_password_failed + return user, ''