github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

[Update] 用户第三方认证后,只在创建时修改用户来源信息;修改检验用户有效性逻辑; (#3517) 

* [Update] 用户第三方认证后,只在创建时修改用户来源信息

* [Update] 修改检验用户有效性逻辑(解决启用LDAP等认证时,显示用户名不存在)

* [Update] 修改检验用户有效性逻辑(解决启用LDAP等认证时,显示用户名不存在)2
pull/3518/head
BaiJiangJie 2019-12-09 16:12:48 +08:00 committed by GitHub
parent 16864ca34e
commit cea336a8ce
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 20 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
apps/authentication/backends/openid/models.py
View File

@ -6,7 +6,7 @@ from django.contrib.auth import get_user_model
from keycloak.realm import KeycloakRealm from keycloak.realm import KeycloakRealm
from keycloak.keycloak_openid import KeycloakOpenID from keycloak.keycloak_openid import KeycloakOpenID
from .signals import post_create_openid_user from .signals import post_create_or_update_openid_user
from .decorator import ssl_verification from .decorator import ssl_verification
OIDT_ACCESS_TOKEN = 'oidt_access_token' OIDT_ACCESS_TOKEN = 'oidt_access_token'
@ -155,7 +155,7 @@ class Client(object):
""" """
userinfo = self.get_userinfo(token=token_response['access_token']) userinfo = self.get_userinfo(token=token_response['access_token'])
with transaction.atomic(): with transaction.atomic():
user, _ = get_user_model().objects.update_or_create( user, created = get_user_model().objects.update_or_create(
username=userinfo.get('preferred_username', ''), username=userinfo.get('preferred_username', ''),
defaults={ defaults={
'email': userinfo.get('email', ''), 'email': userinfo.get('email', ''),
@ -169,7 +169,9 @@ class Client(object):
refresh_token=token_response['refresh_token'], refresh_token=token_response['refresh_token'],
) )
if user: if user:
post_create_openid_user.send(sender=user.__class__, user=user) post_create_or_update_openid_user.send(
sender=user.__class__, user=user, created=created
)
return oidt_profile return oidt_profile

2
apps/authentication/backends/openid/signals.py
View File

@ -1,5 +1,5 @@
from django.dispatch import Signal from django.dispatch import Signal
post_create_openid_user = Signal(providing_args=('user',)) post_create_or_update_openid_user = Signal(providing_args=('user',))
post_openid_login_success = Signal(providing_args=('user', 'request')) post_openid_login_success = Signal(providing_args=('user', 'request'))

15
apps/authentication/signals_handlers.py
View File

@ -4,9 +4,10 @@ from django.dispatch import receiver
from django.contrib.auth.signals import user_logged_out from django.contrib.auth.signals import user_logged_out
from django_auth_ldap.backend import populate_user from django_auth_ldap.backend import populate_user
from users.models import User
from .backends.openid import new_client from .backends.openid import new_client
from .backends.openid.signals import ( from .backends.openid.signals import (
post_create_openid_user, post_openid_login_success post_create_or_update_openid_user, post_openid_login_success
) )
from .signals import post_auth_success from .signals import post_auth_success
@ -29,9 +30,9 @@ def on_user_logged_out(sender, request, user, **kwargs):
request.COOKIES['next'] = openid_logout_url request.COOKIES['next'] = openid_logout_url
@receiver(post_create_openid_user) @receiver(post_create_or_update_openid_user)
def on_post_create_openid_user(sender, user=None, **kwargs): def on_post_create_or_update_openid_user(sender, user=None, created=True, **kwargs):
if user and user.username != 'admin': if created and user and user.username != 'admin':
user.source = user.SOURCE_OPENID user.source = user.SOURCE_OPENID
user.save() user.save()
@ -44,8 +45,10 @@ def on_openid_login_success(sender, user=None, request=None, **kwargs):
@receiver(populate_user) @receiver(populate_user)
def on_ldap_create_user(sender, user, ldap_user, **kwargs): def on_ldap_create_user(sender, user, ldap_user, **kwargs):
if user and user.username not in ['admin']: if user and user.username not in ['admin']:
user.source = user.SOURCE_LDAP exists = User.objects.filter(username=user.username).exists()
user.save() if not exists:
user.source = user.SOURCE_LDAP
user.save()

26
apps/authentication/utils.py
View File

@ -1,31 +1,20 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# #
from django.utils.translation import ugettext as _
from django.contrib.auth import authenticate from django.contrib.auth import authenticate
from common.utils import (
get_ip_city, get_object_or_none, validate_ip
)
from users.models import User
from . import errors from . import errors
def check_user_valid(**kwargs): def check_user_valid(**kwargs):
password = kwargs.pop('password', None) password = kwargs.pop('password', None)
public_key = kwargs.pop('public_key', None) public_key = kwargs.pop('public_key', None)
email = kwargs.pop('email', None)
username = kwargs.pop('username', None) username = kwargs.pop('username', None)
request = kwargs.get('request') request = kwargs.get('request')
if username: user = authenticate(request, username=username,
user = get_object_or_none(User, username=username) password=password, public_key=public_key)
elif email: if not user:
user = get_object_or_none(User, email=email) return None, errors.reason_password_failed
else:
user = None
if user is None:
return None, errors.reason_user_not_exist
elif user.is_expired: elif user.is_expired:
return None, errors.reason_user_inactive return None, errors.reason_user_inactive
elif not user.is_active: elif not user.is_active:
@ -33,9 +22,4 @@ def check_user_valid(**kwargs):
elif user.password_has_expired: elif user.password_has_expired:
return None, errors.reason_password_expired return None, errors.reason_password_expired
if password or public_key: return user, ''
user = authenticate(request, username=username,
password=password, public_key=public_key)
if user:
return user, ''
return None, errors.reason_password_failed