added ldap_authentication() function into backends.py. Reads in newly added Ldap configuration EXTERNAL_KEYS.

author: unknown <q16127@.ds.mot.com> 2012-01-25 17:24:34 +0900
committer: unknown <q16127@.ds.mot.com> 2012-01-25 17:24:34 +0900
commit: fbc2b1bfeb64c6623c2b4f34584012a807a91f1b (patch)
tree: 86af2b7c76e234b34d016457f242d5a2fecbdc7a
parent: f5f25d94279f68c0d7edb18e6e3a7b82160b6a4b (diff)
download: askbot-fbc2b1bfeb64c6623c2b4f34584012a807a91f1b.tar.gz
askbot-fbc2b1bfeb64c6623c2b4f34584012a807a91f1b.tar.bz2
askbot-fbc2b1bfeb64c6623c2b4f34584012a807a91f1b.zip
2 files changed, 103 insertions, 35 deletions
diff --git a/askbot/deps/django_authopenid/backends.py b/askbot/deps/django_authopenid/backends.py
index 9f8f1dfd..f3d8f64b 100644
--- a/askbot/deps/django_authopenid/backends.py
+++ b/askbot/deps/django_authopenid/backends.py
@@ -9,6 +9,84 @@ from django.core.exceptions import ImproperlyConfigured
 from django.utils.translation import ugettext as _
 from askbot.deps.django_authopenid.models import UserAssociation
 from askbot.deps.django_authopenid import util
+from askbot.conf import settings as askbot_settings
+
+log = logging.getLogger('configuration')
+
+
+def ldap_authenticate(username, password):
+    """
+    Authenticate using ldap
+    
+    python-ldap must be installed
+    http://pypi.python.org/pypi/python-ldap/2.4.6
+    """
+    import ldap
+    user_information = None
+    try:
+        ldap_session = ldap.initialize(askbot_settings.LDAP_URL)
+        ldap_session.protocol_version = ldap.VERSION3
+        user_filter = "({0}={1})".format(askbot_settings.LDAP_USERID_FIELD, 
+                                         username)
+        # search ldap directory for user
+        res = ldap_session.search_s(askbot_settings.LDAP_BASEDN, ldap.SCOPE_SUBTREE, user_filter, None)
+        if res: # User found in LDAP Directory
+            user_dn = res[0][0]
+            user_information = res[0][1]
+            ldap_session.simple_bind_s(user_dn, password) # <-- will throw  ldap.INVALID_CREDENTIALS if fails
+            ldap_session.unbind_s()
+            
+            exact_username = user_information[askbot_settings.LDAP_USERID_FIELD][0]
+            
+            # Assuming last, first order
+            # --> may be different
+            last_name, first_name = user_information[askbot_settings.LDAP_COMMONNAME_FIELD][0].rsplit(" ", 1)
+            email = user_information[askbot_settings.LDAP_EMAIL_FIELD][0]
+            try:
+                user = User.objects.get(username__exact=exact_username)
+                # always update user profile to synchronize with ldap server
+                user.set_password(password)
+                user.first_name = first_name
+                user.last_name = last_name
+                user.email = email
+                user.save()
+            except User.DoesNotExist:
+                # create new user in local db
+                user = User()
+                user.username = exact_username
+                user.set_password(password)
+                user.first_name = first_name
+                user.last_name = last_name
+                user.email = email
+                user.is_staff = False
+                user.is_superuser = False
+                user.is_active = True
+                user.save()
+
+                log.info('Created New User : [{0}]'.format(exact_username))
+            return user
+        else:
+            # Maybe a user created internally (django admin user)
+            try:
+                user = User.objects.get(username__exact=username)
+                if user.check_password(password):
+                    return user
+                else:
+                    return None
+            except User.DoesNotExist:
+                return None 
+
+    except ldap.INVALID_CREDENTIALS, e:
+        return None # Will fail login on return of None
+    except ldap.LDAPError, e:
+        log.error("LDAPError Exception")
+        log.exception(e)
+        return None
+    except Exception, e:
+        log.error("Unexpected Exception Occurred")
+        log.exception(e)
+        return None
+
 
 class AuthBackend(object):
     """Authenticator's authentication backend class
@@ -22,15 +100,14 @@ class AuthBackend(object):
 
     def authenticate(
                 self,
-                username = None,#for 'password'
-                password = None,#for 'password'
+                username = None,#for 'password' and 'ldap'
+                password = None,#for 'password' and 'ldap'
                 user_id = None,#for 'force'
                 provider_name = None,#required with all except email_key
                 openid_url = None,
                 email_key = None,
                 oauth_user_id = None,#used with oauth
                 facebook_user_id = None,#user with facebook
-                ldap_user_id = None,#for ldap
                 wordpress_url = None, # required for self hosted wordpress
                 wp_user_id = None, # required for self hosted wordpress
                 method = None,#requried parameter
@@ -40,6 +117,7 @@ class AuthBackend(object):
         from the signature of the function call
         """
         login_providers = util.get_enabled_login_providers()
+        assoc = None # UserAssociation not needed for ldap
         if method == 'password':
             if login_providers[provider_name]['type'] != 'password':
                 raise ImproperlyConfigured('login provider must use password')
@@ -156,14 +234,7 @@ class AuthBackend(object):
                 return None
 
         elif method == 'ldap':
-            try:
-                assoc = UserAssociation.objects.get(
-                                            openid_url = ldap_user_id,
-                                            provider_name = provider_name
-                                        )
-                user = assoc.user
-            except UserAssociation.DoesNotExist:
-                return None
+            user = ldap_authenticate(username, password)
 
         elif method == 'wordpress_site':
             try:
@@ -180,9 +251,10 @@ class AuthBackend(object):
         else:
             raise TypeError('only openid and password supported')
 
-        #update last used time
-        assoc.last_used_timestamp = datetime.datetime.now()
-        assoc.save()
+        if assoc:
+            #update last used time
+            assoc.last_used_timestamp = datetime.datetime.now()
+            assoc.save()
         return user
 
     def get_user(self, user_id):
diff --git a/askbot/deps/django_authopenid/views.py b/askbot/deps/django_authopenid/views.py
index bb0b4986..22be8460 100644
--- a/askbot/deps/django_authopenid/views.py
+++ b/askbot/deps/django_authopenid/views.py
@@ -310,30 +310,26 @@ def signin(request):
                 password_action = login_form.cleaned_data['password_action']
                 if askbot_settings.USE_LDAP_FOR_PASSWORD_LOGIN:
                     assert(password_action == 'login')
-                    ldap_provider_name = askbot_settings.LDAP_PROVIDER_NAME
                     username = login_form.cleaned_data['username']
-                    if util.ldap_check_password(
-                                username,
-                                login_form.cleaned_data['password']
-                            ):
-                        user = authenticate(
-                                        ldap_user_id = username,
-                                        provider_name = ldap_provider_name,
-                                        method = 'ldap'
-                                    )
-                        if user is not None:
-                            login(request, user)
-                            return HttpResponseRedirect(next_url)
-                        else:
-                            return finalize_generic_signin(
-                                    request = request,
-                                    user = user,
-                                    user_identifier = username,
-                                    login_provider_name = ldap_provider_name,
-                                    redirect_url = next_url
+                    password = login_form.cleaned_data['password']
+                    # will be None if authentication fails
+                    user = authenticate(
+                                    username=username,
+                                    password=password,
+                                    method = 'ldap'
                                 )
+                    if user is not None:
+                        login(request, user)
+                        return HttpResponseRedirect(next_url)
                     else:
-                        login_form.set_password_login_error() 
+                        return finalize_generic_signin(
+                                request = request,
+                                user = user,
+                                user_identifier = username,
+                                login_provider_name = ldap_provider_name,
+                                redirect_url = next_url
+                            )
+
                 else:
                     if password_action == 'login':
                         user = authenticate(
author	unknown <q16127@.ds.mot.com>	2012-01-25 17:24:34 +0900
committer	unknown <q16127@.ds.mot.com>	2012-01-25 17:24:34 +0900
commit	fbc2b1bfeb64c6623c2b4f34584012a807a91f1b (patch)
tree	86af2b7c76e234b34d016457f242d5a2fecbdc7a
parent	f5f25d94279f68c0d7edb18e6e3a7b82160b6a4b (diff)
download	askbot-fbc2b1bfeb64c6623c2b4f34584012a807a91f1b.tar.gz askbot-fbc2b1bfeb64c6623c2b4f34584012a807a91f1b.tar.bz2 askbot-fbc2b1bfeb64c6623c2b4f34584012a807a91f1b.zip