diff options
author | unknown <q16127@.ds.mot.com> | 2012-01-25 17:24:34 +0900 |
---|---|---|
committer | unknown <q16127@.ds.mot.com> | 2012-01-25 17:24:34 +0900 |
commit | fbc2b1bfeb64c6623c2b4f34584012a807a91f1b (patch) | |
tree | 86af2b7c76e234b34d016457f242d5a2fecbdc7a | |
parent | f5f25d94279f68c0d7edb18e6e3a7b82160b6a4b (diff) | |
download | askbot-fbc2b1bfeb64c6623c2b4f34584012a807a91f1b.tar.gz askbot-fbc2b1bfeb64c6623c2b4f34584012a807a91f1b.tar.bz2 askbot-fbc2b1bfeb64c6623c2b4f34584012a807a91f1b.zip |
added ldap_authentication() function into backends.py. Reads in newly added Ldap configuration EXTERNAL_KEYS.
-rw-r--r-- | askbot/deps/django_authopenid/backends.py | 100 | ||||
-rw-r--r-- | askbot/deps/django_authopenid/views.py | 38 |
2 files changed, 103 insertions, 35 deletions
diff --git a/askbot/deps/django_authopenid/backends.py b/askbot/deps/django_authopenid/backends.py index 9f8f1dfd..f3d8f64b 100644 --- a/askbot/deps/django_authopenid/backends.py +++ b/askbot/deps/django_authopenid/backends.py @@ -9,6 +9,84 @@ from django.core.exceptions import ImproperlyConfigured from django.utils.translation import ugettext as _ from askbot.deps.django_authopenid.models import UserAssociation from askbot.deps.django_authopenid import util +from askbot.conf import settings as askbot_settings + +log = logging.getLogger('configuration') + + +def ldap_authenticate(username, password): + """ + Authenticate using ldap + + python-ldap must be installed + http://pypi.python.org/pypi/python-ldap/2.4.6 + """ + import ldap + user_information = None + try: + ldap_session = ldap.initialize(askbot_settings.LDAP_URL) + ldap_session.protocol_version = ldap.VERSION3 + user_filter = "({0}={1})".format(askbot_settings.LDAP_USERID_FIELD, + username) + # search ldap directory for user + res = ldap_session.search_s(askbot_settings.LDAP_BASEDN, ldap.SCOPE_SUBTREE, user_filter, None) + if res: # User found in LDAP Directory + user_dn = res[0][0] + user_information = res[0][1] + ldap_session.simple_bind_s(user_dn, password) # <-- will throw ldap.INVALID_CREDENTIALS if fails + ldap_session.unbind_s() + + exact_username = user_information[askbot_settings.LDAP_USERID_FIELD][0] + + # Assuming last, first order + # --> may be different + last_name, first_name = user_information[askbot_settings.LDAP_COMMONNAME_FIELD][0].rsplit(" ", 1) + email = user_information[askbot_settings.LDAP_EMAIL_FIELD][0] + try: + user = User.objects.get(username__exact=exact_username) + # always update user profile to synchronize with ldap server + user.set_password(password) + user.first_name = first_name + user.last_name = last_name + user.email = email + user.save() + except User.DoesNotExist: + # create new user in local db + user = User() + user.username = exact_username + user.set_password(password) + user.first_name = first_name + user.last_name = last_name + user.email = email + user.is_staff = False + user.is_superuser = False + user.is_active = True + user.save() + + log.info('Created New User : [{0}]'.format(exact_username)) + return user + else: + # Maybe a user created internally (django admin user) + try: + user = User.objects.get(username__exact=username) + if user.check_password(password): + return user + else: + return None + except User.DoesNotExist: + return None + + except ldap.INVALID_CREDENTIALS, e: + return None # Will fail login on return of None + except ldap.LDAPError, e: + log.error("LDAPError Exception") + log.exception(e) + return None + except Exception, e: + log.error("Unexpected Exception Occurred") + log.exception(e) + return None + class AuthBackend(object): """Authenticator's authentication backend class @@ -22,15 +100,14 @@ class AuthBackend(object): def authenticate( self, - username = None,#for 'password' - password = None,#for 'password' + username = None,#for 'password' and 'ldap' + password = None,#for 'password' and 'ldap' user_id = None,#for 'force' provider_name = None,#required with all except email_key openid_url = None, email_key = None, oauth_user_id = None,#used with oauth facebook_user_id = None,#user with facebook - ldap_user_id = None,#for ldap wordpress_url = None, # required for self hosted wordpress wp_user_id = None, # required for self hosted wordpress method = None,#requried parameter @@ -40,6 +117,7 @@ class AuthBackend(object): from the signature of the function call """ login_providers = util.get_enabled_login_providers() + assoc = None # UserAssociation not needed for ldap if method == 'password': if login_providers[provider_name]['type'] != 'password': raise ImproperlyConfigured('login provider must use password') @@ -156,14 +234,7 @@ class AuthBackend(object): return None elif method == 'ldap': - try: - assoc = UserAssociation.objects.get( - openid_url = ldap_user_id, - provider_name = provider_name - ) - user = assoc.user - except UserAssociation.DoesNotExist: - return None + user = ldap_authenticate(username, password) elif method == 'wordpress_site': try: @@ -180,9 +251,10 @@ class AuthBackend(object): else: raise TypeError('only openid and password supported') - #update last used time - assoc.last_used_timestamp = datetime.datetime.now() - assoc.save() + if assoc: + #update last used time + assoc.last_used_timestamp = datetime.datetime.now() + assoc.save() return user def get_user(self, user_id): diff --git a/askbot/deps/django_authopenid/views.py b/askbot/deps/django_authopenid/views.py index bb0b4986..22be8460 100644 --- a/askbot/deps/django_authopenid/views.py +++ b/askbot/deps/django_authopenid/views.py @@ -310,30 +310,26 @@ def signin(request): password_action = login_form.cleaned_data['password_action'] if askbot_settings.USE_LDAP_FOR_PASSWORD_LOGIN: assert(password_action == 'login') - ldap_provider_name = askbot_settings.LDAP_PROVIDER_NAME username = login_form.cleaned_data['username'] - if util.ldap_check_password( - username, - login_form.cleaned_data['password'] - ): - user = authenticate( - ldap_user_id = username, - provider_name = ldap_provider_name, - method = 'ldap' - ) - if user is not None: - login(request, user) - return HttpResponseRedirect(next_url) - else: - return finalize_generic_signin( - request = request, - user = user, - user_identifier = username, - login_provider_name = ldap_provider_name, - redirect_url = next_url + password = login_form.cleaned_data['password'] + # will be None if authentication fails + user = authenticate( + username=username, + password=password, + method = 'ldap' ) + if user is not None: + login(request, user) + return HttpResponseRedirect(next_url) else: - login_form.set_password_login_error() + return finalize_generic_signin( + request = request, + user = user, + user_identifier = username, + login_provider_name = ldap_provider_name, + redirect_url = next_url + ) + else: if password_action == 'login': user = authenticate( |