def test_role_access_control_granted(self): client = Client() service = self.service service.add_authorized_role(self.authorized_service) get_user_model().objects.get(username=self.LOGIN).roles.add( self.authorized_service) assert service.authorized_roles.exists() is True response = client.get('/idp/cas/login', {constants.SERVICE_PARAM: self.URL}) location = response['Location'] query = urlparse.parse_qs(location.split('?')[1]) next_url, next_url_query = query['next'][0].split('?') next_url_query = urlparse.parse_qs(next_url_query) response = client.post(location, { 'login-password-submit': '', 'username': self.LOGIN, 'password': self.PASSWORD }, follow=False) response = client.get(response.url) client = Client() ticket_id = urlparse.parse_qs( response.url.split('?')[1])[constants.TICKET_PARAM][0] response = client.get('/idp/cas/validate', { constants.TICKET_PARAM: ticket_id, constants.SERVICE_PARAM: self.URL })
def create_user(self, ssl_info): """ This method creates a new django User and ClientCertificate record for the passed certificate info. It does not create an issuer record, just a subject for the ClientCertificate. """ # auto creation only created a DN for the subject, not the issuer User = get_user_model() # get username and check if the user exists already if app_settings.CREATE_USERNAME_CALLBACK: build_username = app_settings.CEATE_USERNAME_CALLBACK else: build_username = self.build_username username = build_username(ssl_info) try: user = User.objects.get(username=username) except User.DoesNotExist: if app_settings.CREATE_USER_CALLBACK: build_user = app_settings.CREATE_USER_CALLBACK else: build_user = self.build_user user = build_user(username, ssl_info) # create the certificate record and save self.link_user(ssl_info, user) return user
def setUp(self): User = get_user_model() Role = get_role_model() self.user = User.objects.create_user(self.LOGIN, password=self.PASSWORD, email=self.EMAIL, first_name=self.FIRST_NAME, last_name=self.LAST_NAME) self.service = Service.objects.create( name=self.NAME, slug=self.SLUG, urls=self.URL, identifier_attribute='django_user_username', ou=get_default_ou(), logout_url=self.URL + 'logout/') self.service_attribute1 = Attribute.objects.create( service=self.service, slug='email', attribute_name='django_user_email') self.service2 = Service.objects.create( name=self.NAME2, slug=self.SLUG2, urls=self.URL2, ou=get_default_ou(), identifier_attribute='django_user_email') self.service2_attribute1 = Attribute.objects.create( service=self.service2, slug='username', attribute_name='django_user_username') self.authorized_service = Role.objects.create(name='rogue', ou=get_default_ou()) self.factory = RequestFactory()
def setUp(self): User = get_user_model() self.user = User.objects.create_user( self.LOGIN, password=self.PASSWORD, email=self.EMAIL, first_name=self.FIRST_NAME, last_name=self.LAST_NAME ) self.service = Service.objects.create( name=self.NAME, slug=self.SLUG, urls=self.URL, identifier_attribute="django_user_username", ou=get_default_ou(), logout_url=self.URL + "logout/", ) self.service_attribute1 = Attribute.objects.create( service=self.service, slug="email", attribute_name="django_user_email" ) self.service2 = Service.objects.create( name=self.NAME2, slug=self.SLUG2, urls=self.URL2, ou=get_default_ou(), identifier_attribute="django_user_email", ) self.service2_attribute1 = Attribute.objects.create( service=self.service2, slug="username", attribute_name="django_user_username" ) self.factory = RequestFactory()
def get(self, request, *args, **kwargs): if 'token' in request.GET: User = get_user_model() try: token = signing.loads(request.GET['token'], max_age=7200) user_pk = token['user_pk'] email = token['email'] site_pk = token['site_pk'] site = get_current_site(request) if site.pk != site_pk: raise ValueError user = User.objects.get(pk=user_pk) user.email = email user.save() messages.info(request, _('your request for changing your email for {0} ' 'is successful').format(email)) except signing.SignatureExpired: messages.error(request, _('your request for changing your email is too ' 'old, try again')) except signing.BadSignature: messages.error(request, _('your request for changing your email is ' 'invalid, try again')) except ValueError: messages.error(request, _('your request for changing your email was not ' 'on this site, try again')) except User.DoesNotExist: messages.error(request, _('your request for changing your email is for ' 'an unknown user, try again')) return shortcuts.redirect(settings.LOGIN_REDIRECT_URL)
def clean(self): if 'username' in self.fields or 'email' in self.fields: if not self.cleaned_data.get('username') and \ not self.cleaned_data.get('email'): raise forms.ValidationError( _('You must set a username or an email.')) User = get_user_model() if self.cleaned_data.get('email'): qs = User.objects.all() ou = getattr(self, 'ou', None) if self.instance and self.instance.pk: qs = qs.exclude(pk=self.instance.pk) ou = self.instance.ou email = self.cleaned_data['email'] already_used = False if a2_app_settings.A2_EMAIL_IS_UNIQUE and qs.filter( email=email).exists(): already_used = True if ou and ou.email_is_unique and qs.filter(ou=ou, email=email).exists(): already_used = True if already_used: raise forms.ValidationError( {'email': _('Email already used.')})
def save(self, profile_callback=None): """ Create the new ``User`` and ``RegistrationProfile``, and returns the ``User``. This is essentially a light wrapper around ``RegistrationProfile.objects.create_inactive_user()``, feeding it the form data and a profile callback (see the documentation on ``create_inactive_user()`` for details) if supplied. """ User = get_user_model() ssl_info = SSLInfo(self.request) if not ssl_info.cert: raise ValueError('Missing cert') new_user = User.objects.create_user( username=self.cleaned_data['username'], email=self.cleaned_data['email']) new_user.backend = 'authentic2.auth2_auth.auth2_ssl.backend.SSLBackend' cert = ClientCertificate() cert.user = new_user cert.cert = ssl_info.cert cert.save() # Automatically log in the new user login(self.request, new_user) return new_user
def lookup_by_username(self, username): User = get_user_model() try: log.debug('lookup using username %r', username) return LDAPUser.objects.get(username=username) except User.DoesNotExist: return
def clean(self): super(UserAddForm, self).clean() User = get_user_model() if not self.cleaned_data.get('username') and \ not self.cleaned_data.get('email'): raise forms.ValidationError( _('You must set a username or an email.'))
class Meta: model = get_user_model() attrs = {'class': 'main', 'id': 'user-table'} fields = ('username', 'email', 'first_name', 'last_name', 'is_active', 'email_verified', 'ou') sequence = ('link', '...') empty_text = _('None') order_by = ('first_name', 'last_name', 'email', 'username')
def test_ldap_provisionning(self): conn = self.slapd.get_connection() ressources = [{ 'name': 'ldap', 'url': self.slapd.ldap_url, 'bind_dn': self.slapd.root_bind_dn, 'bind_pw': self.slapd.root_bind_password, 'base_dn': 'o=orga', 'rdn_attributes': [ 'uid', ], 'attribute_mapping': { 'uid': 'django_user_username', 'givenName': 'django_user_first_name', 'sn': 'django_user_last_name', 'mail': 'django_user_email', }, 'format_mapping': { 'cn': ['{django_user_first_name} {django_user_last_name}'], }, 'static_attributes': { 'objectclass': 'inetorgperson', }, 'ldap_filter': '(objectclass=inetorgperson)', }] User = compat.get_user_model() users = [ User(username='******' % i, first_name='john', last_name='doe', email='*****@*****.**') for i in range(1000) ] User.objects.bulk_create(users) self.slapd.add_ldif('''dn: uid=test,o=orga objectClass: inetOrgPerson uid: test cn: test sn: test gn: test mail: test''') with self.settings(A2_PROVISIONNING_RESSOURCES=ressources): call_command('provision', 'ldap') results = conn.search_s('o=orga', ldap.SCOPE_ONELEVEL) self.assertEqual(len(results), 1000) for dn, entry in results: uid = entry['uid'][0] self.assertTrue(uid.startswith('john.doe')) self.assertEquals( entry, { 'objectClass': ['inetOrgPerson'], 'uid': [uid], 'sn': [users[0].last_name], 'givenName': [users[0].first_name], 'cn': ['%s %s' % (users[0].first_name, users[0].last_name)], 'mail': [users[0].email] })
def get_user(self, user_id): """ simply return the user object. That way, we only need top look-up the certificate once, when loggin in """ User = get_user_model() try: return User.objects.get(id=user_id) except User.DoesNotExist: return None
def clean_username(self): # Since User.username is unique, this check is redundant, # but it sets a nicer error message than the ORM. See #13147. username = self.cleaned_data["username"] User = get_user_model() try: User._default_manager.get(username=username) except User.DoesNotExist: return username raise ValidationError(self.error_messages["duplicate_username"])
def clean_username(self): """ Validate that the username is alphanumeric and is not already in use. """ existing = get_user_model().objects.filter(username__iexact=self.cleaned_data['username']) if existing.exists(): raise forms.ValidationError(_("A user with that username already exists.")) else: return self.cleaned_data['username']
def _return_user(self, uri, dn, username, password, conn, block): try: user = get_user_model().objects.get(username=username) except get_user_model().DoesNotExist: log.info('User %s did not exist in Django database, creating' % username) user = get_user_model()(username=username, password='') user.set_unusable_password() backend_id = '%s!%s' % (uri, dn) if user.backend != self.backend_name() or user.backend_id != backend_id: user.backend = self.backend_name() user.backend_id = backend_id log.debug('Getting information for %s from LDAP' % username) try: results = conn.search_s(dn, ldap.SCOPE_BASE, '(objectclass=*)', [block['email_field'], block['fname_field'], block['lname_field']]) except ldap.LDAPError, e: log.warning('Could not get user information for %r, returning possibly stale user object' % username) user.save() return user
def register(self, request, **kwargs): """ Create and immediately log in a new user. """ create_kwargs = { 'username': kwargs['username'], 'email': kwargs['email'], 'password': kwargs['password1'] } for required_field in get_user_model().REQUIRED_FIELDS: create_kwargs[required_field] = kwargs[required_field] get_user_model().objects.create_user(**create_kwargs) # authenticate() always has to be called before login(), and # will return the user we just created. new_user = authenticate(username=create_kwargs['username'], password=create_kwargs['password']) login(request, new_user) signals.user_registered.send(sender=self.__class__, user=new_user, request=request) return new_user
def su(request, username, redirect_url='/'): '''To use this view add: url(r'^su/(?P<username>.*)/$', 'authentic2.views.su', {'redirect_url': '/'}), ''' if request.user.is_superuser or request.session.get('has_superuser_power'): su_user = shortcuts.get_object_or_404(get_user_model(), username=username) if su_user.is_active: request.session[SESSION_KEY] = su_user.id request.session['has_superuser_power'] = True return http.HttpResponseRedirect(redirect_url) else: return http.HttpResponseRedirect('/')
def test_ldap_provisionning(self): ressources = [{ 'name': 'ldap', 'url': self.slapd.ldapi_url, 'bind_dn': 'uid=admin,o=orga', 'bind_pw': 'admin', 'base_dn': 'o=orga', 'rdn_attributes': ['uid',], 'attribute_mapping': { 'uid': 'django_user_username', 'givenName': 'django_user_first_name', 'sn': 'django_user_last_name', 'mail': 'django_user_email', }, 'format_mapping': { 'cn': ['{django_user_first_name} {django_user_last_name}'], }, 'static_attributes': { 'objectclass': 'inetorgperson', }, 'ldap_filter': '(objectclass=inetorgperson)', }] User = compat.get_user_model() users = [User(username='******' % i, first_name='john', last_name='doe', email='*****@*****.**') for i in range(1000)] User.objects.bulk_create(users) self.slapd.add_ldif('''dn: uid=test,o=orga objectClass: inetOrgPerson uid: test cn: test sn: test gn: test mail: test''') with self.settings(A2_PROVISIONNING_RESSOURCES=ressources): call_command('provision', 'ldap', batch_size=1000) results = self.conn.search_s('o=orga', ldap.SCOPE_ONELEVEL) self.assertEqual(len(results), 1000) for dn, entry in results: uid = entry['uid'][0] self.assertTrue(uid.startswith('john.doe')) self.assertEquals(entry, { 'objectClass': ['inetOrgPerson'], 'uid': [uid], 'sn': [users[0].last_name], 'givenName': [users[0].first_name], 'cn': ['%s %s' % (users[0].first_name, users[0].last_name)], 'mail': [users[0].email] })
def authenticate(self, username, oath_otp, format='dec6'): '''Lookup the TOTP or HOTP secret for the user and try to authenticate the proposed OTP using it. ''' User = get_user_model() try: secret = models.OATHTOTPSecret.objects.get(user__username=username) except models.OATHTOTPSecret.DoesNotExist: return None try: accepted, drift = hotp.accept_totp(secret.key, oath_otp, format=format) except Exception, e: logger.exception('hotp.accept_totp raised', e) raise
def lookup_by_external_id(self, block, attributes): User = get_user_model() for eid_tuple in block['external_id_tuples']: external_id = self.build_external_id(eid_tuple, attributes) if not external_id: continue try: log.debug('lookup using external_id %r: %r', eid_tuple, external_id) return LDAPUser.objects.get( userexternalid__external_id=external_id, userexternalid__source=block['realm']) except User.DoesNotExist: pass
def clean_username(self): """ Validate that the username is alphanumeric and is not already in use. """ User = get_user_model() try: User.objects. \ get(username__iexact=self.cleaned_data['username']) except User.DoesNotExist: return self.cleaned_data['username'] raise forms.ValidationError(_(u'This username is already taken. \ Please choose another.'))
def build_user(self, username, ssl_info): """ create a valid (and stored) django user to be associated with the newly created certificate record. This method can be "overwritten" by using the SSLAUTH_CREATE_USER_CALLBACK setting. """ User = get_user_model() user = User() setattr(user, User.USERNAME_FIELD, username) if hasattr(User, 'set_unusable_password'): user.set_unusable_password() user.is_active = True user.save() return user
class Meta: model = get_user_model() exclude = ('password', 'user_permissions', 'is_staff', 'is_superuser', 'groups') export_order = ('ou', 'uuid', 'id', 'username', 'email', 'first_name', 'last_name', 'last_login', 'date_joined', 'roles') widgets = { 'roles': { 'field': 'name', }, 'ou': { 'field': 'name', } }
def save_user(self, user, username): User = get_user_model() parts = username.split('@', 1) if len(parts) == 1: left, right = user, '' else: left, right = parts for i in itertools.count(0): setattr(user, User.USERNAME_FIELD, username) try: sid = transaction.savepoint() user.save() transaction.savepoint_commit(sid) break except DatabaseError: transaction.savepoint_rollback(sid) username = u'{0}{1}@{2}'.format(left, i, right)
def patch_authentic_user(): User = get_user_model() OU = get_ou_model() Role = get_role_model() organisation_unit = OU.objects.get(default=True) user_admin_commune = User.objects.get_or_create( username='******')[0] with provisionning: role_agent_fabriques = Role(name='Agent ayant acces aux fabriques', ou=organisation_unit) role_agent_fabriques.save() with open("/tmp/tmp_uuid_agent_fabriques.txt", 'w') as f: f.write(role_agent_fabriques.uuid) # Set role to user role_agent_fabriques.members.add(user_admin_commune)
def authenticate(self, username=None, password=None): User = get_user_model() service = getattr(settings, 'PAM_SERVICE', 'login') if pam.authenticate(username, password, service=service): try: user = User.objects.get(username=username) except: user = User(username=username, password='******') if getattr(settings, 'PAM_IS_SUPERUSER', False): user.is_superuser = True if getattr(settings, 'PAM_IS_STAFF', user.is_superuser): user.is_staff = True user.save() return user return None
def modelform_factory(model, **kwargs): '''Build a modelform for the given model, For the user model also add attribute based fields. ''' from authentic2 import models form = kwargs.pop('form', None) fields = kwargs.get('fields') or [] required = list(kwargs.pop('required', []) or []) d = {} # KV attributes are only supported for the user model currently modelform = None if issubclass(model, get_user_model()): if not form: form = BaseUserForm attributes = models.Attribute.objects.all() for attribute in attributes: if attribute.name not in fields: continue d[attribute.name] = attribute.get_form_field() for field in app_settings.A2_REQUIRED_FIELDS: if not field in required: required.append(field) if not form or not hasattr(form, 'Meta'): meta_d = {'model': model, 'fields': '__all__'} meta = type('Meta', (), meta_d) d['Meta'] = meta if not form: # fallback form = forms.ModelForm modelform = None if required: def __init__(self, *args, **kwargs): super(modelform, self).__init__(*args, **kwargs) for field in required: if field in self.fields: self.fields[field].required = True d['__init__'] = __init__ modelform = type(model.__name__ + 'ModelForm', (form, ), d) kwargs['form'] = modelform modelform.required_css_class = 'form-field-required' return django_modelform_factory(model, **kwargs)
def create_user(self, username=None, name_id=None, provider_id=None): '''Create a new user mapping to the given NameID''' if not name_id or \ name_id.format != \ lasso.SAML2_NAME_IDENTIFIER_FORMAT_PERSISTENT: raise ValueError('Invalid NameID') if not username: # FIXME: maybe keep more information in the forged username username = '******' % ''. \ join([random.choice(string.letters) for x in range(10)]) User = get_user_model() user = User() user.username = username if hasattr(User, 'set_unusable_password'): user.set_unusable_password() user.is_active = True user.save() add_federation(user, name_id=name_id, provider_id=provider_id) return user
def create_user(self, ssl_info): """ This method creates a new django User and ClientCertificate record for the passed certificate info. It does not create an issuer record, just a subject for the ClientCertificate. """ # auto creation only created a DN for the subject, not the issuer User = get_user_model() subject = DistinguishedName() for attr,val in ssl_info.get_subject().iteritems(): if not val: val = '' subject.__setattr__(attr.replace('subject_',''), val) subject.save() # get username and check if the user exists already if settings_get('SSLAUTH_CREATE_USERNAME_CALLBACK'): build_username = settings_get('SSLAUTH_CREATE_USERNAME_CALLBACK') else: build_username = self.build_username username = build_username(ssl_info) try: user = User.objects.get(username=username) except User.DoesNotExist: if settings_get('SSLAUTH_CREATE_USER_CALLBACK'): build_user = settings_get('SSLAUTH_CREATE_USER_CALLBACK') else: build_user = self.build_user user = build_user(username, ssl_info) # create the certificate record and save cert = ClientCertificate() cert.user = user cert.subject = subject if ssl_info.cert: cert.cert = ssl_info.cert if ssl_info.serial: cert.serial = ssl_info.serial cert.save() return user
def modelform_factory(model, **kwargs): '''Build a modelform for the given model, For the user model also add attribute based fields. ''' form = kwargs.pop('form', None) fields = kwargs.get('fields') or [] required = list(kwargs.pop('required', []) or []) d = {} # KV attributes are only supported for the user model currently modelform = None if issubclass(model, get_user_model()): if not form: form = BaseUserForm attributes = models.Attribute.objects.all() for attribute in attributes: if attribute.name not in fields: continue d[attribute.name] = attribute.get_form_field() for field in app_settings.A2_REQUIRED_FIELDS: if not field in required: required.append(field) if not form or not hasattr(form, 'Meta'): meta_d = {'model': model, 'fields': '__all__'} meta = type('Meta', (), meta_d) d['Meta'] = meta if not form: # fallback form = forms.ModelForm modelform = None if required: def __init__(self, *args, **kwargs): super(modelform, self).__init__(*args, **kwargs) for field in required: if field in self.fields: self.fields[field].required = True d['__init__'] = __init__ modelform = type(model.__name__ + 'ModelForm', (form,), d) kwargs['form'] = modelform return django_modelform_factory(model, **kwargs)
def authenticate(self, username=None, password=None): User = get_user_model() service = getattr(settings, 'PAM_SERVICE', 'login') if pam.authenticate(username, password, service=service): try: user = User.objects.get(username=username) except: user = User(username=username, password='******') if getattr(settings, 'PAM_IS_SUPERUSER', False): user.is_superuser = True if getattr(settings, 'PAM_IS_STAFF', user.is_superuser): user.is_staff = True user.save() if not is_user_authenticable(user): logger.info( u'auth_pam: authentication refused by user filters') return None return user return None
def get_user(self, user_id): User = get_user_model() try: return User.objects.get(id=user_id) except User.DoesNotExist: return None
class Meta: model = get_user_model() fields = ()
class Meta: model = get_user_model() fields = '__all__' exclude = ('ou', )
def get_user(self, user_id): try: return get_user_model().objects.get(pk=user_id) except get_user_model().DoesNotExist: return None
def setUp(self): User = get_user_model() self.user = User.objects.create_user(self.LOGIN, password=self.PASSWORD) self.factory = RequestFactory()
def __init__(self, user=None, *args, **kwargs): self.user = user super(UserProfileForm, self).__init__(**kwargs) for field in get_user_model().REQUIRED_FIELDS: self.fields[field].required = True
def __init__(self, *args, **kwargs): super(RegistrationForm, self).__init__(*args, **kwargs) for field in get_user_model().REQUIRED_FIELDS: self.fields[field].required = True
def get_user(self, user_id): User = get_user_model() try: return User.objects.get(pk=user_id) except User.DoesNotExist: return None
def sync_ldap_ressource(self, ressource, **options): verbosity = int(options['verbosity']) fake = options['fake'] # FIXME: Check ressource well formedness conn = paged.PagedLDAPObject(ressource['url'], retry_max=10, retry_delay=2) base_dn = ressource['base_dn'] use_tls = ressource.get('use_tls') bind_dn = ressource.get('bind_dn') bind_pw = ressource.get('bind_pw') if use_tls: conn.start_tls_s() if bind_dn: conn.simple_bind_s(bind_dn, bind_pw) attribute_mapping = utils.lower_keys(ressource['attribute_mapping']) static_attributes = utils.lower_keys( ressource.get('static_attributes', {})) format_mapping = utils.lower_keys(ressource.get('format_mapping', {})) attributes = set(attribute_mapping.keys()) | set( static_attributes.keys()) default_ctx = ressource.get('attribute_context', {}) ldap_filter = ressource.get('ldap_filter', '(objectclass=*)') delete = ressource.get('delete', True) User = compat.get_user_model() qs = User.objects.filter(**ressource.get('a2_filter', {})) todelete = set() user_dns = set() for batch in utils.batch(qs, options['batch_size']): ldap_users = {} filters = [] for user in batch: ctx = default_ctx.copy() ctx['user'] = user ctx = get_attributes(ctx) ldap_attributes = {} for ldap_attribute, a2_attributes in attribute_mapping.iteritems( ): if not isinstance(a2_attributes, (tuple, list)): a2_attributes = [a2_attributes] for a2_attribute in a2_attributes: self.add_values(ldap_attributes, ldap_attribute, ctx.get(a2_attribute)) for ldap_attribute, values in static_attributes.iteritems(): self.add_values(ldap_attributes, ldap_attribute, values) for ldap_attribute, fmt_tpls in format_mapping.iteritems(): for fmt_tpl in fmt_tpls: self.add_values(ldap_attributes, ldap_attribute, [fmt_tpl.format(**ctx)]) dn, filt = self.build_dn_and_filter(ressource, ldap_attributes) user_dns.add(dn) ldap_users[dn] = ldap_attributes filters.append(filt) batch_filter = ldap_filter if filters: batch_filter = self.format_filter( ('&', (batch_filter, ('|', filters)))) existing_dn = set() for dn, entry in conn.paged_search_ext_s(base_dn, ldap.SCOPE_SUBTREE, batch_filter, list(attributes)): entry = utils.to_dict_of_set(utils.lower_keys(entry)) if dn not in ldap_users: todelete.add(dn) continue if entry == utils.to_dict_of_set(ldap_users[dn]): # no need to update, entry is already ok del ldap_users[dn] continue existing_dn.add(dn) for dn, ldap_attributes in ldap_users.iteritems(): if dn in existing_dn: modlist = [] for key, values in ldap_attributes: modlist.append((ldap.MOD_REPLACE, key, values)) if not fake: conn.modify(dn, modlist) if verbosity > 1: print '- Replace %s values for %s' % (dn, ', '.join( ldap_attributes.keys())) else: if not fake: conn.add(dn, ldap.modlist.addModlist(ldap_attributes)) if verbosity > 1: print '- Add %s with values for %s' % (dn, ', '.join( ldap_attributes.keys())) # wait for results if not fake: for x in ldap_users: conn.result() for dn, entry in conn.paged_search_ext_s(base_dn, ldap.SCOPE_SUBTREE, ldap_filter): # ignore the basedn if dn == base_dn: continue if dn not in user_dns and dn not in todelete: if not fake: todelete.add(dn) if delete: if verbosity > 1: print '- Deleting:', ', '.join(todelete) if not fake: for dn in todelete: conn.delete(dn) for dn in todelete: conn.result()
class Meta: model = get_user_model() exclude = ('is_staff', 'groups', 'user_permissions', 'last_login', 'date_joined', 'password')
def sync_ldap_ressource(self, ressource, **options): verbosity = int(options['verbosity']) fake = options['fake'] # FIXME: Check ressource well formedness conn = ldap_utils.PagedLDAPObject(ressource['url'], retry_max=10, retry_delay=2) base_dn = ressource['base_dn'] use_tls = ressource.get('use_tls') bind_dn = ressource.get('bind_dn') bind_pw = ressource.get('bind_pw') if use_tls: conn.start_tls_s() if bind_dn: conn.simple_bind_s(bind_dn, bind_pw) attribute_mapping = utils.lower_keys(ressource['attribute_mapping']) static_attributes = utils.lower_keys(ressource.get('static_attributes', {})) format_mapping = utils.lower_keys(ressource.get('format_mapping', {})) attributes = set(attribute_mapping.keys()) | set(static_attributes.keys()) default_ctx = ressource.get('attribute_context', {}) ldap_filter = ressource.get('ldap_filter', '(objectclass=*)') delete = ressource.get('delete', True) User = compat.get_user_model() qs = User.objects.filter(**ressource.get('a2_filter', {})) todelete = set() user_dns = set() for batch in utils.batch(qs, options['batch_size']): ldap_users = {} filters = [] for user in batch: ctx = default_ctx.copy() ctx['user'] = user ctx = get_attributes(ctx) ldap_attributes = {} for ldap_attribute, a2_attributes in attribute_mapping.iteritems(): if not isinstance(a2_attributes, (tuple, list)): a2_attributes = [a2_attributes] for a2_attribute in a2_attributes: self.add_values(ldap_attributes, ldap_attribute, ctx.get(a2_attribute)) for ldap_attribute, values in static_attributes.iteritems(): self.add_values(ldap_attributes, ldap_attribute, values) for ldap_attribute, fmt_tpls in format_mapping.iteritems(): for fmt_tpl in fmt_tpls: self.add_values(ldap_attributes, ldap_attribute, [fmt_tpl.format(**ctx)]) dn, filt = self.build_dn_and_filter(ressource, ldap_attributes) user_dns.add(dn) ldap_users[dn] = ldap_attributes filters.append(filt) batch_filter = ldap_filter if filters: batch_filter = self.format_filter(('&', (batch_filter, ('|', filters)))) existing_dn = set() for dn, entry in conn.paged_search_ext_s(base_dn, ldap.SCOPE_SUBTREE, batch_filter, list(attributes)): entry = utils.to_dict_of_set(utils.lower_keys(entry)) if dn not in ldap_users: todelete.add(dn) continue if entry == utils.to_dict_of_set(ldap_users[dn]): # no need to update, entry is already ok del ldap_users[dn] continue existing_dn.add(dn) for dn, ldap_attributes in ldap_users.iteritems(): if dn in existing_dn: modlist = [] for key, values in ldap_attributes: modlist.append((ldap.MOD_REPLACE, key, values)) if not fake: conn.modify(dn, modlist) if verbosity > 1: print '- Replace %s values for %s' % (dn, ', '.join(ldap_attributes.keys())) else: if not fake: conn.add(dn, ldap.modlist.addModlist(ldap_attributes)) if verbosity > 1: print '- Add %s with values for %s' % (dn, ', '.join(ldap_attributes.keys())) # wait for results if not fake: for x in ldap_users: conn.result() for dn, entry in conn.paged_search_ext_s(base_dn, ldap.SCOPE_SUBTREE, ldap_filter): # ignore the basedn if dn == base_dn: continue if dn not in user_dns and dn not in todelete: if not fake: todelete.add(dn) if delete: if verbosity > 1: print '- Deleting:', ', '.join(todelete) if not fake: for dn in todelete: conn.delete(dn) for dn in todelete: conn.result()
from django import forms from django.contrib.auth import models as auth_models from authentic2.compat import get_user_model auth_models.User.USER_PROFILE = ('first_name', 'last_name', 'email') User = get_user_model() all_field_names = [field.name for field in User._meta.fields] field_names = getattr(User, 'USER_PROFILE', all_field_names) class UserProfileForm(forms.ModelForm): error_css_class = 'form-field-error' required_css_class = 'form-field-required' def __init__(self, user=None, *args, **kwargs): self.user = user super(UserProfileForm, self).__init__(**kwargs) for field in get_user_model().REQUIRED_FIELDS: self.fields[field].required = True def save(self, commit=True): instance = super(UserProfileForm, self).save(commit=False) instance.user = self.user if commit: instance.save() return instance class Meta: model = User fields = [ field_name