def create_users(self, username, password, uid, primary_group):
"""
Create the Django users for the logging-in user.
:param username: The user's username.
:param primary_group: The user's primary group.
"""
user = User(username=username, password=password)
user.save()
backend_user = BackendUser(
django_user=user,
backend_id=uid,
backend_pk=username,
primary_group=primary_group
)
backend_user.save()
return user
def authenticate(self, username=None, password=None):
"""
:inherit.
"""
# check if the user already exists in our system
# if so, use the defined backend_pk for validating the credentials on the backend
# if its a Django only user, disallow the login
user = None
if User.objects.filter(username=username).exists():
user = User.objects.get(username=username)
if hasattr(user, 'backend_user'):
username = user.backend_user.backend_pk
else:
return None # not allowed, Django only user
try:
internal_ldap = get_internal_ldap_connected()
user_backend = get_user_backend_connected()
user_backend.auth_user(username, password)
if user is not None: # existing user
if not user.check_password(password):
user.set_password(password) # XXX: not needed. should we leave it empty?
internal_ldap.set_user_password(username, password)
user.save()
else: # new user
uid = BackendUser.generate_internal_uid()
group = self.create_user_groups(username, uid)
user = self.create_users(username, password, uid, group.backend_group)
group.add_user(user.backend_user)
if user.is_active:
return user
else:
return None
except AuthenticationError:
raise PermissionDenied
except UserNotFoundError:
if user is not None: # exists locally but not on backend
user.delete()
except ConnectionError as ex:
logger.exception(ex)
return None
finally:
try:
internal_ldap.disconnect()
user_backend.disconnect()
except:
pass
