def create_users(self, username, password, uid, primary_group): """ Create the Django users for the logging-in user. :param username: The user's username. :param primary_group: The user's primary group. """ user = User(username=username, password=password) user.save() backend_user = BackendUser( django_user=user, backend_id=uid, backend_pk=username, primary_group=primary_group ) backend_user.save() return user
def authenticate(self, username=None, password=None): """ :inherit. """ # check if the user already exists in our system # if so, use the defined backend_pk for validating the credentials on the backend # if its a Django only user, disallow the login user = None if User.objects.filter(username=username).exists(): user = User.objects.get(username=username) if hasattr(user, 'backend_user'): username = user.backend_user.backend_pk else: return None # not allowed, Django only user try: internal_ldap = get_internal_ldap_connected() user_backend = get_user_backend_connected() user_backend.auth_user(username, password) if user is not None: # existing user if not user.check_password(password): user.set_password(password) # XXX: not needed. should we leave it empty? internal_ldap.set_user_password(username, password) user.save() else: # new user uid = BackendUser.generate_internal_uid() group = self.create_user_groups(username, uid) user = self.create_users(username, password, uid, group.backend_group) group.add_user(user.backend_user) if user.is_active: return user else: return None except AuthenticationError: raise PermissionDenied except UserNotFoundError: if user is not None: # exists locally but not on backend user.delete() except ConnectionError as ex: logger.exception(ex) return None finally: try: internal_ldap.disconnect() user_backend.disconnect() except: pass