def authenticate(self, remote_user):
"""
The username passed as ``remote_user`` is considered trusted. This
method simply returns the ``User`` object with the given username,
creating a new ``User`` object if ``create_unknown_user`` is ``True``.
Returns None if ``create_unknown_user`` is ``False`` and a ``User``
object with the given username is not found in the database.
"""
if not remote_user:
return
username = self.clean_username(remote_user)
try:
user = User.objects.get(email=username)
except User.DoesNotExist:
if self.create_unknown_user:
user = User.objects.create_user(
email=username, is_active=self.activate_after_creation)
if user and self.activate_after_creation is False:
notify_admins_on_activate_request(user.email)
if user and settings.NOTIFY_ADMIN_AFTER_REGISTRATION is True:
notify_admins_on_register_complete(user.email)
else:
user = None
return user
def authenticate(self, remote_user, shib_meta):
"""
The username passed as ``remote_user`` is considered trusted. This
method simply returns the ``User`` object with the given username,
creating a new ``User`` object if ``create_unknown_user`` is ``True``.
Returns None if ``create_unknown_user`` is ``False`` and a ``User``
object with the given username is not found in the database.
"""
if not remote_user:
return
username = self.clean_username(remote_user)
local_ccnet_users = ccnet_api.search_emailusers('DB', username, -1, -1)
if not local_ccnet_users:
local_ccnet_users = ccnet_api.search_emailusers(
'LDAP', username, -1, -1)
if not local_ccnet_users:
if self.create_unknown_user:
user = User.objects.create_user(
email=username, is_active=self.activate_after_creation)
if user and self.activate_after_creation is False:
notify_admins_on_activate_request(user.email)
# Do not send follwing registration finished email (if any)
# which will cause confusion.
return user
if user and settings.NOTIFY_ADMIN_AFTER_REGISTRATION is True:
notify_admins_on_register_complete(user.email)
else:
user = None
return user
def authenticate(self, request=None, remote_user=None):
"""
The username passed as ``remote_user`` is considered trusted. This
method simply returns the ``User`` object with the given username,
creating a new ``User`` object if ``create_unknown_user`` is ``True``.
Returns None if ``create_unknown_user`` is ``False`` and a ``User``
object with the given username is not found in the database.
"""
if not remote_user or not request:
return None
username = self.clean_username(remote_user)
# get user from ccnet
user = self.get_user(username)
if not user:
# when user doesn't exist
if not self.create_unknown_user:
logger.error('User %s not found.' % username)
return None
try:
user = User.objects.create_user(email=username,
is_active=self.auto_activate)
if not self.auto_activate:
notify_admins_on_activate_request(username)
elif settings.NOTIFY_ADMIN_AFTER_REGISTRATION:
notify_admins_on_register_complete(username)
except Exception as e:
logger.error(e)
return None
if not self.user_can_authenticate(user):
logger.error('User %s is not active' % username)
return None
# update user info after authenticated
try:
self.configure_user(request, user)
except Exception as e:
logger.error(e)
return None
# get user again with updated extra info after configure
return self.get_user(username)
def authenticate(self,
session_info=None,
attribute_mapping=None,
create_unknown_user=True,
**kwargs):
if session_info is None or attribute_mapping is None:
logger.error('Session info or attribute mapping are None')
return None
if 'ava' not in session_info:
logger.error('"ava" key not found in session_info')
return None
attributes = session_info['ava']
if not attributes:
logger.error('The attributes dictionary is empty')
use_name_id_as_username = getattr(settings,
'SAML_USE_NAME_ID_AS_USERNAME',
False)
django_user_main_attribute = getattr(
settings, 'SAML_DJANGO_USER_MAIN_ATTRIBUTE', 'username')
django_user_main_attribute_lookup = getattr(
settings, 'SAML_DJANGO_USER_MAIN_ATTRIBUTE_LOOKUP', '')
logger.debug('attributes: %s', attributes)
saml_user = None
if use_name_id_as_username:
if 'name_id' in session_info:
logger.debug('name_id: %s', session_info['name_id'])
saml_user = session_info['name_id'].text
else:
logger.error(
'The nameid is not available. Cannot find user without a nameid.'
)
else:
logger.debug('attribute_mapping: %s', attribute_mapping)
for saml_attr, django_fields in list(attribute_mapping.items()):
if (django_user_main_attribute in django_fields
and saml_attr in attributes):
saml_user = attributes[saml_attr][0]
if saml_user is None:
logger.error('Could not find saml_user value')
return None
if not self.is_authorized(attributes, attribute_mapping):
return None
main_attribute = self.clean_user_main_attribute(saml_user)
user_query_args = {
django_user_main_attribute + django_user_main_attribute_lookup:
main_attribute
}
user_create_defaults = {django_user_main_attribute: main_attribute}
# Note that this could be accomplished in one try-except clause, but
# instead we use get_or_create when creating unknown users since it has
# built-in safeguards for multiple threads.
# check if user exist in local ccnet db/ldapimport database
username = main_attribute
local_ccnet_users = ccnet_api.search_emailusers('DB', username, -1, -1)
if not local_ccnet_users:
local_ccnet_users = ccnet_api.search_emailusers(
'LDAP', username, -1, -1)
if not local_ccnet_users:
if create_unknown_user:
activate_after_creation = getattr(
settings, 'SAML_ACTIVATE_USER_AFTER_CREATION', True)
user = User.objects.create_user(
email=username, is_active=activate_after_creation)
if not activate_after_creation:
notify_admins_on_activate_request(username)
elif settings.NOTIFY_ADMIN_AFTER_REGISTRATION:
notify_admins_on_register_complete(username)
else:
user = None
else:
user = User.objects.get(email=username)
if user:
self.make_profile(user, attributes, attribute_mapping)
return user