def authenticate(self, access_token):
username = access_token['screen_name']
password = access_token['oauth_token_secret']
username = force_username_case(username)
try:
if AUTH.IGNORE_USERNAME_CASE.get():
user = User.objects.get(username__iexact=username)
else:
user = User.objects.get(username=username)
except User.DoesNotExist:
if not UserProfile.objects.filter(creation_method=str(UserProfile.CreationMethod.EXTERNAL)).exists():
is_super = True
else:
is_super = False
# Could save oauth_token detail in the user profile here
user = find_or_create_user(username, password)
profile = get_profile(user)
profile.creation_method = UserProfile.CreationMethod.EXTERNAL
profile.save()
user.is_superuser = is_super
user.save()
default_group = get_default_user_group()
if default_group is not None:
user.groups.add(default_group)
return user
def update_user(self, user, attributes, attribute_mapping, force_save=False):
# Do this check up here, because the auth call creates a django user upon first login per user
is_super = False
if not UserProfile.objects.filter(creation_method=UserProfile.CreationMethod.EXTERNAL.name).exists():
# If there are no LDAP users already in the system, the first one will
# become a superuser
is_super = True
else:
user = self._get_user_by_username(user.username)
if user is not None:
# If the user already exists, we shouldn't change its superuser
# privileges. However, if there's a naming conflict with a non-external
# user, we should do the safe thing and turn off superuser privs.
existing_profile = get_profile(user)
if existing_profile.creation_method == UserProfile.CreationMethod.EXTERNAL.name:
is_super = user.is_superuser
user = super(SAML2Backend, self).update_user(user, attributes, attribute_mapping, force_save)
if user is not None and user.is_active:
user.username = force_username_case(user.username)
profile = get_profile(user)
profile.creation_method = UserProfile.CreationMethod.EXTERNAL.name
profile.save()
user.is_superuser = is_super
user = rewrite_user(user)
default_group = get_default_user_group()
if default_group is not None:
user.groups.add(default_group)
user.save()
return user
return None
def authenticate(self, access_token):
username = access_token['screen_name']
password = access_token['oauth_token_secret']
username = force_username_case(username)
try:
if AUTH.IGNORE_USERNAME_CASE.get():
user = User.objects.get(username__iexact=username)
else:
user = User.objects.get(username=username)
except User.DoesNotExist:
if not UserProfile.objects.filter(creation_method=str(
UserProfile.CreationMethod.EXTERNAL)).exists():
is_super = True
else:
is_super = False
# Could save oauth_token detail in the user profile here
user = find_or_create_user(username, password)
profile = get_profile(user)
profile.creation_method = UserProfile.CreationMethod.EXTERNAL
profile.save()
user.is_superuser = is_super
user.save()
default_group = get_default_user_group()
if default_group is not None:
user.groups.add(default_group)
return user
def update_user(self, user, attributes, attribute_mapping, force_save=False):
# Do this check up here, because the auth call creates a django user upon first login per user
is_super = False
if not UserProfile.objects.filter(creation_method=str(UserProfile.CreationMethod.EXTERNAL)).exists():
# If there are no LDAP users already in the system, the first one will
# become a superuser
is_super = True
else:
user = self._get_user_by_username(user.username)
if user is not None:
# If the user already exists, we shouldn't change its superuser
# privileges. However, if there's a naming conflict with a non-external
# user, we should do the safe thing and turn off superuser privs.
existing_profile = get_profile(user)
if existing_profile.creation_method == str(UserProfile.CreationMethod.EXTERNAL):
is_super = user.is_superuser
user = super(SAML2Backend, self).update_user(user, attributes, attribute_mapping, force_save)
if user is not None and user.is_active:
user.username = force_username_case(user.username)
profile = get_profile(user)
profile.creation_method = UserProfile.CreationMethod.EXTERNAL
profile.save()
user.is_superuser = is_super
user = rewrite_user(user)
default_group = get_default_user_group()
if default_group is not None:
user.groups.add(default_group)
user.save()
return user
return None
def get_user(self, user_id):
if isinstance(user_id, str):
user_id = force_username_case(user_id)
user = super(SAML2Backend, self).get_user(user_id)
user = rewrite_user(user)
return user
def clean_user_main_attribute(self, main_attribute):
"""
Overrides the clean_user_main_attribute method to force case if needed
"""
return force_username_case(main_attribute)
def get_user(self, user_id):
if isinstance(user_id, str):
user_id = force_username_case(user_id)
user = super(SAML2Backend, self).get_user(user_id)
user = rewrite_user(user)
return user
def clean_user_main_attribute(self, main_attribute): """ Overrides the clean_user_main_attribute method to force case if needed """ return force_username_case(main_attribute)