def authenticate(self, username=None, password=None): """ :inherit. """ # check if the user already exists in our system # if so, use the defined backend_pk for validating the credentials on the backend # if its a Django only user, disallow the login user = None if User.objects.filter(username=username).exists(): user = User.objects.get(username=username) if hasattr(user, 'backend_user'): username = user.backend_user.backend_pk else: return None # not allowed, Django only user try: internal_ldap = get_internal_ldap_connected() user_backend = get_user_backend_connected() user_backend.auth_user(username, password) if user is not None: # existing user if not user.check_password(password): user.set_password(password) # XXX: not needed. should we leave it empty? internal_ldap.set_user_password(username, password) user.save() else: # new user uid = BackendUser.generate_internal_uid() group = self.create_user_groups(username, uid) user = self.create_users(username, password, uid, group.backend_group) group.add_user(user.backend_user) if user.is_active: return user else: return None except AuthenticationError: raise PermissionDenied except UserNotFoundError: if user is not None: # exists locally but not on backend user.delete() except ConnectionError as ex: logger.exception(ex) return None finally: try: internal_ldap.disconnect() user_backend.disconnect() except: pass
def import_users(): """ Imports all the users found on the user backend into django. """ backend = get_user_backend_connected() users = backend.get_users() helper = BackendProxyAuthentication() new_users = [] for user in users: username = str(user.get(UserBackend.FIELD_PK)) password = '' obj = User.objects.filter(username=username) if not obj: # if user is not existing yet, create him uid = BackendUser.generate_internal_uid() group = helper.create_user_groups(username, uid) user = helper.create_users(username, password, uid, group.backend_group) group.add_user(user.backend_user) new_users.append(username) return new_users