示例#1
0
    def handle(self, *args, **options):

        wanted_username = options.get('sso_user')

        if not wanted_username:
            raise Exception(txt['provide_username'])
        else:
            user_model = get_user_model()
            wanted_user = user_model.objects.get(username=wanted_username)
            call_command('sso_sync_organisations')
            call_command('sso_sync_user', wanted_username)
            sso_sync_user_organisation_roles(wanted_user)
            print(txt['winrar'] %
                (UserOrganisationRole.objects.filter(user=wanted_user).count(),
                 wanted_user.username))
示例#2
0
    def authenticate(self, username=None, password=None):
        try:
            if username and password:
                user_data = None
                cache_key = 'SSOBackend.authenticate.{0}'.format(username)
                # Try getting the user_data from cache first.
                cached_credentials = cache.get(cache_key)
                if cached_credentials is not None:
                    logger.debug(
                        'Found user "%s" in the credential cache.', username)
                    # Found in cache, check the (hashed) password.
                    (cached_user_data,
                     cached_hashed_password) = cached_credentials
                    if check_password(password, cached_hashed_password):
                        logger.debug('Cached hashed password is OK.')
                        user_data = cached_user_data
                    else:
                        logger.debug(
                            'Failed cached password check for user "%s".',
                            username)
                else:
                    logger.debug(
                        'Could not find user "%s" in the credential cache.',
                        username)
                    # Not found in cache, call the SSO server.
                    if settings.SSO_USE_V2_LOGIN:
                        if settings.SSO_ALLOW_ONLY_KNOWN_USERS:
                            # First check if the user is known.
                            if not User.objects.filter(
                                    username=username,
                                    is_active=True).exists():
                                logger.debug(
                                    "Username %s isn't known/active locally",
                                    username)
                                return None

                        user_data = client.sso_authenticate_django_v2(
                            username, password)
                    else:
                        user_data = client.sso_authenticate_django_v1(
                            username, password)

                    # Store user_data in cache.
                    hashed_password = make_password(password)
                    if not is_password_usable(hashed_password):
                        return None
                    else:
                        cache.set(
                            cache_key,
                            (user_data, hashed_password),
                            settings.SSO_CREDENTIAL_CACHE_TIMEOUT_SECONDS)
                # Use either the cached user profile data, or fresh data from
                # the SSO server to construct a Django User instance. If
                # fresh data is used, also synchronize roles.
                if user_data:
                    user = client.construct_user(user_data)
                    if not cached_credentials:
                        if not settings.SSO_USE_V2_LOGIN:
                            client.sso_sync_user_organisation_roles(user)
                    return user
        except client.AuthenticationFailed as e:
            logger.info(e)
            return None
        except:
            logger.exception('Error while authenticating user "%s".', username)
            return None