def clean_password(self):
password1 = self.cleaned_data.get('password', '')
user = User(email=self.cleaned_data.get('email'))
if validate_password(password1, user=user) is not None:
raise forms.ValidationError(_(password_validators_help_texts()),
code='pw_invalid')
return password1
def form_authenticate(self, request, form_data):
from pretix.base.models import User
password = form_data['password']
template_data = {
p: escape_filter_chars(form_data[p])
for p in self.placeholders
}
filter = self.search_filter_template.format_map(template_data)
if not self.connection.search(
self.search_base, filter, attributes=[self.email_attr]):
# user not found
return None
res = self.connection.response
if len(res) != 1:
# could not uniquely identify user
logger.warn(
"Could not uniquely identify user. Check your search_filter")
return None
dn = res[0]['dn']
emails = res[0]['attributes'][self.email_attr]
# handle email being a single-valued attribute
if isinstance(emails, str):
emails = [emails]
if len(emails) != 1:
# could not uniquely identify user email
logger.warn("Could not uniquely identify user email")
return None
email = emails[0]
try:
success = self.connection.rebind(user=dn, password=password)
except: # noqa
success = False
self.connection.rebind(self.config.get('ldap', 'bind_dn'),
self.config.get('ldap', 'bind_password'))
if not success:
# wrong password
return None
try:
user = User.objects.get(email=email)
if user.auth_backend == self.identifier:
return user
else:
# user already registered with different backend
return None
except User.DoesNotExist:
# user does not exist yet -> create new
user = User(email=email)
user.auth_backend = self.identifier
user.save()
return user
