def authenticate(self, remote_user): """ The username passed as ``remote_user`` is considered trusted. This method simply returns the ``User`` object with the given username, creating a new ``User`` object if ``create_unknown_user`` is ``True``. Returns None if ``create_unknown_user`` is ``False`` and a ``User`` object with the given username is not found in the database. """ if not remote_user: return username = self.clean_username(remote_user) try: user = User.objects.get(email=username) except User.DoesNotExist: if self.create_unknown_user: user = User.objects.create_user( email=username, is_active=self.activate_after_creation) if user and self.activate_after_creation is False: notify_admins_on_activate_request(user.email) if user and settings.NOTIFY_ADMIN_AFTER_REGISTRATION is True: notify_admins_on_register_complete(user.email) else: user = None return user
def authenticate(self, remote_user, shib_meta): """ The username passed as ``remote_user`` is considered trusted. This method simply returns the ``User`` object with the given username, creating a new ``User`` object if ``create_unknown_user`` is ``True``. Returns None if ``create_unknown_user`` is ``False`` and a ``User`` object with the given username is not found in the database. """ if not remote_user: return username = self.clean_username(remote_user) local_ccnet_users = ccnet_api.search_emailusers('DB', username, -1, -1) if not local_ccnet_users: local_ccnet_users = ccnet_api.search_emailusers( 'LDAP', username, -1, -1) if not local_ccnet_users: if self.create_unknown_user: user = User.objects.create_user( email=username, is_active=self.activate_after_creation) if user and self.activate_after_creation is False: notify_admins_on_activate_request(user.email) # Do not send follwing registration finished email (if any) # which will cause confusion. return user if user and settings.NOTIFY_ADMIN_AFTER_REGISTRATION is True: notify_admins_on_register_complete(user.email) else: user = None return user
def authenticate(self, request=None, remote_user=None): """ The username passed as ``remote_user`` is considered trusted. This method simply returns the ``User`` object with the given username, creating a new ``User`` object if ``create_unknown_user`` is ``True``. Returns None if ``create_unknown_user`` is ``False`` and a ``User`` object with the given username is not found in the database. """ if not remote_user or not request: return None username = self.clean_username(remote_user) # get user from ccnet user = self.get_user(username) if not user: # when user doesn't exist if not self.create_unknown_user: logger.error('User %s not found.' % username) return None try: user = User.objects.create_user(email=username, is_active=self.auto_activate) if not self.auto_activate: notify_admins_on_activate_request(username) elif settings.NOTIFY_ADMIN_AFTER_REGISTRATION: notify_admins_on_register_complete(username) except Exception as e: logger.error(e) return None if not self.user_can_authenticate(user): logger.error('User %s is not active' % username) return None # update user info after authenticated try: self.configure_user(request, user) except Exception as e: logger.error(e) return None # get user again with updated extra info after configure return self.get_user(username)
def authenticate(self, session_info=None, attribute_mapping=None, create_unknown_user=True, **kwargs): if session_info is None or attribute_mapping is None: logger.error('Session info or attribute mapping are None') return None if 'ava' not in session_info: logger.error('"ava" key not found in session_info') return None attributes = session_info['ava'] if not attributes: logger.error('The attributes dictionary is empty') use_name_id_as_username = getattr(settings, 'SAML_USE_NAME_ID_AS_USERNAME', False) django_user_main_attribute = getattr( settings, 'SAML_DJANGO_USER_MAIN_ATTRIBUTE', 'username') django_user_main_attribute_lookup = getattr( settings, 'SAML_DJANGO_USER_MAIN_ATTRIBUTE_LOOKUP', '') logger.debug('attributes: %s', attributes) saml_user = None if use_name_id_as_username: if 'name_id' in session_info: logger.debug('name_id: %s', session_info['name_id']) saml_user = session_info['name_id'].text else: logger.error( 'The nameid is not available. Cannot find user without a nameid.' ) else: logger.debug('attribute_mapping: %s', attribute_mapping) for saml_attr, django_fields in list(attribute_mapping.items()): if (django_user_main_attribute in django_fields and saml_attr in attributes): saml_user = attributes[saml_attr][0] if saml_user is None: logger.error('Could not find saml_user value') return None if not self.is_authorized(attributes, attribute_mapping): return None main_attribute = self.clean_user_main_attribute(saml_user) user_query_args = { django_user_main_attribute + django_user_main_attribute_lookup: main_attribute } user_create_defaults = {django_user_main_attribute: main_attribute} # Note that this could be accomplished in one try-except clause, but # instead we use get_or_create when creating unknown users since it has # built-in safeguards for multiple threads. # check if user exist in local ccnet db/ldapimport database username = main_attribute local_ccnet_users = ccnet_api.search_emailusers('DB', username, -1, -1) if not local_ccnet_users: local_ccnet_users = ccnet_api.search_emailusers( 'LDAP', username, -1, -1) if not local_ccnet_users: if create_unknown_user: activate_after_creation = getattr( settings, 'SAML_ACTIVATE_USER_AFTER_CREATION', True) user = User.objects.create_user( email=username, is_active=activate_after_creation) if not activate_after_creation: notify_admins_on_activate_request(username) elif settings.NOTIFY_ADMIN_AFTER_REGISTRATION: notify_admins_on_register_complete(username) else: user = None else: user = User.objects.get(email=username) if user: self.make_profile(user, attributes, attribute_mapping) return user