Dev oidc (#3941)

* [Update] oidc_rp获取token添加headers base64编码 * [Update] 移除对oidc_rp的支持 * [Update] 移除对oidc_rp的支持2 * [Update] 修改OpenID配置（添加新配置项，并对旧配置项做兼容） * [Update] 移除所有与Keycloak相关的模块 * [Update] 添加jumpserver-django-oidc-rp的使用 * [Update] 更新登录重定向地址(oidc) * [Update] oidc添加一些配置参数；处理用户登录/创建/更新等信号 * [Update] 修改退出登录逻辑 * [Update] 添加oidc user登录成功的信号机制 * [Update] 修改mfa认证choices内容 (otp => code) * [Update] 添加OpenID backend password 认证失败信号机制；修改引入common包问题 * [Update] 用户Token/Auth API 校验用户时，传入request参数（解决登录成功日志记录的问题） * [Update] 添加依赖jumpserver-django-oidc-rp==0.3.7.1 * [Update] oidc认证模块说明
2025-09-05 09:21:02 +00:00 · 2020-04-26 20:36:17 +08:00
parent 5d433456d4
commit 7833ff6671
28 changed files with 241 additions and 906 deletions
--- a/apps/users/signals_handler.py
+++ b/apps/users/signals_handler.py
@@ -3,12 +3,19 @@

 from django.dispatch import receiver
 from django.db.models.signals import m2m_changed
+from django_auth_ldap.backend import populate_user
+from django.conf import settings
 from django_cas_ng.signals import cas_user_authenticated

+from jms_oidc_rp.signals import oidc_user_created, oidc_user_updated
+from jms_oidc_rp.backends import get_userinfo_from_claims
+
 from common.utils import get_logger
+from .utils import construct_user_email
 from .signals import post_user_create
 from .models import User

+
 logger = get_logger(__file__)


@@ -37,3 +44,30 @@ def on_cas_user_authenticated(sender, user, created, **kwargs):
    if created:
        user.source = user.SOURCE_CAS
        user.save()
+
+
+@receiver(populate_user)
+def on_ldap_create_user(sender, user, ldap_user, **kwargs):
+    if user and user.username not in ['admin']:
+        exists = User.objects.filter(username=user.username).exists()
+        if not exists:
+            user.source = user.SOURCE_LDAP
+            user.save()
+
+
+@receiver(oidc_user_created)
+def on_oidc_user_created(sender, request, oidc_user, **kwargs):
+    oidc_user.user.source = User.SOURCE_OPENID
+    oidc_user.user.save()
+
+
+@receiver(oidc_user_updated)
+def on_oidc_user_updated(sender, request, oidc_user, **kwargs):
+    if not settings.AUTH_OPENID_ALWAYS_UPDATE_USER_INFORMATION:
+        return
+    name, username, email = get_userinfo_from_claims(oidc_user.userinfo)
+    email = construct_user_email(username, email)
+    oidc_user.user.name = name
+    oidc_user.user.username = username
+    oidc_user.user.email = email
+    oidc_user.user.save()