feat: 添加限制用户只能从source登录的功能 (#5592)

* stash it

* feat: 添加限制用户只能从source登录的功能

* fix: 修复小错误

Co-authored-by: ibuler <ibuler@qq.com>

apps/users/signals_handler.py

@@ -4,6 +4,7 @@
 from django.dispatch import receiver
 from django_auth_ldap.backend import populate_user
 from django.conf import settings
+from django.core.exceptions import PermissionDenied
 from django_cas_ng.signals import cas_user_authenticated
 
 from jms_oidc_rp.signals import openid_create_or_update_user
@@ -27,6 +28,9 @@ def on_user_create(sender, user=None, **kwargs):
 
 @receiver(cas_user_authenticated)
 def on_cas_user_authenticated(sender, user, created, **kwargs):
+    if created and settings.ONLY_ALLOW_EXIST_USER_AUTH:
+        user.delete()
+        raise PermissionDenied(f'Not allow non-exist user auth: {user.username}')
     if created:
         user.source = user.Source.cas.value
         user.save()
@@ -43,6 +47,10 @@ def on_ldap_create_user(sender, user, ldap_user, **kwargs):
 
 @receiver(openid_create_or_update_user)
 def on_openid_create_or_update_user(sender, request, user, created, name, username, email, **kwargs):
+    if created and settings.ONLY_ALLOW_EXIST_USER_AUTH:
+        user.delete()
+        raise PermissionDenied(f'Not allow non-exist user auth: {username}')
+
     if created:
         logger.debug(
             "Receive OpenID user created signal: {}, "