github/jumpserver
1
0
Fork 0
mirror of https://github.com/jumpserver/jumpserver.git synced 2025-09-23 20:39:26 +00:00
Code Issues Projects Releases Wiki Activity

fix: When the cas user doesn't exist, you will be prompted with an error when logging in.

Browse Source
This commit is contained in:
wangruidong
2025-07-30 10:29:43 +08:00
committed by 老广
parent dc5a743f4f
commit a822905ae7
4 changed files with 195 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
apps/authentication/backends/cas/backends.py
View File

@@ -1,14 +1,51 @@
# -*- coding: utf-8 -*-
#
from django_cas_ng.backends import CASBackend as _CASBackend
from django.conf import settings
import threading
from django.conf import settings
from django.contrib.auth import get_user_model
from django_cas_ng.backends import CASBackend as _CASBackend
from common.utils import get_logger
from ..base import JMSBaseAuthBackend
__all__ = ['CASBackend']
__all__ = ['CASBackend', 'CASUserDoesNotExist']
logger = get_logger(__name__)
class CASUserDoesNotExist(Exception):
"""Exception raised when a CAS user does not exist."""
pass
class CASBackend(JMSBaseAuthBackend, _CASBackend):
@staticmethod
def is_enabled():
return settings.AUTH_CAS
def authenticate(self, request, ticket, service):
UserModel = get_user_model()
manager = UserModel._default_manager
original_get_by_natural_key = manager.get_by_natural_key
thread_local = threading.local()
thread_local.thread_id = threading.get_ident()
logger.debug(f"CASBackend.authenticate: thread_id={thread_local.thread_id}")
def get_by_natural_key(self, username):
logger.debug(f"CASBackend.get_by_natural_key: thread_id={threading.get_ident()}, username={username}")
if threading.get_ident() != thread_local.thread_id:
return original_get_by_natural_key(username)
try:
user = original_get_by_natural_key(username)
except UserModel.DoesNotExist:
raise CASUserDoesNotExist(username)
return user
try:
manager.get_by_natural_key = get_by_natural_key.__get__(manager, type(manager))
user = super().authenticate(request, ticket=ticket, service=service)
finally:
manager.get_by_natural_key = original_get_by_natural_key
return user

16
apps/authentication/backends/cas/views.py
View File

@@ -1,8 +1,11 @@
from django.core.exceptions import PermissionDenied
from django.http import HttpResponseRedirect
from django.utils.translation import gettext_lazy as _
from django_cas_ng.views import LoginView
from authentication.backends.base import BaseAuthCallbackClientView
from common.utils import FlashMessageUtil
from .backends import CASUserDoesNotExist
__all__ = ['LoginView']
@@ -10,9 +13,20 @@ __all__ = ['LoginView']
class CASLoginView(LoginView):
def get(self, request):
try:
return super().get(request)
resp = super().get(request)
return resp
except PermissionDenied:
return HttpResponseRedirect('/')
except CASUserDoesNotExist as e:
message_data = {
'title': _('User does not exist: {}').format(e),
'error': _(
'CAS login was successful, but no corresponding local user was found in the system, and automatic '
'user creation is disabled in the CAS authentication configuration. Login failed.'),
'interval': 10,
'redirect_url': '/',
}
return FlashMessageUtil.gen_and_redirect_to(message_data)
class CASCallbackClientView(BaseAuthCallbackClientView):

27
apps/authentication/templates/authentication/login_wait_confirm.html
View File

@@ -15,6 +15,33 @@
.btn-sm i {
margin-right: 6px;
}
.passwordBox2 {
max-width: 560px;
margin-bottom: auto;
padding: 100px 20px 20px 20px;
width: 100%;
}
.ibox-content {
padding: 30px;
}
.ibox-context-margin {
margin: 20px 0 0 0;
}
body {
box-sizing: border-box;
min-height: 100%;
display: flex;
align-items: center;
flex-direction: column;
}
.wrapper {
margin: auto;
}
</style>
</head>