fix: When the cas user doesn't exist, you will be prompted with an error when logging in.

2025-09-09 03:09:34 +00:00 · 2025-07-30 10:29:43 +08:00
parent dc5a743f4f
commit a822905ae7
4 changed files with 195 additions and 95 deletions
--- a/apps/authentication/backends/cas/backends.py
+++ b/apps/authentication/backends/cas/backends.py
@@ -1,14 +1,51 @@
 # -*- coding: utf-8 -*-
 #
-from django_cas_ng.backends import CASBackend as _CASBackend
-from django.conf import settings

+import threading
+
+from django.conf import settings
+from django.contrib.auth import get_user_model
+from django_cas_ng.backends import CASBackend as _CASBackend
+
+from common.utils import get_logger
 from ..base import JMSBaseAuthBackend

-__all__ = ['CASBackend']
+__all__ = ['CASBackend', 'CASUserDoesNotExist']
+logger = get_logger(__name__)
+
+
+class CASUserDoesNotExist(Exception):
+    """Exception raised when a CAS user does not exist."""
+    pass


 class CASBackend(JMSBaseAuthBackend, _CASBackend):
    @staticmethod
    def is_enabled():
        return settings.AUTH_CAS
+
+    def authenticate(self, request, ticket, service):
+        UserModel = get_user_model()
+        manager = UserModel._default_manager
+        original_get_by_natural_key = manager.get_by_natural_key
+        thread_local = threading.local()
+        thread_local.thread_id = threading.get_ident()
+        logger.debug(f"CASBackend.authenticate: thread_id={thread_local.thread_id}")
+
+        def get_by_natural_key(self, username):
+            logger.debug(f"CASBackend.get_by_natural_key: thread_id={threading.get_ident()}, username={username}")
+            if threading.get_ident() != thread_local.thread_id:
+                return original_get_by_natural_key(username)
+
+            try:
+                user = original_get_by_natural_key(username)
+            except UserModel.DoesNotExist:
+                raise CASUserDoesNotExist(username)
+            return user
+
+        try:
+            manager.get_by_natural_key = get_by_natural_key.__get__(manager, type(manager))
+            user = super().authenticate(request, ticket=ticket, service=service)
+        finally:
+            manager.get_by_natural_key = original_get_by_natural_key
+        return user
--- a/apps/authentication/backends/cas/views.py
+++ b/apps/authentication/backends/cas/views.py
@@ -1,8 +1,11 @@
 from django.core.exceptions import PermissionDenied
 from django.http import HttpResponseRedirect
+from django.utils.translation import gettext_lazy as _
 from django_cas_ng.views import LoginView

 from authentication.backends.base import BaseAuthCallbackClientView
+from common.utils import FlashMessageUtil
+from .backends import CASUserDoesNotExist

 __all__ = ['LoginView']

@@ -10,9 +13,20 @@ __all__ = ['LoginView']
 class CASLoginView(LoginView):
    def get(self, request):
        try:
-            return super().get(request)
+            resp = super().get(request)
+            return resp
        except PermissionDenied:
            return HttpResponseRedirect('/')
+        except CASUserDoesNotExist as e:
+            message_data = {
+                'title': _('User does not exist: {}').format(e),
+                'error': _(
+                    'CAS login was successful, but no corresponding local user was found in the system, and automatic '
+                    'user creation is disabled in the CAS authentication configuration. Login failed.'),
+                'interval': 10,
+                'redirect_url': '/',
+            }
+            return FlashMessageUtil.gen_and_redirect_to(message_data)


 class CASCallbackClientView(BaseAuthCallbackClientView):