feat: 添加 临时 password (#8035)

* perf: 添加 template password

* perf: 修改id

* perf: 修改 翻译

* perf: 修改 tmp token

* perf: 修改 token

Co-authored-by: ibuler <ibuler@qq.com>

apps/authentication/backends/base.py

@@ -1,10 +1,11 @@
-from django.contrib.auth.backends import BaseBackend
 from django.contrib.auth.backends import ModelBackend
+from django.contrib.auth import get_user_model
 
 from users.models import User
 from common.utils import get_logger
 
 
+UserModel = get_user_model()
 logger = get_logger(__file__)
 
 

apps/authentication/backends/ldap.py

@@ -53,7 +53,7 @@ class LDAPAuthorizationBackend(JMSBaseAuthBackend, LDAPBackend):
         else:
             built = False
 
-        return (user, built)
+        return user, built
 
     def pre_check(self, username, password):
         if not settings.AUTH_LDAP:
@@ -75,6 +75,9 @@ class LDAPAuthorizationBackend(JMSBaseAuthBackend, LDAPBackend):
 
     def authenticate(self, request=None, username=None, password=None, **kwargs):
         logger.info('Authentication LDAP backend')
+        if username is None or password is None:
+            logger.info('No username or password')
+            return None
         match, msg = self.pre_check(username, password)
         if not match:
             logger.info('Authenticate failed: {}'.format(msg))

apps/authentication/backends/radius.py

@@ -13,20 +13,23 @@ User = get_user_model()
 
 
 class CreateUserMixin:
-    def get_django_user(self, username, password=None, *args, **kwargs):
+    @staticmethod
+    def get_django_user(username, password=None, *args, **kwargs):
         if isinstance(username, bytes):
             username = username.decode()
-        try:
-            user = User.objects.get(username=username)
-        except User.DoesNotExist:
-            if '@' in username:
-                email = username
-            else:
-                email_suffix = settings.EMAIL_SUFFIX
-                email = '{}@{}'.format(username, email_suffix)
-            user = User(username=username, name=username, email=email)
-            user.source = user.Source.radius.value
-            user.save()
+        user = User.objects.filter(username=username).first()
+        if user:
+            return user
+
+        if '@' in username:
+            email = username
+        else:
+            email_suffix = settings.EMAIL_SUFFIX
+            email = '{}@{}'.format(username, email_suffix)
+
+        user = User(username=username, name=username, email=email)
+        user.source = user.Source.radius.value
+        user.save()
         return user
 
     def _perform_radius_auth(self, client, packet):

apps/authentication/backends/saml2/backends.py

@@ -14,7 +14,7 @@ from ..base import JMSModelBackend
 
 __all__ = ['SAML2Backend']
 
-logger = get_logger(__file__)
+logger = get_logger(__name__)
 
 
 class SAML2Backend(JMSModelBackend):

apps/authentication/backends/token.py

@@ -0,0 +1,26 @@
+from django.utils import timezone
+from django.conf import settings
+from django.core.exceptions import PermissionDenied
+
+from authentication.models import TempToken
+from .base import JMSModelBackend
+
+
+class TempTokenAuthBackend(JMSModelBackend):
+    model = TempToken
+
+    def authenticate(self, request, username='', password='', *args, **kwargs):
+        token = self.model.objects.filter(username=username, secret=password).first()
+        if not token:
+            return None
+        if not token.is_valid:
+            raise PermissionDenied('Token is invalid, expired at {}'.format(token.date_expired))
+
+        token.verified = True
+        token.date_verified = timezone.now()
+        token.save()
+        return token.user
+
+    @staticmethod
+    def is_enabled():
+        return settings.AUTH_TEMP_TOKEN