perf: Remove unused CAS user exception handling and simplify login view error response (#16380)

* perf: Remove unused CAS user exception handling and simplify login view error response * perf: position code --------- Co-authored-by: wangruidong <940853815@qq.com> Co-authored-by: Bai <baijiangjie@gmail.com>
2025-12-22 20:12:56 +00:00 · 2025-12-04 17:49:58 +08:00
parent 065bfeda52
commit ba17863892
6 changed files with 18 additions and 62 deletions
--- a/apps/authentication/backends/cas/backends.py
+++ b/apps/authentication/backends/cas/backends.py
@@ -1,51 +1,22 @@
 # -*- coding: utf-8 -*-
 #

-import threading
-
 from django.conf import settings
-from django.contrib.auth import get_user_model
 from django_cas_ng.backends import CASBackend as _CASBackend

 from common.utils import get_logger
 from ..base import JMSBaseAuthBackend

-__all__ = ['CASBackend', 'CASUserDoesNotExist']
+__all__ = ['CASBackend']
 logger = get_logger(__name__)


-class CASUserDoesNotExist(Exception):
-    """Exception raised when a CAS user does not exist."""
-    pass
-
-
 class CASBackend(JMSBaseAuthBackend, _CASBackend):
    @staticmethod
    def is_enabled():
        return settings.AUTH_CAS

    def authenticate(self, request, ticket, service):
-        UserModel = get_user_model()
-        manager = UserModel._default_manager
-        original_get_by_natural_key = manager.get_by_natural_key
-        thread_local = threading.local()
-        thread_local.thread_id = threading.get_ident()
-        logger.debug(f"CASBackend.authenticate: thread_id={thread_local.thread_id}")
-
-        def get_by_natural_key(self, username):
-            logger.debug(f"CASBackend.get_by_natural_key: thread_id={threading.get_ident()}, username={username}")
-            if threading.get_ident() != thread_local.thread_id:
-                return original_get_by_natural_key(username)
-
-            try:
-                user = original_get_by_natural_key(username)
-            except UserModel.DoesNotExist:
-                raise CASUserDoesNotExist(username)
-            return user
-
-        try:
-            manager.get_by_natural_key = get_by_natural_key.__get__(manager, type(manager))
-            user = super().authenticate(request, ticket=ticket, service=service)
-        finally:
-            manager.get_by_natural_key = original_get_by_natural_key
-        return user
+        # 这里做个hack ,让父类始终走CAS_CREATE_USER=True的逻辑，然后调用 authentication/mixins.py 中的 custom_get_or_create 方法
+        settings.CAS_CREATE_USER = True
+        return super().authenticate(request, ticket, service)
--- a/apps/authentication/backends/cas/views.py
+++ b/apps/authentication/backends/cas/views.py
@@ -4,29 +4,22 @@ from django.utils.translation import gettext_lazy as _
 from django_cas_ng.views import LoginView

 from authentication.backends.base import BaseAuthCallbackClientView
-from common.utils import FlashMessageUtil
-from .backends import CASUserDoesNotExist
+from authentication.views.mixins import FlashMessageMixin

 __all__ = ['LoginView']


-class CASLoginView(LoginView):
+class CASLoginView(LoginView, FlashMessageMixin):
    def get(self, request):
        try:
            resp = super().get(request)
+            error_message = getattr(request, 'error_message', '')
+            if error_message:
+                response = self.get_failed_response('/', title=_('CAS Error'), msg=error_message)
+                return response
            return resp
        except PermissionDenied:
            return HttpResponseRedirect('/')
-        except CASUserDoesNotExist as e:
-            message_data = {
-                'title': _('User does not exist: {}').format(e),
-                'error': _(
-                    'CAS login was successful, but no corresponding local user was found in the system, and automatic '
-                    'user creation is disabled in the CAS authentication configuration. Login failed.'),
-                'interval': 10,
-                'redirect_url': '/',
-            }
-            return FlashMessageUtil.gen_and_redirect_to(message_data)


 class CASCallbackClientView(BaseAuthCallbackClientView):
--- a/apps/authentication/mixins.py
+++ b/apps/authentication/mixins.py
@@ -46,6 +46,10 @@ def _save_original_get_or_create():
 _django_original_get_or_create = _save_original_get_or_create()


+class OnlyAllowExistUserAuthError(Exception):
+    pass
+
+
 def _authenticate_context(func):
    """
    装饰器：管理 authenticate 函数的执行上下文
@@ -127,10 +131,6 @@ def _get_backends(return_tuples=False):
    return backends


-class OnlyAllowExistUserAuthError(Exception):
-    pass
-
-
 auth._get_backends = _get_backends


--- a/apps/jumpserver/conf.py
+++ b/apps/jumpserver/conf.py
@@ -381,7 +381,6 @@ class Config(dict):
        'CAS_USERNAME_ATTRIBUTE': 'cas:user',
        'CAS_APPLY_ATTRIBUTES_TO_USER': False,
        'CAS_RENAME_ATTRIBUTES': {'cas:user': 'username'},
-        'CAS_CREATE_USER': True,
        'CAS_ORG_IDS': [DEFAULT_ID],

        'AUTH_SSO': False,
--- a/apps/jumpserver/settings/auth.py
+++ b/apps/jumpserver/settings/auth.py
@@ -159,7 +159,7 @@ CAS_CHECK_NEXT = lambda _next_page: True
 CAS_USERNAME_ATTRIBUTE = CONFIG.CAS_USERNAME_ATTRIBUTE
 CAS_APPLY_ATTRIBUTES_TO_USER = CONFIG.CAS_APPLY_ATTRIBUTES_TO_USER
 CAS_RENAME_ATTRIBUTES = CONFIG.CAS_RENAME_ATTRIBUTES
-CAS_CREATE_USER = CONFIG.CAS_CREATE_USER
+CAS_CREATE_USER = True

 # SSO auth
 AUTH_SSO = CONFIG.AUTH_SSO
--- a/apps/settings/serializers/auth/cas.py
+++ b/apps/settings/serializers/auth/cas.py
@@ -37,11 +37,4 @@ class CASSettingSerializer(serializers.Serializer):
            "and the `value` is the JumpServer user attribute name"
        )
    )
-    CAS_CREATE_USER = serializers.BooleanField(
-        required=False, label=_('Create user'),
-        help_text=_(
-            'After successful user authentication, if the user does not exist, '
-            'automatically create the user'
-        )
-    )
    CAS_ORG_IDS = OrgListField()