Fix rbac (#7699)

* perf: 优化 suggesstion * perf: 修改 migrations * feat: 添加OIDC认证逻辑 * perf: 修改 backend * perf: 优化认证backends * perf: 优化认证backends * perf: 优化CAS认证, 用户多域名进行访问时回调到各自域名 Co-authored-by: ibuler <ibuler@qq.com>
2025-10-22 16:31:33 +00:00 · 2022-02-25 19:23:59 +08:00
parent 02ca473492
commit edfca5eb24
33 changed files with 1132 additions and 178 deletions
--- a/apps/authentication/backends/ldap.py
+++ b/apps/authentication/backends/ldap.py
@@ -1,43 +1,38 @@
 # coding:utf-8
 #

-import warnings
 import ldap
 from django.conf import settings
 from django.core.exceptions import ImproperlyConfigured, ObjectDoesNotExist
-from django_auth_ldap.backend import _LDAPUser, LDAPBackend, LDAPSettings
+from django_auth_ldap.backend import _LDAPUser, LDAPBackend
 from django_auth_ldap.config import _LDAPConfig, LDAPSearch, LDAPSearchUnion

 from users.utils import construct_user_email
 from common.const import LDAP_AD_ACCOUNT_DISABLE
+from .base import JMSBaseAuthBackend

 logger = _LDAPConfig.get_logger()


-class LDAPAuthorizationBackend(LDAPBackend):
+class LDAPAuthorizationBackend(JMSBaseAuthBackend, LDAPBackend):
    """
    Override this class to override _LDAPUser to LDAPUser
    """
    @staticmethod
-    def user_can_authenticate(user):
-        """
-        Reject users with is_active=False. Custom user models that don't have
-        that attribute are allowed.
-        """
-        is_valid = getattr(user, 'is_valid', None)
-        return is_valid or is_valid is None
+    def is_enabled():
+        return settings.AUTH_LDAP

    def get_or_build_user(self, username, ldap_user):
        """
-                This must return a (User, built) 2-tuple for the given LDAP user.
+        This must return a (User, built) 2-tuple for the given LDAP user.

-                username is the Django-friendly username of the user. ldap_user.dn is
-                the user's DN and ldap_user.attrs contains all of their LDAP
-                attributes.
+        username is the Django-friendly username of the user. ldap_user.dn is
+        the user's DN and ldap_user.attrs contains all of their LDAP
+        attributes.

-                The returned User object may be an unsaved model instance.
+        The returned User object may be an unsaved model instance.

-                """
+        """
        model = self.get_user_model()

        if self.settings.USER_QUERY_FIELD: