seahub/thirdpart/shibboleth/backends.py

from django.conf import settings

from seaserv import ccnet_api
from seahub.auth.backends import RemoteUserBackend
from seahub.base.accounts import User
from registration.models import (
    notify_admins_on_activate_request, notify_admins_on_register_complete)


class ShibbolethRemoteUserBackend(RemoteUserBackend):
    """
    This backend is to be used in conjunction with the ``RemoteUserMiddleware``
    found in the middleware module of this package, and is used when the server
    is handling authentication outside of Django.

    By default, the ``authenticate`` method creates ``User`` objects for
    usernames that don't already exist in the database.  Subclasses can disable
    this behavior by setting the ``create_unknown_user`` attribute to
    ``False``.
    """

    # Create a User object if not already in the database?
    create_unknown_user = True
    # Create active user by default.
    activate_after_creation = getattr(settings, 'SHIB_ACTIVATE_AFTER_CREATION', True)

    def get_user(self, username):
        try:
            user = User.objects.get(email=username)
        except User.DoesNotExist:
            user = None
        return user

    def authenticate(self, remote_user, shib_meta):
        """
        The username passed as ``remote_user`` is considered trusted.  This
        method simply returns the ``User`` object with the given username,
        creating a new ``User`` object if ``create_unknown_user`` is ``True``.

        Returns None if ``create_unknown_user`` is ``False`` and a ``User``
        object with the given username is not found in the database.
        """
        if not remote_user:
            return

        username = self.clean_username(remote_user)

        local_ccnet_users = ccnet_api.search_emailusers('DB', username, -1, -1)
        if not local_ccnet_users:
            local_ccnet_users = ccnet_api.search_emailusers('LDAP', username, -1, -1)

        if username.lower() not in [item.email for item in local_ccnet_users]:
            local_ccnet_users = []

        if not local_ccnet_users:
            if self.create_unknown_user:
                user = User.objects.create_shib_user(
                    email=username, is_active=self.activate_after_creation)
                if user and self.activate_after_creation is False:
                    notify_admins_on_activate_request(user.email)
                    # Do not send follwing registration finished email (if any)
                    # which will cause confusion.
                    return user
                if user and settings.NOTIFY_ADMIN_AFTER_REGISTRATION is True:
                    notify_admins_on_register_complete(user.email)
            else:
                user = None
        else:
            user = User.objects.get(email=username)

        return user
Fix activate request email not sent bug on registration, and apply to shibboleth login 2016-03-24 07:07:19 +00:00			`from django.conf import settings`
[thirdpart] Add shibboleth 2014-12-17 06:29:29 +00:00
only check local user when login via shib (#4357) 2019-12-13 13:44:54 +00:00			`from seaserv import ccnet_api`
[Django 1.11] Feature removed in Django 1.9. Update template settings and test 2018-03-19 06:02:54 +00:00			`from seahub.auth.backends import RemoteUserBackend`
[shibboleth] Modify user creation 2014-12-17 06:40:16 +00:00			`from seahub.base.accounts import User`
Notify admins after register 2018-01-06 08:53:48 +00:00			`from registration.models import (`
			`notify_admins_on_activate_request, notify_admins_on_register_complete)`
[shibboleth] Modify user creation 2014-12-17 06:40:16 +00:00
update search user logic when login via shib (#4708) Co-authored-by: lian <lian@seafile.com> 2020-11-02 05:50:40 +00:00
[thirdpart] Add shibboleth 2014-12-17 06:29:29 +00:00			`class ShibbolethRemoteUserBackend(RemoteUserBackend):`
			`"""`
			This backend is to be used in conjunction with the ``RemoteUserMiddleware``
			`found in the middleware module of this package, and is used when the server`
			`is handling authentication outside of Django.`

			By default, the ``authenticate`` method creates ``User`` objects for
			`usernames that don't already exist in the database. Subclasses can disable`
			this behavior by setting the ``create_unknown_user`` attribute to
			``False``.
			`"""`

			`# Create a User object if not already in the database?`
			`create_unknown_user = True`
Fix activate request email not sent bug on registration, and apply to shibboleth login 2016-03-24 07:07:19 +00:00			`# Create active user by default.`
			`activate_after_creation = getattr(settings, 'SHIB_ACTIVATE_AFTER_CREATION', True)`
[thirdpart] Add shibboleth 2014-12-17 06:29:29 +00:00
[shibboleth] Modify user creation 2014-12-17 06:40:16 +00:00			`def get_user(self, username):`
			`try:`
			`user = User.objects.get(email=username)`
			`except User.DoesNotExist:`
			`user = None`
			`return user`

[thirdpart] Add shibboleth 2014-12-17 06:29:29 +00:00			`def authenticate(self, remote_user, shib_meta):`
			`"""`
			The username passed as ``remote_user`` is considered trusted. This
			method simply returns the ``User`` object with the given username,
			creating a new ``User`` object if ``create_unknown_user`` is ``True``.

			Returns None if ``create_unknown_user`` is ``False`` and a ``User``
			`object with the given username is not found in the database.`
			`"""`
			`if not remote_user:`
			`return`
Fix activate request email not sent bug on registration, and apply to shibboleth login 2016-03-24 07:07:19 +00:00
[thirdpart] Add shibboleth 2014-12-17 06:29:29 +00:00			`username = self.clean_username(remote_user)`
only check local user when login via shib (#4357) 2019-12-13 13:44:54 +00:00
			`local_ccnet_users = ccnet_api.search_emailusers('DB', username, -1, -1)`
			`if not local_ccnet_users:`
			`local_ccnet_users = ccnet_api.search_emailusers('LDAP', username, -1, -1)`

shib user (#4820) use username in lowercase when check if user alread exists Co-authored-by: lian <lian@seafile.com> 2021-02-23 07:17:42 +00:00			`if username.lower() not in [item.email for item in local_ccnet_users]:`
update search user logic when login via shib (#4708) Co-authored-by: lian <lian@seafile.com> 2020-11-02 05:50:40 +00:00			`local_ccnet_users = []`

only check local user when login via shib (#4357) 2019-12-13 13:44:54 +00:00			`if not local_ccnet_users:`
[shib] Fix bug when authenticate shib user, issure #394 2015-03-05 08:37:10 +00:00			`if self.create_unknown_user:`
Improve login and create user (#5458) * add create oauth/ldap/saml user in UserManager * improve admin add/import users * improve dingtalk/weixin/work_weixin login/create user * improve saml login/create user * improve oauth login/create user * login ldap user in seahub * improve invite user * fix code * fix github test action * fix test * fix saml login * optimize code * specify the version of python-ldap * fix code * improve code * add get_old_user * optimize oauth login code * optimize code * remove LDAP_USER_UNIQUE_ID * remove test_primary_id * improve authenticate user * improve saml login * optimize code 2023-06-19 05:06:15 +00:00			`user = User.objects.create_shib_user(`
Fix activate request email not sent bug on registration, and apply to shibboleth login 2016-03-24 07:07:19 +00:00			`email=username, is_active=self.activate_after_creation)`
			`if user and self.activate_after_creation is False:`
			`notify_admins_on_activate_request(user.email)`
[shibboleth] Fix multiple emails sending issue. issue: https://forum.seafile.com/t/seahub-not-sending-mail-invitations/7150/6 2018-09-15 03:32:06 +00:00			`# Do not send follwing registration finished email (if any)`
			`# which will cause confusion.`
			`return user`
Notify admins after register 2018-01-06 08:53:48 +00:00			`if user and settings.NOTIFY_ADMIN_AFTER_REGISTRATION is True:`
			`notify_admins_on_register_complete(user.email)`
[shib] Fix bug when authenticate shib user, issure #394 2015-03-05 08:37:10 +00:00			`else:`
Fix activate request email not sent bug on registration, and apply to shibboleth login 2016-03-24 07:07:19 +00:00			`user = None`
fix bug when user login via shib (#4416) 2020-01-15 06:06:46 +00:00			`else:`
			`user = User.objects.get(email=username)`
[shib] Fix bug when authenticate shib user, issure #394 2015-03-05 08:37:10 +00:00
[thirdpart] Add shibboleth 2014-12-17 06:29:29 +00:00			`return user`