diff --git a/seahub/auth/backends.py b/seahub/auth/backends.py index b603bf0e1e..518a590034 100644 --- a/seahub/auth/backends.py +++ b/seahub/auth/backends.py @@ -134,7 +134,6 @@ class SeafileRemoteUserBackend(AuthBackend): if not user: # when user doesn't exist if not self.create_unknown_user: - logger.error('User %s not found.' % username) return None try: @@ -150,16 +149,13 @@ class SeafileRemoteUserBackend(AuthBackend): logger.error(e) return None - if not self.user_can_authenticate(user): - logger.error('User %s is not active' % username) - return None - - # update user info after authenticated - try: - self.configure_user(request, user) - except Exception as e: - logger.error(e) - return None + if self.user_can_authenticate(user): + # update user info after authenticated + try: + self.configure_user(request, user) + except Exception as e: + logger.error(e) + return None # get user again with updated extra info after configure return self.get_user(username) diff --git a/seahub/auth/middleware.py b/seahub/auth/middleware.py index 86bbf95ef5..31d59892a9 100644 --- a/seahub/auth/middleware.py +++ b/seahub/auth/middleware.py @@ -5,6 +5,7 @@ import logging from django.conf import settings from django.core.exceptions import ImproperlyConfigured from django.utils.deprecation import MiddlewareMixin +from django.shortcuts import render from seahub import auth from seahub.base.sudo_mode import update_sudo_mode_ts @@ -118,7 +119,15 @@ class SeafileRemoteUserMiddleware(MiddlewareMixin): # We are seeing this user for the first time in this session, attempt # to authenticate the user. user = auth.authenticate(request=request, remote_user=username) + if not user: + if not getattr(settings, 'REMOTE_USER_CREATE_UNKNOWN_USER', True): + return render(request, 'remote_user/create_unknown_user_false.html') + return render(request, 'remote_user/error.html') + if user: + if not user.is_active: + return render(request, 'remote_user/not_active.html') + # User is valid. Set request.user and persist user in the session # by logging the user in. request.user = user diff --git a/seahub/templates/remote_user/create_unknown_user_false.html b/seahub/templates/remote_user/create_unknown_user_false.html new file mode 100644 index 0000000000..39f668478d --- /dev/null +++ b/seahub/templates/remote_user/create_unknown_user_false.html @@ -0,0 +1,10 @@ +{% extends "base.html" %} +{% load i18n %} + +{% block title %}{% trans "Error" %}{% endblock %} + +{% block main_panel %} +
+

{% trans "Error, new user registration is not allowed, please contact administrator." %}

+
+{% endblock %} diff --git a/seahub/templates/remote_user/error.html b/seahub/templates/remote_user/error.html new file mode 100644 index 0000000000..bb74daa96d --- /dev/null +++ b/seahub/templates/remote_user/error.html @@ -0,0 +1,10 @@ +{% extends "base.html" %} +{% load i18n %} + +{% block title %}{% trans "Error" %}{% endblock %} + +{% block main_panel %} +
+

{% trans "Error, please contact administrator." %}

+
+{% endblock %} diff --git a/seahub/templates/remote_user/not_active.html b/seahub/templates/remote_user/not_active.html new file mode 100644 index 0000000000..8c1687a16c --- /dev/null +++ b/seahub/templates/remote_user/not_active.html @@ -0,0 +1,8 @@ +{% extends "base.html" %} +{% load i18n %} + +{% block main_panel %} +
+

{% trans "Your account is created successfully, please wait for administrator to activate your account." %}

+
+{% endblock %}