[auth, api, shibboleth] Use primary id in login

2025-09-12 13:24:52 +00:00 · 2017-08-26 14:18:21 +08:00
parent b912c69c5a
commit 318c7de424
3 changed files with 19 additions and 1 deletions
--- a/seahub/api2/serializers.py
+++ b/seahub/api2/serializers.py
@@ -2,6 +2,7 @@
 import logging

 from rest_framework import serializers
+from seaserv import ccnet_api

 from seahub.auth import authenticate
 from seahub.api2.models import DESKTOP_PLATFORMS
@@ -68,6 +69,10 @@ class AuthTokenSerializer(serializers.Serializer):
        if username is None:
            username = login_id

+        p_id = ccnet_api.get_primary_id(username)
+        if p_id is not None:
+            username = p_id
+
        if username and password:
            user = authenticate(username=username, password=password)
            if user:
--- a/seahub/auth/forms.py
+++ b/seahub/auth/forms.py
@@ -4,6 +4,8 @@ from django import forms
 from django.utils.translation import ugettext_lazy as _
 from django.utils.http import int_to_base36

+from seaserv import ccnet_api
+
 from seahub.base.accounts import User
 from seahub.auth import authenticate
 from seahub.auth.tokens import default_token_generator
@@ -45,6 +47,12 @@ class AuthenticationForm(forms.Form):
        else:
            return username

+    def get_primary_id_by_username(self, username):
+        """Get user's primary id in case the username is changed.
+        """
+        p_id = ccnet_api.get_primary_id(username)
+        return p_id if p_id is not None else username
+
    def clean_login(self):
        return self.cleaned_data['login'].strip()

@@ -55,6 +63,7 @@ class AuthenticationForm(forms.Form):
        # convert login id to username
        username = self.get_username_by_login(login)

+        username = self.get_primary_id_by_username(username)
        if username and password:
            self.user_cache = authenticate(username=username,
                                           password=password)
--- a/thirdpart/shibboleth/middleware.py
+++ b/thirdpart/shibboleth/middleware.py
@@ -7,7 +7,7 @@ from django.contrib.auth.middleware import RemoteUserMiddleware
 from django.core.exceptions import ImproperlyConfigured
 from django.core.urlresolvers import reverse
 from django.http import HttpResponseRedirect
-from seaserv import seafile_api
+from seaserv import seafile_api, ccnet_api

 from shibboleth.app_settings import SHIB_ATTRIBUTE_MAP, LOGOUT_SESSION_KEY, SHIB_USER_HEADER

@@ -58,6 +58,10 @@ class ShibbolethRemoteUserMiddleware(RemoteUserMiddleware):
            # AuthenticationMiddleware).
            return

+        p_id = ccnet_api.get_primary_id(username)
+        if p_id is not None:
+            username = p_id
+
        # If the user is already authenticated and that user is the user we are
        # getting passed in the headers, then the correct user is already
        # persisted in the session and we don't need to continue.