From 61b41e8feaf50c02763c40f6aa68cae5c3ed7b41 Mon Sep 17 00:00:00 2001 From: zhengxie Date: Wed, 17 Dec 2014 14:40:16 +0800 Subject: [PATCH] [shibboleth] Modify user creation --- thirdpart/shibboleth/backends.py | 17 +++++++++++------ thirdpart/shibboleth/middleware.py | 5 +++-- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/thirdpart/shibboleth/backends.py b/thirdpart/shibboleth/backends.py index 68d0c7c806..0f461039a3 100644 --- a/thirdpart/shibboleth/backends.py +++ b/thirdpart/shibboleth/backends.py @@ -1,7 +1,8 @@ from django.db import connection -from django.contrib.auth.models import User, Permission from django.contrib.auth.backends import RemoteUserBackend +from seahub.base.accounts import User + class ShibbolethRemoteUserBackend(RemoteUserBackend): """ This backend is to be used in conjunction with the ``RemoteUserMiddleware`` @@ -17,6 +18,13 @@ class ShibbolethRemoteUserBackend(RemoteUserBackend): # Create a User object if not already in the database? create_unknown_user = True + def get_user(self, username): + try: + user = User.objects.get(email=username) + except User.DoesNotExist: + user = None + return user + def authenticate(self, remote_user, shib_meta): """ The username passed as ``remote_user`` is considered trusted. This @@ -30,17 +38,14 @@ class ShibbolethRemoteUserBackend(RemoteUserBackend): return user = None username = self.clean_username(remote_user) - shib_user_params = dict([(k, shib_meta[k]) for k in User._meta.get_all_field_names() if k in shib_meta]) # Note that this could be accomplished in one try-except clause, but # instead we use get_or_create when creating unknown users since it has # built-in safeguards for multiple threads. if self.create_unknown_user: - user, created = User.objects.get_or_create(username=shib_user_params.get('username'), defaults=shib_user_params) - if created: - user = self.configure_user(user) + user = User.objects.create_user(email=username) else: try: - user = User.objects.get(**shib_user_params) + user = User.objects.get(email=username) except User.DoesNotExist: pass return user diff --git a/thirdpart/shibboleth/middleware.py b/thirdpart/shibboleth/middleware.py index 98945a04e5..108b4dc022 100755 --- a/thirdpart/shibboleth/middleware.py +++ b/thirdpart/shibboleth/middleware.py @@ -1,9 +1,10 @@ from django.contrib.auth.middleware import RemoteUserMiddleware -from django.contrib import auth from django.core.exceptions import ImproperlyConfigured from shibboleth.app_settings import SHIB_ATTRIBUTE_MAP, LOGOUT_SESSION_KEY +from seahub import auth + class ShibbolethRemoteUserMiddleware(RemoteUserMiddleware): """ Authentication Middleware for use with Shibboleth. Uses the recommended pattern @@ -39,7 +40,7 @@ class ShibbolethRemoteUserMiddleware(RemoteUserMiddleware): # getting passed in the headers, then the correct user is already # persisted in the session and we don't need to continue. if request.user.is_authenticated(): - if request.user.username == self.clean_username(username, request): + if request.user.username == username: return # Make sure we have all required Shiboleth elements before proceeding.