[shibboleth] Modify user creation

2025-09-02 23:48:47 +00:00 · 2014-12-17 14:40:16 +08:00
parent c914fe30c5
commit 61b41e8fea
2 changed files with 14 additions and 8 deletions
--- a/thirdpart/shibboleth/backends.py
+++ b/thirdpart/shibboleth/backends.py
@@ -1,7 +1,8 @@
 from django.db import connection
-from django.contrib.auth.models import User, Permission
 from django.contrib.auth.backends import RemoteUserBackend

+from seahub.base.accounts import User
+
 class ShibbolethRemoteUserBackend(RemoteUserBackend):
    """
    This backend is to be used in conjunction with the ``RemoteUserMiddleware``
@@ -17,6 +18,13 @@ class ShibbolethRemoteUserBackend(RemoteUserBackend):
    # Create a User object if not already in the database?
    create_unknown_user = True

+    def get_user(self, username):
+        try:
+            user = User.objects.get(email=username)
+        except User.DoesNotExist:
+            user = None
+        return user
+
    def authenticate(self, remote_user, shib_meta):
        """
        The username passed as ``remote_user`` is considered trusted.  This
@@ -30,17 +38,14 @@ class ShibbolethRemoteUserBackend(RemoteUserBackend):
            return
        user = None
        username = self.clean_username(remote_user)
-        shib_user_params = dict([(k, shib_meta[k]) for k in User._meta.get_all_field_names() if k in shib_meta])
        # Note that this could be accomplished in one try-except clause, but
        # instead we use get_or_create when creating unknown users since it has
        # built-in safeguards for multiple threads.
        if self.create_unknown_user:
-            user, created = User.objects.get_or_create(username=shib_user_params.get('username'), defaults=shib_user_params)
-            if created:
-                user = self.configure_user(user)
+            user = User.objects.create_user(email=username)
        else:
            try:
-                user = User.objects.get(**shib_user_params)
+                user = User.objects.get(email=username)
            except User.DoesNotExist:
                pass
        return user
--- a/thirdpart/shibboleth/middleware.py
+++ b/thirdpart/shibboleth/middleware.py
@@ -1,9 +1,10 @@
 from django.contrib.auth.middleware import RemoteUserMiddleware
-from django.contrib import auth
 from django.core.exceptions import ImproperlyConfigured

 from shibboleth.app_settings import SHIB_ATTRIBUTE_MAP, LOGOUT_SESSION_KEY

+from seahub import auth
+
 class ShibbolethRemoteUserMiddleware(RemoteUserMiddleware):
    """
    Authentication Middleware for use with Shibboleth.  Uses the recommended pattern
@@ -39,7 +40,7 @@ class ShibbolethRemoteUserMiddleware(RemoteUserMiddleware):
        # getting passed in the headers, then the correct user is already
        # persisted in the session and we don't need to continue.
        if request.user.is_authenticated():
-            if request.user.username == self.clean_username(username, request):
+            if request.user.username == username:
                return

        # Make sure we have all required Shiboleth elements before proceeding.