aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--okupy/accounts/views.py5
-rw-r--r--okupy/common/auth.py34
-rw-r--r--okupy/common/ldap_helpers.py3
-rw-r--r--okupy/settings/__init__.py2
-rw-r--r--okupy/tests/settings.py2
-rw-r--r--requirements/base.txt1
6 files changed, 43 insertions, 4 deletions
diff --git a/okupy/accounts/views.py b/okupy/accounts/views.py
index ab96d87..36980ee 100644
--- a/okupy/accounts/views.py
+++ b/okupy/accounts/views.py
@@ -139,7 +139,10 @@ def login(request):
it was successful. If it retrieves None then it failed to login
"""
try:
- user = authenticate(username=username, password=password)
+ user = authenticate(
+ request=request,
+ username=username,
+ password=password)
except Exception as error:
logger.critical(error, extra=log_extra_data(request))
logger_mail.exception(error)
diff --git a/okupy/common/auth.py b/okupy/common/auth.py
index aa238fc..08d2fe6 100644
--- a/okupy/common/auth.py
+++ b/okupy/common/auth.py
@@ -5,14 +5,48 @@ from django.contrib.auth.backends import ModelBackend
from django.db import IntegrityError
from okupy.accounts.models import LDAPUser
+from okupy.common.ldap_helpers import get_bound_ldapuser
from OpenSSL.crypto import load_certificate, FILETYPE_PEM
+import ldap
import paramiko
import base64
+class LDAPAuthBackend(ModelBackend):
+ """
+ Authentication backend that authenticates against LDAP password.
+ If authentication succeeds, it sets up secondary password
+ for the session.
+ """
+
+ def authenticate(self, request, username, password):
+ try:
+ bound_ldapuser = get_bound_ldapuser(
+ request=request,
+ username=username,
+ password=password)
+
+ with bound_ldapuser as u:
+ UserModel = get_user_model()
+ attr_dict = {
+ UserModel.USERNAME_FIELD: u.username
+ }
+
+ user = UserModel(**attr_dict)
+ try:
+ user.save()
+ except IntegrityError:
+ user = UserModel.objects.get(**attr_dict)
+ return user
+ except ldap.INVALID_CREDENTIALS:
+ return None
+ except ldap.STRONG_AUTH_REQUIRED:
+ return None
+
+
class SSLCertAuthBackend(ModelBackend):
"""
Authentication backend taht uses client certificate information.
diff --git a/okupy/common/ldap_helpers.py b/okupy/common/ldap_helpers.py
index 69cacbf..c8ac5dd 100644
--- a/okupy/common/ldap_helpers.py
+++ b/okupy/common/ldap_helpers.py
@@ -8,6 +8,9 @@ from okupy import OkupyError
from okupy.accounts.models import LDAPUser
from okupy.crypto.ciphers import cipher
+from django.conf import settings #debug
+from django.db import connections
+
def get_bound_ldapuser(request, password=None, username=None):
"""
diff --git a/okupy/settings/__init__.py b/okupy/settings/__init__.py
index bdada0a..0541edd 100644
--- a/okupy/settings/__init__.py
+++ b/okupy/settings/__init__.py
@@ -26,7 +26,7 @@ MESSAGE_STORAGE = 'django.contrib.messages.storage.session.SessionStorage'
# Custom authentication backend
AUTHENTICATION_BACKENDS = (
- 'django_auth_ldap.backend.LDAPBackend',
+ 'okupy.common.auth.LDAPAuthBackend',
'okupy.common.auth.SSLCertAuthBackend',
'okupy.common.auth.SSHKeyAuthBackend',
)
diff --git a/okupy/tests/settings.py b/okupy/tests/settings.py
index 97b2844..1a83724 100644
--- a/okupy/tests/settings.py
+++ b/okupy/tests/settings.py
@@ -26,7 +26,7 @@ MESSAGE_STORAGE = 'django.contrib.messages.storage.session.SessionStorage'
# Custom authentication backend
AUTHENTICATION_BACKENDS = (
- 'django_auth_ldap.backend.LDAPBackend',
+ 'okupy.common.auth.LDAPAuthBackend',
'okupy.common.auth.SSLCertAuthBackend',
'okupy.common.auth.SSHKeyAuthBackend',
)
diff --git a/requirements/base.txt b/requirements/base.txt
index f63e9ab..8747082 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -1,5 +1,4 @@
django>=1.5
-django-auth-ldap>=1.1.4
django-compressor>=1.3
django-otp>=0.1.7
git+https://github.com/gentoo/django-ldapdb@okupy_v1#egg=django-ldapdb