[lc_ldap] Passage à une auth par lc_ldap

Ceci est un commit d'adg à la base, mais comme il semble l'avoir fait en deux parties et que je ne retrouve pas tout, ben j'ai préféré reprendre les fichiers, pour être sûr :/

[lc_ldap] Passage à une auth par lc_ldap
Ceci est un commit d'adg à la base, mais comme il semble l'avoir fait en deux parties et que je ne retrouve pas tout, ben j'ai préféré reprendre les fichiers, pour être sûr :/
0e057315 · Daniel STAN · a2aab80a · 0e057315 · 0e057315 · 0e057315
Commit 0e057315 authored Jun 25, 2012 by Daniel STAN
Hide whitespace changes
Inline Side-by-side

Showing with 57 additions and 78 deletions

conn_pool.py conn_pool.py +25 -0

login.py login.py +32 -75

settings.py settings.py +0 -3

No files found.
--- a/conn_pool.py
+++ b/conn_pool.py
+#!/usr/bin/env python
+#
+# CONN_POOL.PY-- 
+#
+# Copyright (C) 2010 Antoine Durand-Gasselin
+# Author: Antoine Durand-Gasselin <adg@crans.org>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#
+
+CONNS = {}
+OBJECTS = {}
+
--- a/login.py
+++ b/login.py
@@ -5,6 +5,7 @@
 #
 # Copyright (C) 2009-2010 Nicolas Dandrimont
 # Authors: Nicolas Dandrimont <olasd@crans.org>
+# Censor: Antoine Durand-Gasselin <adg@crans.org>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -19,15 +20,23 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

-import settings
+import settings, ldap
 from django.contrib.auth.models import Group, User
 from django.contrib.auth.backends import ModelBackend
+from django.utils.importlib import import_module
+
+# Pour se connecter à la base ldap
+import sys
+sys.path.append("/usr/scripts/lc_ldap")
+from lc_ldap import lc_ldap
+
+conn_pool = import_module('conn_pool', 'intranet')

 class LDAPUserBackend(ModelBackend):
    """Authentifie un utilisateur à l'aide de la base LDAP"""

    supports_anonymous_user = False
-    
+
    def authenticate(self, username=None, password=None):
        """Authentifie l'utilisateur sur la base LDAP. Crée un
        utilisateur django s'il n'existe pas encore."""
@@ -35,37 +44,31 @@ class LDAPUserBackend(ModelBackend):
        if not username or not password:
            return None

-        # Les clubs ont une méthode à part...
-        if "@club-" in username:
-            try:
-                user, club = username.split("@club-")
-            except ValueError:
-                return None
-            return self.authenticate_club(club, user, password)
-
        try:
-            adherent = settings.db.search('uid=%s' % username)['adherent'][0]
+            conn = lc_ldap(user = username, cred = password)
+            ldap_user = conn.search(dn = conn.dn, scope = ldap.SCOPE_BASE)[0]
        except IndexError:
            return None
+        except ldap.INVALID_CREDENTIALS:
+            return None

-        if adherent.checkPassword(password):
-            # On stocke les utilisateurs dans la base django comme "uid@crans.org"
-            django_username = '%s@crans.org' % username
-            try:
-                user = User.objects.get(username=django_username)
-            except User.DoesNotExist:
-                user = User(username=django_username, password="LDAP Backend User!")
-            user.save()
-            self.refresh_droits(user, adherent)
-            self.refresh_fields(user, adherent)
-            return user
-        return None
+        # On stocke les utilisateurs dans la base django comme "uid@crans.org"
+        django_username = '%s@crans.org' % username
+        try:
+            user = User.objects.get(username=django_username)
+        except User.DoesNotExist:
+            user = User(username=django_username, password="LDAP Backend User!")
+        user.save()
+        conn_pool.CONNS[django_username] = conn
+        self.refresh_droits(user, ldap_user)
+        self.refresh_fields(user, ldap_user)
+        return user

    def refresh_droits(self, user, cl_user):
        """Rafraîchit les droits de l'utilisateur django `user' depuis
        l'utilisateur LDAP `cl_user'"""

-        cl_droits = cl_user.droits()
+        cl_droits = cl_user['droits']
        if u"Nounou" in cl_droits:
            user.is_staff = True
            user.is_superuser = True
@@ -75,6 +78,7 @@ class LDAPUserBackend(ModelBackend):

        groups = []
        for cl_droit in cl_droits:
+            cl_droit = cl_droit.value
            group, created = Group.objects.get_or_create(name="crans_%s" % cl_droit.lower())
            group.save()
            groups.append(group)
@@ -86,62 +90,15 @@ class LDAPUserBackend(ModelBackend):
        """Rafraîchit les champs correspondants à l'utilisateur (nom,
        prénom, email)"""

-        user.first_name = cl_user.prenom()
-        user.last_name = cl_user.nom()
-        user.email = "%s@crans.org" % cl_user.mail()
+        user.first_name = unicode(cl_user['prenom'][0])
+        user.last_name = unicode(cl_user['nom'][0])
+        user.email = "%s@crans.org" % unicode(cl_user['mail'][0])

        user.save()
-     
+
    def get_user(self, uid):
        """Récupère l'objet django correspondant à l'uid"""
        try:
            return User.objects.get(pk=uid)
        except User.DoesNotExist:
            return None
-
-    def authenticate_club(self, club=None, user=None, password=None):
-        """Authentifie un utilisateur de club"""
-
-        if not club or not user or not password:
-            return None
-        
-        try:
-            adherent = settings.db.search('uid=%s' % user)['adherent'][0]
-            club_obj = settings.db.search('uid=club-%s' % club)['club'][0]
-        except ValueError:
-            return None
-
-        if adherent.checkPassword(password):
-            # HACK
-            if club_obj.Nom().lower() == "crans":
-                droits = set(adherent.droits())
-                imprimeurs_crans = set((u'Bureau', u'Nounou'))
-                if droits.intersection(imprimeurs_crans):
-                    domain = "club-crans.crans.org"
-                else:
-                    return None
-            else:
-                aid = adherent.id()
-                if aid in club_obj.imprimeurs() or aid == club_obj.responsable().id():
-                    domain = "club-%s.crans.org" % club
-                else:
-                    return None
-                
-            django_user = "%s@%s" % (user, domain)
-            try:
-                user = User.objects.get(username=django_user)
-            except User.DoesNotExist:
-                user = User(username=django_user, password="LDAP Backend User!")
-                user.set_unusable_password()
-                user.save()
-                return user
-            return user
-        
-        return None
-
-    def get_user_club(self, club, user):
-        """Récupère l'objet User correspondant à un utilisateur dans un club"""
-        try:
-            return User.objects.get(username="%s@club-%s.crans.org" % (club, user))
-        except User.DoesNotExist:
-            return None
--- a/settings.py
+++ b/settings.py
@@ -3,10 +3,7 @@

 # Connexion à la base ldap
 import sys
-sys.path.append("/usr/scripts/gestion")
 sys.path.append("/etc/crans/secrets")
-from ldap_crans import crans_ldap
-db = crans_ldap()

 DEBUG = False
 TEMPLATE_DEBUG = DEBUG