Implement authentication with LDAP

Enable an additional lookup against an LDAP directory
during login and user creation to ensure that only
specific users can login and register on the EteBase
server instance.

django_etebase/token_auth/authentication.py

@@ -1,16 +1,19 @@
 from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
+from .. import app_settings
 
 from rest_framework import exceptions
 from rest_framework.authentication import TokenAuthentication as DRFTokenAuthentication
 
 from .models import AuthToken, get_default_expiry
 
+if app_settings.USE_LDAP:
+    from ..ldap import LDAPConnection
+
 
 AUTO_REFRESH = True
 MIN_REFRESH_INTERVAL = 60
 
-
 class TokenAuthentication(DRFTokenAuthentication):
     keyword = 'Token'
     model = AuthToken
@@ -23,6 +26,10 @@ class TokenAuthentication(DRFTokenAuthentication):
         except model.DoesNotExist:
             raise exceptions.AuthenticationFailed(msg)
 
+        if app_settings.USE_LDAP:
+            if not LDAPConnection.get_instance().has_user(token.user.username):
+                raise exceptions.AuthenticationFailed('User is not listed in the LDAP registry.')
+
         if not token.user.is_active:
             raise exceptions.AuthenticationFailed(_('User inactive or deleted.'))