Format code using black
This commit is contained in:
parent
6751502e21
commit
2d11c82e32
@ -96,10 +96,18 @@ WSGI_APPLICATION = "etebase_server.wsgi.application"
|
|||||||
# https://docs.djangoproject.com/en/3.0/ref/settings/#auth-password-validators
|
# https://docs.djangoproject.com/en/3.0/ref/settings/#auth-password-validators
|
||||||
|
|
||||||
AUTH_PASSWORD_VALIDATORS = [
|
AUTH_PASSWORD_VALIDATORS = [
|
||||||
{"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",},
|
{
|
||||||
{"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",},
|
"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
|
||||||
{"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",},
|
},
|
||||||
{"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",},
|
{
|
||||||
|
"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",
|
||||||
|
},
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
@ -128,10 +136,12 @@ STATIC_ROOT = os.environ.get("DJANGO_STATIC_ROOT", os.path.join(BASE_DIR, "stati
|
|||||||
MEDIA_ROOT = os.environ.get("DJANGO_MEDIA_ROOT", os.path.join(BASE_DIR, "media"))
|
MEDIA_ROOT = os.environ.get("DJANGO_MEDIA_ROOT", os.path.join(BASE_DIR, "media"))
|
||||||
MEDIA_URL = "/user-media/"
|
MEDIA_URL = "/user-media/"
|
||||||
|
|
||||||
ETEBASE_API_PERMISSIONS = ['rest_framework.permissions.IsAuthenticated']
|
ETEBASE_API_PERMISSIONS = ["rest_framework.permissions.IsAuthenticated"]
|
||||||
ETEBASE_API_AUTHENTICATORS = ('django_etebase.token_auth.authentication.TokenAuthentication',
|
ETEBASE_API_AUTHENTICATORS = (
|
||||||
'rest_framework.authentication.SessionAuthentication')
|
"django_etebase.token_auth.authentication.TokenAuthentication",
|
||||||
ETEBASE_CREATE_USER_FUNC = 'django_etebase.utils.create_user_blocked'
|
"rest_framework.authentication.SessionAuthentication",
|
||||||
|
)
|
||||||
|
ETEBASE_CREATE_USER_FUNC = "django_etebase.utils.create_user_blocked"
|
||||||
|
|
||||||
# Define where to find configuration files
|
# Define where to find configuration files
|
||||||
config_locations = [
|
config_locations = [
|
||||||
@ -169,17 +179,17 @@ if any(os.path.isfile(x) for x in config_locations):
|
|||||||
if "database" in config:
|
if "database" in config:
|
||||||
DATABASES = {"default": {x.upper(): y for x, y in config.items("database")}}
|
DATABASES = {"default": {x.upper(): y for x, y in config.items("database")}}
|
||||||
|
|
||||||
if 'ldap' in config:
|
if "ldap" in config:
|
||||||
ldap = config['ldap']
|
ldap = config["ldap"]
|
||||||
LDAP_SERVER = ldap.get('server', '')
|
LDAP_SERVER = ldap.get("server", "")
|
||||||
LDAP_SEARCH_BASE = ldap.get('search_base', '')
|
LDAP_SEARCH_BASE = ldap.get("search_base", "")
|
||||||
LDAP_FILTER = ldap.get('filter', '')
|
LDAP_FILTER = ldap.get("filter", "")
|
||||||
LDAP_BIND_DN = ldap.get('bind_dn', '')
|
LDAP_BIND_DN = ldap.get("bind_dn", "")
|
||||||
LDAP_BIND_PW = ldap.get('bind_pw', '')
|
LDAP_BIND_PW = ldap.get("bind_pw", "")
|
||||||
|
|
||||||
# Configure EteBase to use LDAP
|
# Configure EteBase to use LDAP
|
||||||
ETEBASE_CREATE_USER_FUNC = 'myauth.ldap.create_user'
|
ETEBASE_CREATE_USER_FUNC = "myauth.ldap.create_user"
|
||||||
ETEBASE_API_PERMISSIONS.append('myauth.ldap.LDAPUserExists')
|
ETEBASE_API_PERMISSIONS.append("myauth.ldap.LDAPUserExists")
|
||||||
|
|
||||||
# Make an `etebase_server_settings` module available to override settings.
|
# Make an `etebase_server_settings` module available to override settings.
|
||||||
try:
|
try:
|
||||||
|
|||||||
@ -9,16 +9,17 @@ import ldap
|
|||||||
|
|
||||||
|
|
||||||
def ldap_setting(name, default):
|
def ldap_setting(name, default):
|
||||||
'''Wrapper around django.conf.settings'''
|
"""Wrapper around django.conf.settings"""
|
||||||
return getattr(settings, f'LDAP_{name}', default)
|
return getattr(settings, f"LDAP_{name}", default)
|
||||||
|
|
||||||
|
|
||||||
class LDAPConnection:
|
class LDAPConnection:
|
||||||
__instance__ = None
|
__instance__ = None
|
||||||
__user_cache = {} # Username -> Valid until
|
__user_cache = {} # Username -> Valid until
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def get_instance():
|
def get_instance():
|
||||||
'''To get a Singleton'''
|
"""To get a Singleton"""
|
||||||
if not LDAPConnection.__instance__:
|
if not LDAPConnection.__instance__:
|
||||||
return LDAPConnection()
|
return LDAPConnection()
|
||||||
else:
|
else:
|
||||||
@ -26,18 +27,17 @@ class LDAPConnection:
|
|||||||
|
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
# Cache some settings
|
# Cache some settings
|
||||||
self.__LDAP_FILTER = ldap_setting('FILTER', '')
|
self.__LDAP_FILTER = ldap_setting("FILTER", "")
|
||||||
self.__LDAP_SEARCH_BASE = ldap_setting('SEARCH_BASE', '')
|
self.__LDAP_SEARCH_BASE = ldap_setting("SEARCH_BASE", "")
|
||||||
|
|
||||||
self.__ldap_connection = ldap.initialize(ldap_setting('SERVER', ''))
|
self.__ldap_connection = ldap.initialize(ldap_setting("SERVER", ""))
|
||||||
try:
|
try:
|
||||||
self.__ldap_connection.simple_bind_s(ldap_setting('BIND_DN', ''),
|
self.__ldap_connection.simple_bind_s(ldap_setting("BIND_DN", ""), ldap_setting("BIND_PW", ""))
|
||||||
ldap_setting('BIND_PW', ''))
|
|
||||||
except ldap.LDAPError as err:
|
except ldap.LDAPError as err:
|
||||||
logging.error(f'LDAP Error occuring during bind: {err.desc}')
|
logging.error(f"LDAP Error occuring during bind: {err.desc}")
|
||||||
|
|
||||||
def __is_cache_valid(self, username):
|
def __is_cache_valid(self, username):
|
||||||
'''Returns True if the cache entry is still valid. Returns False otherwise.'''
|
"""Returns True if the cache entry is still valid. Returns False otherwise."""
|
||||||
if username in self.__user_cache:
|
if username in self.__user_cache:
|
||||||
if timezone.now() <= self.__user_cache[username]:
|
if timezone.now() <= self.__user_cache[username]:
|
||||||
# Cache entry is still valid
|
# Cache entry is still valid
|
||||||
@ -48,26 +48,24 @@ class LDAPConnection:
|
|||||||
del self.__user_cache[username]
|
del self.__user_cache[username]
|
||||||
|
|
||||||
def has_user(self, username):
|
def has_user(self, username):
|
||||||
'''
|
"""
|
||||||
Since we don't care about the password and so authentication
|
Since we don't care about the password and so authentication
|
||||||
another way, all we care about is whether the user exists.
|
another way, all we care about is whether the user exists.
|
||||||
'''
|
"""
|
||||||
if self.__is_cache_valid(username):
|
if self.__is_cache_valid(username):
|
||||||
return True
|
return True
|
||||||
if username in self.__user_cache:
|
if username in self.__user_cache:
|
||||||
self.__remove_cache(username)
|
self.__remove_cache(username)
|
||||||
|
|
||||||
filterstr = self.__LDAP_FILTER.replace('%s', username)
|
filterstr = self.__LDAP_FILTER.replace("%s", username)
|
||||||
try:
|
try:
|
||||||
result = self.__ldap_connection.search_s(self.__LDAP_SEARCH_BASE,
|
result = self.__ldap_connection.search_s(self.__LDAP_SEARCH_BASE, ldap.SCOPE_SUBTREE, filterstr=filterstr)
|
||||||
ldap.SCOPE_SUBTREE,
|
|
||||||
filterstr=filterstr)
|
|
||||||
except ldap.NO_RESULTS_RETURNED:
|
except ldap.NO_RESULTS_RETURNED:
|
||||||
# We handle the specific error first and the the generic error, as
|
# We handle the specific error first and the the generic error, as
|
||||||
# we may expect ldap.NO_RESULTS_RETURNED, but not any other error
|
# we may expect ldap.NO_RESULTS_RETURNED, but not any other error
|
||||||
return False
|
return False
|
||||||
except ldap.LDAPError as err:
|
except ldap.LDAPError as err:
|
||||||
logging.error(f'Error occured while performing an LDAP query: {err.desc}')
|
logging.error(f"Error occured while performing an LDAP query: {err.desc}")
|
||||||
return False
|
return False
|
||||||
|
|
||||||
if len(result) == 1:
|
if len(result) == 1:
|
||||||
@ -75,19 +73,22 @@ class LDAPConnection:
|
|||||||
return True
|
return True
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
|
||||||
class LDAPUserExists(BasePermission):
|
class LDAPUserExists(BasePermission):
|
||||||
'''
|
"""
|
||||||
A permission check which first checks with the LDAP directory if the user
|
A permission check which first checks with the LDAP directory if the user
|
||||||
exists.
|
exists.
|
||||||
'''
|
"""
|
||||||
|
|
||||||
def has_permission(self, request, view):
|
def has_permission(self, request, view):
|
||||||
return LDAPConnection.get_instance().has_user(request.user.username)
|
return LDAPConnection.get_instance().has_user(request.user.username)
|
||||||
|
|
||||||
|
|
||||||
def create_user(*args, **kwargs):
|
def create_user(*args, **kwargs):
|
||||||
'''
|
"""
|
||||||
A create_user function which first checks if the user already exists in the
|
A create_user function which first checks if the user already exists in the
|
||||||
configured LDAP directory.
|
configured LDAP directory.
|
||||||
'''
|
"""
|
||||||
if not LDAPConnection.get_instance().has_user(kwargs['username']):
|
if not LDAPConnection.get_instance().has_user(kwargs["username"]):
|
||||||
raise PermissionDenied('User not in the LDAP directory.')
|
raise PermissionDenied("User not in the LDAP directory.")
|
||||||
return User.objects.create_user(*args, **kwargs)
|
return User.objects.create_user(*args, **kwargs)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user