Refactor LDAP support and add LDAP caching

2020-11-06 20:55:04 +01:00
parent 1fef1e2b7a
commit b0d0f99492
6 changed files with 98 additions and 95 deletions
--- a/django_etebase/app_settings.py
+++ b/django_etebase/app_settings.py
@@ -78,34 +78,6 @@ class AppSettings:
    @cached_property
    def CHALLENGE_VALID_SECONDS(self):  # pylint: disable=invalid-name
        return self._setting("CHALLENGE_VALID_SECONDS", 60)
-    
-    @cached_property
-    def USE_LDAP(self): # pylint: disable=invalid-name
-        return self._setting("USE_LDAP", False)
-
-    @cached_property
-    def LDAP_FILTER(self): # pylint: disable=invalid-name
-        return self._setting("LDAP_FILTER", "")
-
-    @cached_property
-    def LDAP_SEARCH_BASE(self): # pylint: disable=invalid-name
-        return self._setting("LDAP_SEARCH_BASE", "")
-
-    @cached_property
-    def LDAP_SERVER(self): # pylint: disable=invalid-name
-        return self._setting("LDAP_SERVER", "")
-
-    @cached_property
-    def LDAP_BIND_DN(self): # pylint: disable=invalid-name
-        return self._setting("LDAP_BIND_DN", "")
-
-    @cached_property
-    def LDAP_BIND_PASSWORD(self): # pylint: disable=invalid-name
-        return self._setting("LDAP_BIND_PW", "")
-
-    @cached_property
-    def LDAP_SEARCH_BASE(self): # pylint: disable=invalid-name
-        return self._setting("LDAP_SEARCH_BASE", "")


 app_settings = AppSettings('ETEBASE_')
--- a/django_etebase/ldap.py
+++ b/django_etebase/ldap.py
@@ -1,45 +0,0 @@
-import logging
-
-from . import app_settings
-
-import ldap
-
-class LDAPConnection:
-    __instance__ = None
-
-    @staticmethod
-    def get_instance():
-        '''To get a Singleton'''
-        if not LDAPConnection.__instance__:
-            return LDAPConnection()
-        else:
-            return LDAPConnection.__instance__
-
-    def __init__(self):
-        # Pull settings from django.conf.settings
-        # NOTE: We assume that settings.USE_LDAP is True
-        self.__ldap_connection = ldap.initialize(app_settings.LDAP_SERVER)
-        try:
-            self.__ldap_connection.simple_bind_s(app_settings.LDAP_BIND_DN,
-                                                 app_settings.LDAP_BIND_PASSWORD)
-        except ldap.LDAPError as err:
-            logging.error(f'LDAP Error occuring during initialization: {err.desc}')
-
-    def has_user(self, username):
-        '''
-        Since we don't care about the password and so authentication
-        another way, all we care about is whether the user exists.
-        '''
-        filterstr = app_settings.LDAP_FILTER.replace('%s', username)
-        try:
-            result = self.__ldap_connection.search_s(app_settings.LDAP_SEARCH_BASE,
-                                                     ldap.SCOPE_SUBTREE,
-                                                     filterstr=filterstr)
-        except ldap.NO_RESULTS_RETURNED:
-            # We handle the specific error first and the the generic error, as
-            # we may expect ldap.NO_RESULTS_RETURNED, but not any other error
-            return False
-        except ldap.LDAPError as err:
-            logging.error(f'Error occured while performing an LDAP query: {err.desc}')
-            return False
-        return len(result) == 1
--- a/django_etebase/token_auth/authentication.py
+++ b/django_etebase/token_auth/authentication.py
@@ -1,15 +1,11 @@
 from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
-from .. import app_settings

 from rest_framework import exceptions
 from rest_framework.authentication import TokenAuthentication as DRFTokenAuthentication

 from .models import AuthToken, get_default_expiry

-if app_settings.USE_LDAP:
-    from ..ldap import LDAPConnection
-

 AUTO_REFRESH = True
 MIN_REFRESH_INTERVAL = 60
@@ -26,10 +22,6 @@ class TokenAuthentication(DRFTokenAuthentication):
        except model.DoesNotExist:
            raise exceptions.AuthenticationFailed(msg)

-        if app_settings.USE_LDAP:
-            if not LDAPConnection.get_instance().has_user(token.user.username):
-                raise exceptions.AuthenticationFailed('User is not listed in the LDAP registry.')
-
        if not token.user.is_active:
            raise exceptions.AuthenticationFailed(_('User inactive or deleted.'))

--- a/django_etebase/utils.py
+++ b/django_etebase/utils.py
@@ -2,7 +2,6 @@ from django.contrib.auth import get_user_model
 from django.core.exceptions import PermissionDenied

 from . import app_settings
-from .ldap import LDAPConnection


 User = get_user_model()
@@ -16,11 +15,6 @@ def get_user_queryset(queryset, view):


 def create_user(*args, **kwargs):
-    # Check if the LDAP query returns exactly one user
-    if app_settings.USE_LDAP:
-        if not LDAPConnection.get_instance().has_user(kwargs['username']):
-            raise PermissionDenied('User is not listed in the LDAP registry.')
-
    custom_func = app_settings.CREATE_USER_FUNC
    if custom_func is not None:
        return custom_func(*args, **kwargs)