backends.py 2.81 KB
# coding:utf-8
#

from django.contrib.auth import get_user_model
from django.conf import settings

from common.utils import get_logger
from .utils import new_client
from .models import OIDT_ACCESS_TOKEN

UserModel = get_user_model()

logger = get_logger(__file__)
client = new_client()


__all__ = [
    'OpenIDAuthorizationCodeBackend', 'OpenIDAuthorizationPasswordBackend',
]


class BaseOpenIDAuthorizationBackend(object):

    @staticmethod
    def user_can_authenticate(user):
        """
        Reject users with is_active=False. Custom user models that don't have
        that attribute are allowed.
        """
        is_active = getattr(user, 'is_active', None)
        return is_active or is_active is None

    def get_user(self, user_id):
        try:
            user = UserModel._default_manager.get(pk=user_id)
        except UserModel.DoesNotExist:
            return None

        return user if self.user_can_authenticate(user) else None


class OpenIDAuthorizationCodeBackend(BaseOpenIDAuthorizationBackend):

    def authenticate(self, request, **kwargs):
        logger.info('Authentication OpenID code backend')

        code = kwargs.get('code')
        redirect_uri = kwargs.get('redirect_uri')

        if not code or not redirect_uri:
            logger.info('Authenticate failed: No code or No redirect uri')
            return None

        try:
            oidt_profile = client.update_or_create_from_code(
                    code=code, redirect_uri=redirect_uri
            )

        except Exception as e:
            logger.info('Authenticate failed: get oidt_profile: {}'.format(e))

        else:
            # Check openid user single logout or not with access_token
            request.session[OIDT_ACCESS_TOKEN] = oidt_profile.access_token
            user = oidt_profile.user
            logger.info('Authenticate success: user -> {}'.format(user))
            return user if self.user_can_authenticate(user) else None


class OpenIDAuthorizationPasswordBackend(BaseOpenIDAuthorizationBackend):

    def authenticate(self, request, username=None, password=None, **kwargs):
        logger.info('Authentication OpenID password backend')

        if not settings.AUTH_OPENID:
            logger.info('Authenticate failed: AUTH_OPENID is False')
            return None
        elif not username:
            logger.info('Authenticate failed: Not username')
            return None

        try:
            oidt_profile = client.update_or_create_from_password(
                username=username, password=password
            )

        except Exception as e:
            logger.info('Authenticate failed: get oidt_profile: {}'.format(e))

        else:
            user = oidt_profile.user
            logger.info('Authenticate success: user -> {}'.format(user))
            return user if self.user_can_authenticate(user) else None