[Update] 修改authentication backends

apps/authentication/api/auth.py

@@ -15,14 +15,15 @@ from rest_framework.views import APIView
 from common.utils import get_logger, get_request_ip
 from common.permissions import IsOrgAdminOrAppUser
 from orgs.mixins import RootOrgViewMixin
-from authentication.signals import post_auth_success, post_auth_failed
 from users.serializers import UserSerializer
 from users.models import User, LoginLog
+from assets.models import Asset, SystemUser
 from users.utils import (
     check_user_valid, check_otp_code, increase_login_failed_count,
     is_block_login, clean_failed_count
 )
-from users.hands import Asset, SystemUser
+
+from ..signals import post_auth_success, post_auth_failed
 
 logger = get_logger(__name__)
 __all__ = [

apps/authentication/backends/openid/backends.py

@@ -75,7 +75,6 @@ class OpenIDAuthorizationPasswordBackend(BaseOpenIDAuthorizationBackend):
 
         if not settings.AUTH_OPENID:
             return None
-
         elif not username:
             return None
 

apps/authentication/backends/openid/middleware.py

@@ -10,9 +10,7 @@ from common.utils import get_logger
 from .utils import new_client
 from .models import OIDT_ACCESS_TOKEN
 
-BACKEND_OPENID_AUTH_CODE = \
-    'authentication.backends.openid.OpenIDAuthorizationCodeBackend'
-client = new_client()
+BACKEND_OPENID_AUTH_CODE = 'OpenIDAuthorizationCodeBackend'
 logger = get_logger(__file__)
 __all__ = ['OpenIDAuthenticationMiddleware']
 
@@ -23,22 +21,22 @@ class OpenIDAuthenticationMiddleware(MiddlewareMixin):
     """
 
     def process_request(self, request):
-
         # Don't need openid auth if AUTH_OPENID is False
         if not settings.AUTH_OPENID:
             return
-
         # Don't need check single logout if user not authenticated
         if not request.user.is_authenticated:
             return
-
-        elif request.session[BACKEND_SESSION_KEY] != BACKEND_OPENID_AUTH_CODE:
+        elif request.session[BACKEND_SESSION_KEY].endswith(
+                BACKEND_OPENID_AUTH_CODE):
             return
 
         # Check openid user single logout or not with access_token
+        client = new_client()
         try:
             client.openid_connect_client.userinfo(
-                token=request.session.get(OIDT_ACCESS_TOKEN))
+                token=request.session.get(OIDT_ACCESS_TOKEN)
+            )
 
         except Exception as e:
             logout(request)

apps/authentication/backends/openid/views.py

@@ -26,7 +26,6 @@ __all__ = ['OpenIDLoginView', 'OpenIDLoginCompleteView']
 class OpenIDLoginView(RedirectView):
 
     def get_redirect_url(self, *args, **kwargs):
-        # Todo: 待优化
         redirect_uri = settings.BASE_SITE_URL + settings.LOGIN_COMPLETE_URL
         nonce = Nonce(
             redirect_uri=redirect_uri,
@@ -71,6 +70,8 @@ class OpenIDLoginCompleteView(RedirectView):
             return HttpResponseBadRequest()
 
         login(self.request, user)
-        post_openid_login_success.send(sender=self.__class__, user=user, request=self.request)
+        post_openid_login_success.send(
+            sender=self.__class__, user=user, request=self.request
+        )
         return HttpResponseRedirect(nonce.next_path or '/')
 

apps/audits/hands.py → apps/authentication/migrations/__init__.py

 # -*- coding: utf-8 -*-
 #
-
-from users.models import LoginLog
\ No newline at end of file

apps/authentication/models.py

-

apps/users/urls/views_urls.py

@@ -46,7 +46,4 @@ urlpatterns = [
     path('user-group/<uuid:pk>/update/', views.UserGroupUpdateView.as_view(), name='user-group-update'),
     path('user-group/<uuid:pk>/assets/', views.UserGroupGrantedAssetView.as_view(), name='user-group-granted-asset'),
 
-    # Login log
-    # Abandon
-    # path('login-log/', views.LoginLogListView.as_view(), name='login-log-list'),
 ]

apps/users/utils.py

@@ -18,7 +18,7 @@ from datetime import datetime
 
 from common.tasks import send_mail_async
 from common.utils import reverse, get_object_or_none, get_ip_city
-from .models import User, LoginLog
+from .models import User
 
 
 logger = logging.getLogger('jumpserver')