]> git.openstreetmap.org Git - osqa.git/blob - forum_modules/ldapauth/authentication.py
we need to be able to take additional keyword arguments from the search manager
[osqa.git] / forum_modules / ldapauth / authentication.py
1 from forum.authentication.base import AuthenticationConsumer, ConsumerTemplateContext, InvalidAuthentication
2 from forum.models import User
3 from forum.actions import UserJoinsAction
4 from django.utils.translation import ugettext as _
5 from forum import settings
6
7 class LDAPAuthConsumer(AuthenticationConsumer):
8
9     def process_authentication_request(self, request):
10         username = request.POST['username'].strip()
11         password = request.POST['password']
12         uid = str(settings.LDAP_USER_MASK) % username
13
14         #an empty password will cause ldap to try an anonymous bind. This is picked up here
15         if not password:
16             raise InvalidAuthentication(_('Login failed. Please enter valid username and password (both are case-sensitive)'))
17
18         ldapo = ldap.initialize(str(settings.LDAP_SERVER))
19         if(settings.LDAP_USE_TLS):
20             ldapo.start_tls_s()
21         ldapo.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
22         try:
23             ldapo.simple_bind_s(str(settings.LDAP_BIND_DN), str(settings.LDAP_BIND_SECRET))
24             search = ldapo.search_s(str(settings.LDAP_BASE_DN), ldap.SCOPE_SUBTREE, uid)
25         except ldap.LDAPError:
26             #could not bind using credentials specified in ldap config
27             raise InvalidAuthentication(_('Login failed - LDAP bind error. Please contact your system administrator'))
28
29         ldapo.unbind_s()
30
31         if not search:
32             #could not find user
33             raise InvalidAuthentication(_('Login failed. Please enter valid username and password (both are case-sensitive)'))
34
35         #now try to bind as selected user; should raise exception if bind fails
36         ldapo = ldap.initialize(str(settings.LDAP_SERVER))
37         if(settings.LDAP_USE_TLS):
38             ldapo.start_tls_s()
39         ldapo.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
40         try:
41             ldapo.simple_bind_s(search[0][1][str(settings.LDAP_DN)][0],password)
42         except ldap.LDAPError:
43             #could not bind as user - password is incorrect
44             raise InvalidAuthentication(_('Login failed. Please enter valid username and password (both are case-sensitive)'))
45         ldapo.unbind_s()
46
47         try:
48             return User.objects.get(username=username)
49         except User.DoesNotExist:
50             userinfo = search[0][1]
51             _user = User( username = userinfo[str(settings.LDAP_UID)][0],
52                           email = userinfo[str(settings.LDAP_MAIL)][0],
53                           real_name = userinfo[str(settings.LDAP_NAME)][0] )
54             _user.email_isvalid = True
55             _user.set_unusable_password()
56             _user.save()
57             UserJoinsAction(user=_user, ip=request.META['REMOTE_ADDR']).save()
58             return _user
59
60 class LDAPAuthContext(ConsumerTemplateContext):
61     mode = 'STACK_ITEM'
62     weight = 1000
63     human_name = 'LDAP authentication'
64     stack_item_template = 'modules/ldapauth/loginform.html'
65     show_to_logged_in_user = False