Commit 3067a452 authored by David Seaward's avatar David Seaward

clean up dependencies for custom authentication

* `custom` depends on `models`
* `models` stands alone
* additional fixes from testing
parent 8e71aac4
......@@ -2,13 +2,11 @@ import logging
from django.conf import settings
from django.contrib.auth.password_validation import MinimumLengthValidator as BaseValidator
from django.core import validators
from django.utils.deconstruct import deconstructible
from django.utils.translation import ugettext_lazy as _
from django_auth_ldap.backend import LDAPBackend as BaseBackend
from woocommerce import API as WOOCOMMERCE_API
from .models import UserManager
from .models import User
log = logging.getLogger(__name__)
......@@ -26,13 +24,14 @@ class AuthenticationBackend(BaseBackend):
jwt_wcapi = WOOCOMMERCE_API(
url=settings.WOO_URL,
# consumer_key=settings.WOO_CONSUMER_KEY,
# consumer_secret=settings.WOO_CONSUMER_SECRET,
consumer_key=settings.WOO_CONSUMER_KEY,
consumer_secret=settings.WOO_CONSUMER_SECRET,
wp_api=True,
version="jwt-auth/v1",
)
jwt_response = jwt_wcapi.post("token", {"username": username, "password": password})
jwt_status = jwt_response.status_code
jwt_token = jwt_response.json().get("token", None)
jwt_code = jwt_response.json().get("code", None)
......@@ -46,7 +45,7 @@ class AuthenticationBackend(BaseBackend):
is_valid = False
else:
# raise exception for an unrecognised failure
raise Exception("Unrecognised JWT response: %s" % (jwt_response,))
raise Exception("Unrecognised JWT response: %s" % (jwt_response.json(),))
except Exception as e:
logging.exception("JWT authentication failed with an unrecognised error: %s" % (e,))
......@@ -54,7 +53,7 @@ class AuthenticationBackend(BaseBackend):
return is_valid
def authenticate(self, request=None, username=None, password=None, **kwargs):
user_model = self.get_user_model()
user_model = User
normalized_username = user_model.normalize_username(username)
# first attempt LDAP authentication (with early exit)
......@@ -68,7 +67,11 @@ class AuthenticationBackend(BaseBackend):
# (if successful, create and return LDAP user, otherwise return None)
if self.is_valid_jwt(normalized_username, password):
UserManager.create_user(username=normalized_username, email=None, password=password)
user = user_model(username=username, email=None)
user.set_password(password)
user.save()
return super(AuthenticationBackend, self).authenticate(request, normalized_username, password, **kwargs)
else:
return None
......@@ -76,15 +79,6 @@ class AuthenticationBackend(BaseBackend):
# TODO: also validate, so that existing but invalid usernames are not permitted?
@deconstructible
class UsernameValidator(validators.RegexValidator):
regex = r'^[A-Za-z][A-Za-z0-9]*$'
message = _(
'Enter a valid username. Must start with a letter, followed by letters and numbers.'
' No punctuation or special characters.'
)
class PassphraseValidator(BaseValidator):
# TODO: bundle in all the other validators from django.contrib.auth.password_validation
......
......@@ -3,19 +3,29 @@ import logging
from django.conf import settings
from django.contrib.auth.models import AbstractUser
from django.contrib.auth.models import UserManager as BaseUserManager
from django.core import validators
from django.db import models
from django.utils import timezone
from django.utils.crypto import salted_hmac
from django.utils.deconstruct import deconstructible
from django.utils.translation import ugettext_lazy as _
from ldapregister.models import LdapPerson
from limitmonitor import models as limitmonitor_models
from limitmonitor.task_resources import common as limitmonitor_common
from .custom import UsernameValidator
log = logging.getLogger(__name__)
@deconstructible
class UsernameValidator(validators.RegexValidator):
regex = r'^[A-Za-z][A-Za-z0-9]*$'
message = _(
'Enter a valid username. Must start with a letter, followed by letters and numbers.'
' No punctuation or special characters.'
)
class UserManager(BaseUserManager):
def create_user(self, username, email=None, password=None, **extra_fields):
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment