2021-04-14 10:30:52 +02:00
|
|
|
from django.contrib.auth.base_user import AbstractBaseUser, BaseUserManager
|
|
|
|
from django.contrib.auth.models import PermissionsMixin
|
|
|
|
from django.contrib.auth.validators import UnicodeUsernameValidator
|
2021-04-14 10:55:23 +02:00
|
|
|
from django.core.mail import send_mail
|
2021-04-12 11:16:56 +02:00
|
|
|
from django.db import models
|
2021-04-14 10:30:52 +02:00
|
|
|
from django.utils import timezone
|
|
|
|
from django.utils.translation import gettext_lazy as _
|
2021-04-12 09:55:30 +02:00
|
|
|
|
2021-05-19 12:38:17 +02:00
|
|
|
from userausfall import ldap
|
|
|
|
|
|
|
|
|
|
|
|
class MissingUserAttribute(Exception):
|
|
|
|
"""The user object is missing a required attribute."""
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
class PasswordMismatch(Exception):
|
|
|
|
"""The given password does not match the user's password."""
|
|
|
|
pass
|
|
|
|
|
2021-04-12 09:55:30 +02:00
|
|
|
|
2021-04-14 10:30:52 +02:00
|
|
|
class UserManager(BaseUserManager):
|
|
|
|
use_in_migrations = True
|
|
|
|
|
|
|
|
def _create_user(self, email, password, **extra_fields):
|
|
|
|
"""
|
|
|
|
Create and save a user with the given username, email, and password.
|
|
|
|
"""
|
|
|
|
email = self.normalize_email(email)
|
|
|
|
# TODO: username = self.model.normalize_username(username)
|
|
|
|
user = self.model(email=email, **extra_fields)
|
|
|
|
user.set_password(password)
|
|
|
|
user.save(using=self._db)
|
|
|
|
return user
|
|
|
|
|
|
|
|
def create_user(self, email, password=None, **extra_fields):
|
|
|
|
extra_fields.setdefault('is_staff', False)
|
|
|
|
extra_fields.setdefault('is_superuser', False)
|
|
|
|
return self._create_user(email, password, **extra_fields)
|
|
|
|
|
2021-04-14 11:21:39 +02:00
|
|
|
def create_superuser(self, email, password, **extra_fields):
|
2021-04-14 10:30:52 +02:00
|
|
|
extra_fields.setdefault('is_staff', True)
|
|
|
|
extra_fields.setdefault('is_superuser', True)
|
|
|
|
|
|
|
|
if extra_fields.get('is_staff') is not True:
|
|
|
|
raise ValueError('Superuser must have is_staff=True.')
|
|
|
|
if extra_fields.get('is_superuser') is not True:
|
|
|
|
raise ValueError('Superuser must have is_superuser=True.')
|
|
|
|
|
2021-04-14 10:55:23 +02:00
|
|
|
return self._create_user(email, password, **extra_fields)
|
2021-04-14 10:30:52 +02:00
|
|
|
|
|
|
|
|
|
|
|
class User(AbstractBaseUser, PermissionsMixin):
|
|
|
|
username_validator = UnicodeUsernameValidator()
|
|
|
|
|
|
|
|
username = models.CharField(
|
|
|
|
_('username'),
|
|
|
|
max_length=150,
|
|
|
|
help_text=_('Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only.'),
|
|
|
|
validators=[username_validator],
|
|
|
|
error_messages={
|
|
|
|
'unique': _("A user with that username already exists."),
|
|
|
|
},
|
|
|
|
blank=True,
|
|
|
|
)
|
|
|
|
email = models.EmailField(_('email address'), unique=True, blank=True)
|
|
|
|
is_staff = models.BooleanField(
|
|
|
|
_('staff status'),
|
|
|
|
default=False,
|
|
|
|
help_text=_('Designates whether the user can log into this admin site.'),
|
|
|
|
)
|
|
|
|
date_joined = models.DateTimeField(_('date joined'), default=timezone.now)
|
2021-05-18 11:06:02 +02:00
|
|
|
confidant = models.ForeignKey("User", on_delete=models.SET_NULL, null=True)
|
2021-04-14 10:30:52 +02:00
|
|
|
|
|
|
|
objects = UserManager()
|
|
|
|
|
|
|
|
EMAIL_FIELD = 'email'
|
|
|
|
USERNAME_FIELD = 'email'
|
|
|
|
REQUIRED_FIELDS = []
|
|
|
|
|
|
|
|
class Meta:
|
|
|
|
verbose_name = _('user')
|
|
|
|
verbose_name_plural = _('users')
|
|
|
|
|
|
|
|
def clean(self):
|
|
|
|
super().clean()
|
|
|
|
self.email = self.__class__.objects.normalize_email(self.email)
|
|
|
|
|
2021-05-18 11:06:02 +02:00
|
|
|
def get_confidant_email(self):
|
|
|
|
return ""
|
|
|
|
|
2021-04-14 10:30:52 +02:00
|
|
|
def email_user(self, subject, message, from_email=None, **kwargs):
|
|
|
|
"""Send an email to this user."""
|
|
|
|
send_mail(subject, message, from_email, [self.email], **kwargs)
|
2021-05-19 12:38:17 +02:00
|
|
|
|
|
|
|
def create_ldap_account(self, raw_password):
|
|
|
|
"""Create the LDAP account which corresponds to this user."""
|
|
|
|
if not self.username:
|
|
|
|
raise MissingUserAttribute("User is missing a username.")
|
|
|
|
if not self.confidant:
|
|
|
|
raise MissingUserAttribute("User is missing a confirmed confidant.")
|
|
|
|
if not self.check_password(raw_password):
|
|
|
|
raise PasswordMismatch("The given password does not match the user's password.")
|
|
|
|
return ldap.create_account(self.username, raw_password)
|