Compare commits
No commits in common. "d75ae864097ef23850507ac04fddc2c0f0e6a352" and "048c8927b839f272574093ac5b21dc3f5d8fea5e" have entirely different histories.
d75ae86409
...
048c8927b8
7 changed files with 45 additions and 65 deletions
|
@ -1,5 +1,6 @@
|
||||||
from django.contrib import admin
|
from django.contrib import admin
|
||||||
|
from django.contrib.auth.admin import UserAdmin
|
||||||
|
|
||||||
from userausfall.models import User
|
from userausfall.models import User
|
||||||
|
|
||||||
admin.site.register(User)
|
admin.site.register(User, UserAdmin)
|
||||||
|
|
|
@ -1,21 +0,0 @@
|
||||||
from django.conf import settings
|
|
||||||
from ldap3 import Server, Connection, SYNC
|
|
||||||
|
|
||||||
|
|
||||||
def create_account(username, raw_password):
|
|
||||||
server = Server("localhost")
|
|
||||||
# The SAFE_SYNC client strategy doesn't seem to be present in Buster version of ldap3. We might want to use it as
|
|
||||||
# soon as it is available (multithreading).
|
|
||||||
connection = Connection(
|
|
||||||
server,
|
|
||||||
settings.USERAUSFALL_LDAP["ADMIN_USER_DN"],
|
|
||||||
settings.USERAUSFALL_LDAP["ADMIN_USER_PASSWORD"],
|
|
||||||
client_strategy=SYNC,
|
|
||||||
auto_bind=True,
|
|
||||||
)
|
|
||||||
is_success = connection.add(
|
|
||||||
f"cn={username},dc=local",
|
|
||||||
["simpleSecurityObject", "organizationalRole"],
|
|
||||||
{"userPassword": raw_password},
|
|
||||||
)
|
|
||||||
return is_success
|
|
|
@ -1,16 +0,0 @@
|
||||||
# Generated by Django 2.2.20 on 2021-05-19 08:10
|
|
||||||
|
|
||||||
from django.db import migrations
|
|
||||||
|
|
||||||
|
|
||||||
class Migration(migrations.Migration):
|
|
||||||
|
|
||||||
dependencies = [
|
|
||||||
('userausfall', '0004_user_confidant'),
|
|
||||||
]
|
|
||||||
|
|
||||||
operations = [
|
|
||||||
migrations.DeleteModel(
|
|
||||||
name='AccountRequest',
|
|
||||||
),
|
|
||||||
]
|
|
|
@ -6,18 +6,6 @@ from django.db import models
|
||||||
from django.utils import timezone
|
from django.utils import timezone
|
||||||
from django.utils.translation import gettext_lazy as _
|
from django.utils.translation import gettext_lazy as _
|
||||||
|
|
||||||
from userausfall import ldap
|
|
||||||
|
|
||||||
|
|
||||||
class MissingUserAttribute(Exception):
|
|
||||||
"""The user object is missing a required attribute."""
|
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
class PasswordMismatch(Exception):
|
|
||||||
"""The given password does not match the user's password."""
|
|
||||||
pass
|
|
||||||
|
|
||||||
|
|
||||||
class UserManager(BaseUserManager):
|
class UserManager(BaseUserManager):
|
||||||
use_in_migrations = True
|
use_in_migrations = True
|
||||||
|
@ -63,12 +51,22 @@ class User(AbstractBaseUser, PermissionsMixin):
|
||||||
},
|
},
|
||||||
blank=True,
|
blank=True,
|
||||||
)
|
)
|
||||||
|
first_name = models.CharField(_('first name'), max_length=30, blank=True)
|
||||||
|
last_name = models.CharField(_('last name'), max_length=150, blank=True)
|
||||||
email = models.EmailField(_('email address'), unique=True, blank=True)
|
email = models.EmailField(_('email address'), unique=True, blank=True)
|
||||||
is_staff = models.BooleanField(
|
is_staff = models.BooleanField(
|
||||||
_('staff status'),
|
_('staff status'),
|
||||||
default=False,
|
default=False,
|
||||||
help_text=_('Designates whether the user can log into this admin site.'),
|
help_text=_('Designates whether the user can log into this admin site.'),
|
||||||
)
|
)
|
||||||
|
is_active = models.BooleanField(
|
||||||
|
_('active'),
|
||||||
|
default=True,
|
||||||
|
help_text=_(
|
||||||
|
'Designates whether this user should be treated as active. '
|
||||||
|
'Unselect this instead of deleting accounts.'
|
||||||
|
),
|
||||||
|
)
|
||||||
date_joined = models.DateTimeField(_('date joined'), default=timezone.now)
|
date_joined = models.DateTimeField(_('date joined'), default=timezone.now)
|
||||||
confidant = models.ForeignKey("User", on_delete=models.SET_NULL, null=True)
|
confidant = models.ForeignKey("User", on_delete=models.SET_NULL, null=True)
|
||||||
|
|
||||||
|
@ -89,16 +87,29 @@ class User(AbstractBaseUser, PermissionsMixin):
|
||||||
def get_confidant_email(self):
|
def get_confidant_email(self):
|
||||||
return ""
|
return ""
|
||||||
|
|
||||||
|
def get_full_name(self):
|
||||||
|
"""
|
||||||
|
Return the first_name plus the last_name, with a space in between.
|
||||||
|
"""
|
||||||
|
full_name = '%s %s' % (self.first_name, self.last_name)
|
||||||
|
return full_name.strip()
|
||||||
|
|
||||||
|
def get_short_name(self):
|
||||||
|
"""Return the short name for the user."""
|
||||||
|
return self.first_name
|
||||||
|
|
||||||
def email_user(self, subject, message, from_email=None, **kwargs):
|
def email_user(self, subject, message, from_email=None, **kwargs):
|
||||||
"""Send an email to this user."""
|
"""Send an email to this user."""
|
||||||
send_mail(subject, message, from_email, [self.email], **kwargs)
|
send_mail(subject, message, from_email, [self.email], **kwargs)
|
||||||
|
|
||||||
def create_ldap_account(self, raw_password):
|
|
||||||
"""Create the LDAP account which corresponds to this user."""
|
class AccountRequest(models.Model):
|
||||||
if not self.username:
|
created_time = models.DateTimeField(auto_now_add=True)
|
||||||
raise MissingUserAttribute("User is missing a username.")
|
|
||||||
if not self.confidant:
|
email = models.EmailField()
|
||||||
raise MissingUserAttribute("User is missing a confirmed confidant.")
|
is_verified = models.BooleanField(default=False)
|
||||||
if not self.check_password(raw_password):
|
|
||||||
raise PasswordMismatch("The given password does not match the user's password.")
|
confidant_email = models.EmailField(blank=True)
|
||||||
return ldap.create_account(self.username, raw_password)
|
is_trustable = models.BooleanField(default=False)
|
||||||
|
|
||||||
|
username = models.CharField(max_length=100, blank=True)
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
from rest_framework import serializers
|
from rest_framework import serializers
|
||||||
|
|
||||||
from userausfall.models import User
|
from userausfall.models import AccountRequest, User
|
||||||
|
|
||||||
|
|
||||||
class UserSerializer(serializers.ModelSerializer):
|
class UserSerializer(serializers.ModelSerializer):
|
||||||
|
|
|
@ -149,8 +149,3 @@ REST_FRAMEWORK = {
|
||||||
'rest_framework.authentication.SessionAuthentication',
|
'rest_framework.authentication.SessionAuthentication',
|
||||||
),
|
),
|
||||||
}
|
}
|
||||||
|
|
||||||
USERAUSFALL_LDAP = {
|
|
||||||
'ADMIN_USER_DN': 'cn=admin,dc=local',
|
|
||||||
'ADMIN_USER_PASSWORD': os.environ.get('USERAUSFALL_LDAP_PASSWORD'),
|
|
||||||
}
|
|
||||||
|
|
|
@ -0,0 +1,10 @@
|
||||||
|
from django.db.models.signals import post_save
|
||||||
|
from django.dispatch import receiver
|
||||||
|
|
||||||
|
from userausfall.models import AccountRequest
|
||||||
|
|
||||||
|
|
||||||
|
@receiver(post_save, sender=AccountRequest)
|
||||||
|
def account_request_saved(sender, instance: AccountRequest, **kwargs):
|
||||||
|
if instance.is_verified and instance.is_trustable and instance.username:
|
||||||
|
print('Create account and send password mail')
|
Reference in a new issue