Expose any external account as a user property

This adds a field to the user object to denote whether and what kind of
user account it is.

For normal accounts this field will be null.
For social auth accounts it will be "social"
for radius accounts it will be "radius"

This change also prevents a radius user from changing their local
password thus bypassing the password caching feature of django-radius
This commit is contained in:
Matthew Jones
2016-06-02 16:58:19 -04:00
parent 1881af8e77
commit 26b31fedbc
2 changed files with 35 additions and 1 deletions

View File

@@ -6,6 +6,7 @@ import logging
# Django
from django.dispatch import receiver
from django.contrib.auth.models import User
from django.conf import settings as django_settings
# django-auth-ldap
@@ -104,6 +105,18 @@ class RADIUSBackend(BaseRADIUSBackend):
return None
return super(RADIUSBackend, self).get_user(user_id)
def get_django_user(self, username, password=None):
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
user = User(username=username)
if password is not None:
user.set_unusable_password()
user.save()
return user
class TowerSAMLIdentityProvider(BaseSAMLIdentityProvider):
'''