2013-11-04 23:16:46 +01:00
|
|
|
from __future__ import absolute_import
|
|
|
|
|
|
|
|
from django.contrib.auth.backends import RemoteUserBackend
|
2013-11-04 23:42:31 +01:00
|
|
|
import django.contrib.auth
|
|
|
|
|
2013-08-06 22:51:47 +02:00
|
|
|
from zerver.models import UserProfile, get_user_profile_by_id, \
|
2013-11-04 23:16:46 +01:00
|
|
|
get_user_profile_by_email, remote_user_to_email
|
2013-08-06 22:51:47 +02:00
|
|
|
|
|
|
|
from openid.consumer.consumer import SUCCESS
|
|
|
|
|
2013-11-04 23:42:31 +01:00
|
|
|
def password_auth_enabled():
|
|
|
|
for backend in django.contrib.auth.get_backends():
|
|
|
|
if isinstance(backend, EmailAuthBackend):
|
|
|
|
return True
|
|
|
|
return False
|
|
|
|
|
2013-11-01 20:22:12 +01:00
|
|
|
class ZulipAuthMixin(object):
|
|
|
|
def get_user(self, user_profile_id):
|
|
|
|
""" Get a UserProfile object from the user_profile_id. """
|
|
|
|
try:
|
|
|
|
return get_user_profile_by_id(user_profile_id)
|
|
|
|
except UserProfile.DoesNotExist:
|
|
|
|
return None
|
|
|
|
|
|
|
|
class EmailAuthBackend(ZulipAuthMixin):
|
2013-08-06 22:51:47 +02:00
|
|
|
"""
|
|
|
|
Email Authentication Backend
|
|
|
|
|
|
|
|
Allows a user to sign in using an email/password pair rather than
|
|
|
|
a username/password pair.
|
|
|
|
"""
|
|
|
|
|
|
|
|
def authenticate(self, username=None, password=None):
|
|
|
|
""" Authenticate a user based on email address as the user name. """
|
|
|
|
if username is None or password is None:
|
|
|
|
# Return immediately. Otherwise we will look for a SQL row with
|
|
|
|
# NULL username. While that's probably harmless, it's needless
|
|
|
|
# exposure.
|
|
|
|
return None
|
|
|
|
|
|
|
|
try:
|
|
|
|
user_profile = get_user_profile_by_email(username)
|
|
|
|
if user_profile.check_password(password):
|
|
|
|
return user_profile
|
|
|
|
except UserProfile.DoesNotExist:
|
|
|
|
return None
|
|
|
|
|
|
|
|
# Adapted from http://djangosnippets.org/snippets/2183/ by user Hangya (September 1, 2010)
|
|
|
|
|
2013-11-01 20:22:12 +01:00
|
|
|
class GoogleBackend(ZulipAuthMixin):
|
2013-08-06 22:51:47 +02:00
|
|
|
def authenticate(self, openid_response):
|
|
|
|
if openid_response is None:
|
|
|
|
return None
|
|
|
|
if openid_response.status != SUCCESS:
|
|
|
|
return None
|
|
|
|
|
|
|
|
google_email = openid_response.getSigned('http://openid.net/srv/ax/1.0', 'value.email')
|
|
|
|
|
|
|
|
try:
|
|
|
|
user_profile = get_user_profile_by_email(google_email)
|
|
|
|
except UserProfile.DoesNotExist:
|
|
|
|
# create a new user, or send a message to admins, etc.
|
|
|
|
return None
|
|
|
|
|
|
|
|
return user_profile
|
|
|
|
|
2013-11-04 23:16:46 +01:00
|
|
|
class ZulipRemoteUserBackend(RemoteUserBackend):
|
|
|
|
create_unknown_user = False
|
|
|
|
|
|
|
|
def authenticate(self, remote_user):
|
|
|
|
if not remote_user:
|
|
|
|
return
|
|
|
|
|
|
|
|
email = remote_user_to_email(remote_user)
|
|
|
|
|
|
|
|
try:
|
|
|
|
return get_user_profile_by_email(email)
|
|
|
|
except UserProfile.DoesNotExist:
|
|
|
|
return None
|