Restrict the collectivity selectors to collectivities linked to the certificate, if only one collectivity exists, set readonly (fixes #7651)
This commit is contained in:
parent
06630a6ab8
commit
590dc442be
|
@ -44,12 +44,14 @@ class PraticSSLBackend(BaseBackend):
|
|||
class PraticLoginPasswordSSLBackend(PraticLoginPasswordBackend):
|
||||
def authenticate(self, collectivity, username, password, ssl_info):
|
||||
user = super(PraticLoginPasswordSSLBackend, self).authenticate(collectivity, username, password)
|
||||
if user:
|
||||
col = user.collectivity
|
||||
if col.certificate_issuer_dn and \
|
||||
col.certificate_subject_dn and \
|
||||
col.certificate_issuer_dn == ssl_info.issuer_dn and \
|
||||
col.certificate_subject_dn == ssl_info.subject_dn:
|
||||
if collectivity not in list(ssl_info.collectivity):
|
||||
return
|
||||
try:
|
||||
user = models.User.objects.select_related().get(collectivity=collectivity, uid=username)
|
||||
except models.User.DoesNotExist:
|
||||
pass
|
||||
else:
|
||||
if user.check_password(password):
|
||||
return user
|
||||
|
||||
def get_saml2_authn_context(self, **kwargs):
|
||||
|
|
|
@ -148,7 +148,10 @@ class AuthenticationForm(forms.Form):
|
|||
super(AuthenticationForm, self).__init__(*args, **kwargs)
|
||||
if request and hasattr(request, 'ssl_info') and request.ssl_info \
|
||||
and request.ssl_info.collectivity:
|
||||
self.fields['collectivity'].initial = request.ssl_info.collectivity.pk
|
||||
self.fields['collectivity'].queryset = request.ssl_info.collectivity
|
||||
self.fields['collectivity'].initial = request.ssl_info.collectivity[0].pk
|
||||
if len(request.ssl_info.collectivity) < 2:
|
||||
self.fields['collectivity'].widget.attrs['readonly'] = 'readonly'
|
||||
|
||||
def clean(self):
|
||||
collectivity = self.cleaned_data.get('collectivity')
|
||||
|
|
|
@ -39,9 +39,13 @@
|
|||
|
||||
{% if request.ssl_info and request.ssl_info.collectivity %}
|
||||
<p class="pratic-ssl-collectivity-auth">
|
||||
{% blocktrans with collectivity=request.ssl_info.collectivity %}You are
|
||||
authenticated with certificate of collectivity <em>{{collectivity}}.</em> It has
|
||||
been pre-selected for you.{% endblocktrans %}
|
||||
{% with collectivities=request.ssl_info.collectivity counter=collectivities|length %}
|
||||
{% if counter < 2 %}
|
||||
{% blocktrans with first=collectivities.0 %}You are authenticated with certificate of collectivity <em>{{ first }}.</em> It has been pre-selected for you.{% endblocktrans %}
|
||||
{% else %}
|
||||
{% blocktrans with all=collectivities|join:", " %}You are authenticated with certificate of collectivities <em>{{ all }}.</em> It has been pre-selected for you.{% endblocktrans %}
|
||||
{% endif %}
|
||||
{% endwith %}
|
||||
</p>
|
||||
{% endif %}
|
||||
|
||||
|
|
|
@ -50,10 +50,7 @@ class SSLInfo(object):
|
|||
if self.issuer_dn and self.subject_dn:
|
||||
kwargs = dict(certificate_issuer_dn=self.issuer_dn,
|
||||
certificate_subject_dn=self.subject_dn)
|
||||
try:
|
||||
self.__dict__['collectivity'] = models.Collectivity.objects.get(**kwargs)
|
||||
except models.Collectivity.DoesNotExist:
|
||||
self.__dict__['collectivity'] = None
|
||||
self.__dict__['collectivity'] = models.Collectivity.objects.filter(**kwargs)
|
||||
self.__dict__['users'] = models.User.objects.filter(**kwargs).select_related()
|
||||
else:
|
||||
self.__dict__['collectivity'] = None
|
||||
|
|
Reference in New Issue