entrouvert
/
authentic
16
0
Fork 0
Code Issues Pull Requests 32 Releases Activity

misc: remove all use of a get_user_model (#40685) 

It should only be used in reusable library.
This commit is contained in:
Benjamin Dauvergne 2023-12-14 21:48:14 +01:00
parent 0a81164beb
commit 110d5073b9
37 changed files with 96 additions and 140 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/authentic2/a2_rbac/managers.py
View File

@ -18,7 +18,6 @@ import contextlib
import datetime
import threading
from django.contrib.auth import get_user_model
from django.contrib.contenttypes.models import ContentType
from django.db import connection, models
from django.db.models import query
@ -167,7 +166,8 @@ class RoleQuerySet(query.QuerySet):
return qs
def all_members(self):
User = get_user_model()
from authentic2.custom_user.models import User
prefetch = Prefetch('roles', queryset=self, to_attr='direct')
return (
User.objects.filter(

4
src/authentic2/a2_rbac/models.py
View File

@ -20,7 +20,6 @@ from collections import namedtuple
from django.apps import apps
from django.conf import settings
from django.contrib.auth import get_user_model
from django.contrib.contenttypes.fields import GenericForeignKey, GenericRelation
from django.contrib.contenttypes.models import ContentType
from django.contrib.postgres.fields import ArrayField
@ -426,7 +425,8 @@ class Role(AbstractBase):
)
def all_members(self):
User = get_user_model()
from authentic2.custom_user.models import User
prefetch = Prefetch('roles', queryset=self.__class__.objects.filter(pk=self.pk), to_attr='direct')
return (

7
src/authentic2/a2_rbac/utils.py
View File

@ -16,7 +16,6 @@
import uuid
from django.contrib.auth import get_user_model
from django.contrib.contenttypes.models import ContentType
from django.utils.text import slugify
@ -44,7 +43,8 @@ def get_default_ou_pk():
def get_view_user_perm(ou=None):
User = get_user_model()
from authentic2.custom_user.models import User
view_user_perm, dummy = models.Permission.objects.get_or_create(
operation=get_operation(models.VIEW_OP),
target_ct=ContentType.objects.get_for_model(ContentType),
@ -74,7 +74,8 @@ def get_search_ou_perm(ou=None):
def get_manage_authorizations_user_perm(ou=None):
User = get_user_model()
from authentic2.custom_user.models import User
manage_authorizations_user_perm, dummy = models.Permission.objects.get_or_create(
operation=get_operation(models.MANAGE_AUTHORIZATIONS_OP),
target_ct=ContentType.objects.get_for_model(ContentType),

14
src/authentic2/api_views.py
View File

@ -21,7 +21,6 @@ from functools import partial
import requests
from django.conf import settings
from django.contrib.auth import get_user_model
from django.contrib.auth.hashers import identify_hasher
from django.contrib.contenttypes.models import ContentType
from django.core.exceptions import MultipleObjectsReturned
@ -75,8 +74,6 @@ from .utils import misc as utils_misc
from .utils.api import DjangoRBACPermission, NaturalKeyRelatedField
from .utils.lookups import Unaccent
User = get_user_model()
class HookMixin:
def get_serializer(self, *args, **kwargs):
@ -153,7 +150,6 @@ class RegistrationSerializer(serializers.Serializer):
authorized = request.user.has_perm(perm)
if not authorized:
raise serializers.ValidationError(_('you are not authorized to create users in this ou'))
User = get_user_model()
if ou:
if app_settings.A2_EMAIL_IS_UNIQUE or app_settings.A2_REGISTRATION_EMAIL_IS_UNIQUE:
if 'email' not in attrs:
@ -207,7 +203,6 @@ class PasswordChangeSerializer(serializers.Serializer):
new_password = serializers.CharField(required=True, allow_null=True)
def validate(self, attrs):
User = get_user_model()
qs = User.objects.filter(email__iexact=attrs['email'])
if attrs['ou']:
qs = qs.filter(ou=attrs['ou'])
@ -394,7 +389,6 @@ class BaseUserSerializer(serializers.ModelSerializer):
return instance
def validate(self, attrs):
User = get_user_model()
qs = User.objects.all()
ou = None
@ -439,7 +433,7 @@ class BaseUserSerializer(serializers.ModelSerializer):
return attrs
class Meta:
model = get_user_model()
model = User
extra_kwargs = {
'uuid': {
'read_only': False,
@ -556,7 +550,7 @@ class IsoDateTimeFilter(BaseIsoDateTimeFilter):
class UsersFilter(FilterSet):
class Meta:
model = get_user_model()
model = User
fields = {
'username': ['exact', 'iexact'],
'first_name': [
@ -721,7 +715,7 @@ class UsersAPI(api_mixins.GetOrCreateMixinView, HookMixin, ExceptionHandlerMixin
def check_modified_uuids(self, timestamp, users, unknown_uuids):
modified_users_uuids = set()
user_ct = ContentType.objects.get_for_model(get_user_model())
user_ct = ContentType.objects.get_for_model(User)
reference_ids = [reference_integer(user) for user in users]
user_events = Event.objects.filter(
models.Q(reference_ids__overlap=reference_ids) | models.Q(user__in=users),
@ -999,7 +993,6 @@ class UserProfilesAPI(ExceptionHandlerMixin, APIView):
def initial(self, request, *args, **kwargs):
super().initial(request, *args, **kwargs)
User = get_user_model()
self.profile_type = get_object_or_404(ProfileType, slug=kwargs['profile_type_slug'])
self.user = get_object_or_404(User, uuid=kwargs['user_uuid'])
self.identifier = request.GET.get('identifier', '')
@ -1175,7 +1168,6 @@ class RoleMembershipsAPI(ExceptionHandlerMixin, APIView):
def initial(self, request, *, role_uuid=None, role_slug=None, **kwargs):
super().initial(request, role_uuid=role_uuid, role_slug=role_slug, **kwargs)
User = get_user_model()
if role_uuid:
self.role = get_object_or_404(Role, uuid=role_uuid)
if role_slug:

11
src/authentic2/apps/journal/models.py
View File

@ -23,7 +23,6 @@ from contextlib import contextmanager
from datetime import datetime, timedelta
from django.conf import settings
from django.contrib.auth import get_user_model
from django.contrib.contenttypes.models import ContentType
from django.contrib.postgres.fields import ArrayField
from django.core.exceptions import ObjectDoesNotExist
@ -41,8 +40,6 @@ from .utils import Statistics
logger = logging.getLogger(__name__)
User = get_user_model()
_registry = {}
@ -87,6 +84,8 @@ class EventTypeDefinition(metaclass=EventTypeDefinitionMeta):
@classmethod
def record(cls, *, user=None, session=None, references=None, data=None, api=False):
from authentic2.custom_user.models import User
event_type = EventType.objects.get_for_name(cls.name)
if user and not isinstance(user, User):
@ -216,6 +215,8 @@ class EventType(models.Model):
class EventQuerySet(QuerySet):
@classmethod
def _which_references_query(cls, instance_or_model_class_or_queryset):
from authentic2.custom_user.models import User
if isinstance(instance_or_model_class_or_queryset, list):
return functools.reduce(
operator.or_,
@ -315,7 +316,7 @@ class Event(models.Model):
user = models.ForeignKey(
verbose_name=_('user'),
to=User,
to='custom_user.User',
on_delete=models.DO_NOTHING,
db_constraint=False,
blank=True,
@ -489,6 +490,8 @@ class EventCursor(str):
def prefetch_events_references(events, prefetcher=None):
'''Prefetch references on an iterable of events, prevent N+1 queries problem.'''
from authentic2.custom_user.models import User
grouped_references = defaultdict(set)
references = {}

5
src/authentic2/apps/journal/search_engine.py
View File

@ -17,13 +17,12 @@
import re
from functools import reduce
from django.contrib.auth import get_user_model
from django.db.models import Q
from django.utils.translation import gettext_lazy as _
from . import models
from authentic2.custom_user.models import User
User = get_user_model()
from . import models
QUOTED_RE = re.compile(r'^[a-z0-9_-]*:"[^"]*"$')
LEXER_RE = re.compile(r'([a-z0-9_-]*:(?:"[^"]*"|[^ ]*)|[^\s]*)\s*')

4
src/authentic2/attributes_ng/sources/django_user.py
View File

@ -14,10 +14,10 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from django.contrib.auth import get_user_model
from django.utils.translation import gettext_lazy as _
from authentic2.a2_rbac.models import Role
from authentic2.custom_user.models import User
from ...decorators import to_list
from ...models import Attribute, AttributeValue
@ -33,7 +33,6 @@ def get_instances(ctx):
@to_list
def get_attribute_names(instance, ctx):
User = get_user_model()
for field in User._meta.fields:
if field.name == 'ou':
continue
@ -69,7 +68,6 @@ def get_dependencies(instance, ctx):
def get_attributes(instance, ctx):
user = ctx.get('user')
User = get_user_model()
if not user or not isinstance(user, User):
return ctx
for field in User._meta.fields:

5
src/authentic2/backends/__init__.py
View File

@ -14,14 +14,11 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from django.contrib.auth import get_user_model
from authentic2 import app_settings
from authentic2.custom_user.models import User
def get_user_queryset():
User = get_user_model()
qs = User.objects.all()
qs = qs.filter()

16
src/authentic2/backends/ldap_backend.py
View File

@ -33,7 +33,6 @@ import ldap.modlist
import ldap.sasl
from django.conf import settings
from django.contrib import messages
from django.contrib.auth import get_user_model
from django.contrib.auth.models import Group
from django.core.cache import cache
from django.core.exceptions import ImproperlyConfigured
@ -52,6 +51,7 @@ from authentic2.a2_rbac.models import OrganizationalUnit, Role
from authentic2.a2_rbac.utils import get_default_ou
from authentic2.backends import is_user_authenticable
from authentic2.compat_lasso import lasso
from authentic2.custom_user.models import User
from authentic2.ldap_utils import FilterFormatter
from authentic2.middleware import StoreRequestMiddleware
from authentic2.models import Lock, UserExternalId
@ -65,8 +65,6 @@ from authentic2.utils.misc import PasswordChangeError, get_password_authenticato
log = logging.getLogger(__name__)
User = get_user_model()
DEFAULT_CA_BUNDLE = ''
CA_BUNDLE_PATHS = [
@ -393,24 +391,24 @@ class LDAPUser(User):
log.warning('ldap: check_password failed, could not get a connection')
return False
def set_password(self, new_password):
def set_password(self, raw_password):
# Allow change password to work in all cases, as the form does a check_password() first
# if the verify pass, we have the old password stored in self._current_password
_current_password = getattr(self, '_current_password', None) or self.get_password_in_session()
if _current_password != new_password:
if _current_password != raw_password:
conn = self.get_connection()
if not conn:
log.warning('ldap: set_password failed, could not get a connection')
return
try:
self.ldap_backend.modify_password(conn, self.block, self.dn, _current_password, new_password)
self.ldap_backend.modify_password(conn, self.block, self.dn, _current_password, raw_password)
except ldap.LDAPError as e:
log.warning('ldap: set_password failed (%s)', ldap_error_str(e))
raise PasswordChangeError(_('LDAP directory refused the password change.'))
self._current_password = new_password
self.keep_password_in_session(new_password)
self._current_password = raw_password
self.keep_password_in_session(raw_password)
if self.block['keep_password']:
super().set_password(new_password)
super().set_password(raw_password)
else:
self.set_unusable_password()

12
src/authentic2/backends/models_backend.py
View File

@ -17,13 +17,13 @@
import functools
from django.contrib.auth import get_user_model
from django.contrib.auth.backends import ModelBackend as BaseModelBackend
from django.contrib.contenttypes.models import ContentType
from django.db import models
from phonenumbers import PhoneNumberFormat, format_number, is_valid_number
from authentic2.backends import get_user_queryset
from authentic2.custom_user.models import User
from authentic2.models import AttributeValue
from authentic2.user_login_failure import user_login_failure, user_login_success
from authentic2.utils.misc import get_password_authenticator, parse_phone_number
@ -48,7 +48,7 @@ class ModelBackend(BaseModelBackend):
username_field = 'username'
queries = []
password_authenticator = get_password_authenticator()
user_ct = ContentType.objects.get_for_model(get_user_model())
user_ct = ContentType.objects.get_for_model(User)
if password_authenticator.accept_email_authentication:
queries.append(models.Q(**{'email__iexact': username}))
if password_authenticator.is_phone_authn_active:
@ -82,14 +82,13 @@ class ModelBackend(BaseModelBackend):
return bool(a2_models.PasswordReset.filter(user=user).count())
def authenticate(self, request, username=None, password=None, realm=None, ou=None):
UserModel = get_user_model()
if not username:
return
query = self.get_query(username=username, realm=realm, ou=ou)
users = get_user_queryset().filter(query)
# order by username to make username without realm come before usernames with realms
# i.e. "toto" should come before "toto@example.com"
users = users.order_by('-is_active', UserModel.USERNAME_FIELD, 'id')
users = users.order_by('-is_active', User.USERNAME_FIELD, 'id')
for user in users:
if user.check_password(password):
user_login_success(user.get_username())
@ -100,10 +99,9 @@ class ModelBackend(BaseModelBackend):
request.failed_logins.update({user: {}})
def get_user(self, user_id):
UserModel = get_user_model()
try:
user = UserModel._default_manager.get(pk=user_id)
except UserModel.DoesNotExist:
user = User._default_manager.get(pk=user_id)
except User.DoesNotExist:
return None
return user

3
src/authentic2/custom_user/apps.py
View File

@ -38,12 +38,12 @@ class CustomUserConfig(AppConfig):
self, app_config, verbosity=2, interactive=True, using=DEFAULT_DB_ALIAS, **kwargs
):
from django.conf import settings
from django.contrib.auth import get_user_model
from django.contrib.contenttypes.models import ContentType
from django.utils import translation
from django.utils.translation import gettext_lazy as _
from authentic2.attribute_kinds import get_kind
from authentic2.custom_user.models import User
from authentic2.models import Attribute, AttributeValue
if not router.allow_migrate(using, Attribute):
@ -53,7 +53,6 @@ class CustomUserConfig(AppConfig):
return
translation.activate(settings.LANGUAGE_CODE)
User = get_user_model()
content_type = ContentType.objects.get_for_model(User)
attrs = {}

9
src/authentic2/custom_user/management/commands/changepassword.py
View File

@ -17,13 +17,14 @@
import getpass
from django.contrib.auth import get_user_model
from django.core.exceptions import MultipleObjectsReturned
from django.core.management.base import BaseCommand, CommandError
from django.db import DEFAULT_DB_ALIAS
from django.db.models.query import Q
from django.utils.encoding import force_str
from authentic2.custom_user.models import User
class Command(BaseCommand):
help = "Change a user's password for django.contrib.auth."
@ -51,13 +52,11 @@ class Command(BaseCommand):
if not username:
username = getpass.getuser()
UserModel = get_user_model()
qs = UserModel._default_manager.using(options.get('database'))
qs = User._default_manager.using(options.get('database'))
qs = qs.filter(Q(uuid=username) | Q(username=username) | Q(email__iexact=username))
try:
u = qs.get()
except UserModel.DoesNotExist:
except User.DoesNotExist:
raise CommandError("user '%s' does not exist" % username)
except MultipleObjectsReturned:
while True:

4
src/authentic2/forms/passwords.py
View File

@ -19,13 +19,13 @@ from collections import OrderedDict
from django import forms
from django.contrib.auth import forms as auth_forms
from django.contrib.auth import get_user_model
from django.contrib.contenttypes.models import ContentType
from django.core.exceptions import ValidationError
from django.forms import Form
from django.utils.translation import gettext_lazy as _
from authentic2.backends.ldap_backend import LDAPUser
from authentic2.custom_user.models import User
from authentic2.journal import journal
from authentic2.passwords import validate_password
from authentic2.utils.misc import get_password_authenticator
@ -92,7 +92,7 @@ class PasswordResetForm(HoneypotForm):
def clean_phone(self):
phone = self.cleaned_data.get('phone')
user_ct = ContentType.objects.get_for_model(get_user_model())
user_ct = ContentType.objects.get_for_model(User)
if phone:
user_ids = models.AttributeValue.objects.filter(
attribute=self.authenticator.phone_identifier_field,

4
src/authentic2/forms/registration.py
View File

@ -17,7 +17,6 @@
import re
from django.conf import settings
from django.contrib.auth import get_user_model
from django.contrib.auth.models import BaseUserManager
from django.core.exceptions import ValidationError
from django.core.validators import RegexValidator
@ -26,6 +25,7 @@ from django.utils.translation import gettext
from django.utils.translation import gettext_lazy as _
from authentic2.a2_rbac.models import OrganizationalUnit
from authentic2.custom_user.models import User
from authentic2.forms.fields import CharField, CheckPasswordField, NewPasswordField
from authentic2.passwords import validate_password
@ -36,8 +36,6 @@ from .fields import PhoneField, ValidatedEmailField
from .honeypot import HoneypotForm
from .utils import NextUrlFormMixin
User = get_user_model()
class RegistrationForm(HoneypotForm):
error_css_class = 'form-field-error'

4
src/authentic2/forms/widgets.py
View File

@ -31,7 +31,6 @@ import uuid
import phonenumbers
from django import forms
from django.conf import settings
from django.contrib.auth import get_user_model
from django.forms.widgets import ClearableFileInput, DateInput, DateTimeInput
from django.forms.widgets import EmailInput as BaseEmailInput
from django.forms.widgets import MultiWidget
@ -45,6 +44,7 @@ from django.utils.translation import gettext_lazy as _
from gadjo.templatetags.gadjo import xstatic
from authentic2 import app_settings
from authentic2.custom_user.models import User
from authentic2.models import Attribute
from authentic2.passwords import get_password_checker
@ -379,7 +379,7 @@ class SelectAttributeWidget(forms.Select):
def get_options():
choices = {}
for name in ('email', 'username', 'first_name', 'last_name'):
field = get_user_model()._meta.get_field(name)
field = User._meta.get_field(name)
choices[name] = '%s (%s)' % (capfirst(field.verbose_name), name)
for attribute in Attribute.objects.exclude(name__in=choices):
choices[attribute.name] = '%s (%s)' % (attribute.label, attribute.name)

5
src/authentic2/idp/saml/saml2_endpoints.py
View File

@ -44,7 +44,7 @@ from urllib.parse import quote, urlencode
from django.conf import settings
from django.contrib import messages
from django.contrib.auth import BACKEND_SESSION_KEY, REDIRECT_FIELD_NAME, get_user_model, load_backend
from django.contrib.auth import BACKEND_SESSION_KEY, REDIRECT_FIELD_NAME, load_backend
from django.contrib.auth.decorators import login_required
from django.core.exceptions import ObjectDoesNotExist
from django.http import HttpResponse, HttpResponseBadRequest, HttpResponseForbidden, HttpResponseRedirect
@ -62,6 +62,7 @@ from authentic2 import views as a2_views
from authentic2.attributes_ng.engine import get_attributes
from authentic2.compat_lasso import lasso
from authentic2.constants import NONCE_FIELD_NAME
from authentic2.custom_user.models import User
from authentic2.idp.saml.common import kill_django_sessions
from authentic2.saml import saml2utils
from authentic2.saml.common import (
@ -118,8 +119,6 @@ from authentic2.views import passive_login
from . import app_settings
User = get_user_model()
logger = logging.getLogger(__name__)

4
src/authentic2/management/commands/clean-unused-accounts.py
View File

@ -20,7 +20,6 @@ import urllib.parse
from datetime import timedelta
from django.conf import settings
from django.contrib.auth import get_user_model
from django.core.management.base import BaseCommand
from django.db import transaction
from django.db.models import F, Q
@ -30,14 +29,13 @@ from authentic2 import app_settings
from authentic2.a2_rbac.models import OrganizationalUnit
from authentic2.backends import get_user_queryset
from authentic2.backends.ldap_backend import LDAPBackend
from authentic2.custom_user.models import User
from authentic2.journal_event_types import UserDeletionForInactivity, UserNotificationInactivity
from authentic2.utils import sms as utils_sms
from authentic2.utils.misc import get_password_authenticator, send_templated_mail
logger = logging.getLogger(__name__)
User = get_user_model()
class Command(BaseCommand):
help = '''Clean unused accounts'''

3
src/authentic2/management/commands/load-ldif.py
View File

@ -19,10 +19,10 @@ import json
import logging
import ldif
from django.contrib.auth import get_user_model
from django.core.management.base import BaseCommand
from django.db.transaction import atomic
from authentic2.custom_user.models import User
from authentic2.hashers import olap_password_to_dj
from authentic2.models import Attribute
@ -44,7 +44,6 @@ class DjangoUserLDIFParser(ldif.LDIFParser):
ldif.LDIFParser.__init__(self, *args, **kwargs)
def handle(self, dn, entry):
User = get_user_model()
if self.object_class not in entry['objectClass']:
if self.verbosity >= 2:
self.command.stdout.write('Ignoring entry %r' % dn)

4
src/authentic2/management/commands/resetpassword.py
View File

@ -16,15 +16,13 @@
import getpass
from django.contrib.auth import get_user_model
from django.core.management.base import BaseCommand, CommandError
from django.db import DEFAULT_DB_ALIAS
from authentic2.custom_user.models import User
from authentic2.models import PasswordReset
from authentic2.utils.misc import generate_password
User = get_user_model()
class Command(BaseCommand):
help = "Reset a user's password for django.contrib.auth."

5
src/authentic2/management/commands/slapd-shell.py
View File

@ -20,11 +20,12 @@ import logging
import re
import sys
from django.contrib.auth import get_user_model
from django.core.management.base import BaseCommand
from ldap.dn import escape_dn_chars
from ldif import LDIFWriter
from authentic2.custom_user.models import User
COMMAND = 1
ATTR = 2
@ -49,7 +50,7 @@ class Command(BaseCommand):
if command == 'SEARCH':
out = io.BytesIO()
ldif_writer = LDIFWriter(out)
qs = get_user_model().objects.all()
qs = User.objects.all()
if attrs['filter'] != '(objectClass=*)':
m = re.match(r'\((\w*)=(.*)\)', attrs['filter'])
if not m:

7
src/authentic2/manager/forms.py
View File

@ -22,7 +22,6 @@ from collections import defaultdict
from io import StringIO
from django import forms
from django.contrib.auth import get_user_model
from django.contrib.contenttypes.models import ContentType
from django.core.exceptions import ValidationError
from django.core.validators import validate_slug
@ -36,6 +35,7 @@ from authentic2 import app_settings as a2_app_settings
from authentic2.a2_rbac.models import OrganizationalUnit, Role
from authentic2.a2_rbac.utils import generate_slug, get_default_ou
from authentic2.custom_user.backends import DjangoRBACBackend
from authentic2.custom_user.models import User
from authentic2.forms.fields import (
CheckPasswordField,
CommaSeparatedCharField,
@ -57,7 +57,6 @@ from authentic2.validators import EmailValidator
from . import app_settings, fields, utils
User = get_user_model()
ChooseRolesField = fields.ChooseRolesField
logger = logging.getLogger(__name__)
@ -184,7 +183,7 @@ class UserEditForm(LimitQuerysetFormMixin, CssClass, BaseUserForm):
if a2_app_settings.A2_PHONE_IS_UNIQUE:
if (
AttributeValue.objects.filter(
content_type=ContentType.objects.get_for_model(get_user_model()),
content_type=ContentType.objects.get_for_model(User),
attribute=authn.phone_identifier_field,
)
.exclude(object_id=self.instance.id)
@ -194,7 +193,7 @@ class UserEditForm(LimitQuerysetFormMixin, CssClass, BaseUserForm):
elif getattr(self.instance.ou, 'phone_is_unique', False):
other_owners = (
AttributeValue.objects.filter(
content_type=ContentType.objects.get_for_model(get_user_model()),
content_type=ContentType.objects.get_for_model(User),
attribute=authn.phone_identifier_field,
)
.exclude(object_id=self.instance.id)

5
src/authentic2/manager/journal_event_types.py
View File

@ -14,7 +14,6 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from django.contrib.auth import get_user_model
from django.utils.translation import gettext_lazy as _
from authentic2.a2_rbac.models import Role
@ -24,11 +23,9 @@ from authentic2.backends.ldap_backend import (
LDAP_DEACTIVATION_REASON_NOT_PRESENT,
LDAP_DEACTIVATION_REASON_OLD_SOURCE,
)
from authentic2.custom_user.models import DeletedUser
from authentic2.custom_user.models import DeletedUser, User
from authentic2.journal_event_types import EventTypeWithService, get_attributes_label
User = get_user_model()
class ManagerUserCreation(EventTypeDefinition):
name = 'manager.user.creation'

5
src/authentic2/manager/journal_views.py
View File

@ -18,7 +18,6 @@ import functools
import uuid
from django import forms
from django.contrib.auth import get_user_model
from django.contrib.contenttypes.models import ContentType
from django.core.exceptions import ValidationError
from django.core.validators import EmailValidator
@ -33,12 +32,10 @@ from authentic2.apps.journal.forms import JournalForm as BaseJournalForm
from authentic2.apps.journal.models import EventType, n_2_pairing
from authentic2.apps.journal.search_engine import JournalSearchEngine as BaseJournalSearchEngine
from authentic2.apps.journal.views import JournalView
from authentic2.custom_user.models import DeletedUser
from authentic2.custom_user.models import DeletedUser, User
from . import views
User = get_user_model()
class JournalSearchEngine(BaseJournalSearchEngine):
def search_by_uuid(self, lexem):

4
src/authentic2/manager/resources.py
View File

@ -14,14 +14,12 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from django.contrib.auth import get_user_model
from import_export.fields import Field
from import_export.resources import ModelResource
from import_export.widgets import Widget
from authentic2.a2_rbac.models import Role
User = get_user_model()
from authentic2.custom_user.models import User
class ListWidget(Widget):

6
src/authentic2/manager/role_views.py
View File

@ -18,7 +18,6 @@ import json
from functools import reduce
from django.contrib import messages
from django.contrib.auth import get_user_model
from django.contrib.contenttypes.models import ContentType
from django.core.exceptions import PermissionDenied, ValidationError
from django.core.paginator import EmptyPage, Paginator
@ -37,6 +36,7 @@ from authentic2 import data_transfer
from authentic2.a2_rbac.models import OrganizationalUnit, Permission, Role, RoleParenting
from authentic2.a2_rbac.utils import get_default_ou
from authentic2.apps.journal.views import JournalViewWithContext
from authentic2.custom_user.models import User
from authentic2.forms.profile import modelform_factory
from authentic2.role_summary import get_roles_summary_cache
from authentic2.utils import crypto, hooks
@ -46,8 +46,6 @@ from . import forms, resources, tables, views
from .journal_views import BaseJournalView
from .utils import has_show_username, label_from_role, label_from_user
User = get_user_model()
class RolesMixin:
service_roles = True
@ -609,7 +607,7 @@ class RoleRemoveAdminUserView(
def dispatch(self, request, *args, **kwargs):
self.object = self.get_object()
self.user = get_user_model().objects.get(pk=kwargs['user_pk'])
self.user = User.objects.get(pk=kwargs['user_pk'])
return super().dispatch(request, *args, **kwargs)
def get_context_data(self, **kwargs):

4
src/authentic2/manager/tables.py
View File

@ -17,7 +17,6 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import django_tables2 as tables
from django.contrib.auth import get_user_model
from django.contrib.contenttypes.models import ContentType
from django.db.models import CharField, OuterRef, Subquery
from django.db.models.expressions import RawSQL
@ -28,13 +27,12 @@ from django.utils.translation import gettext_noop
from django_tables2.utils import A
from authentic2.a2_rbac.models import OrganizationalUnit, Role
from authentic2.custom_user.models import User
from authentic2.middleware import StoreRequestMiddleware
from authentic2.models import AttributeValue, Service
from authentic2.utils.misc import get_password_authenticator
from authentic2_idp_oidc.models import OIDCAuthorization
User = get_user_model()
TABLES_MAJOR_VERSION = int(tables.__version__.split('.', maxsplit=1)[0])

6
src/authentic2/manager/user_export.py
View File

@ -20,10 +20,10 @@ import os
import uuid
import tablib
from django.contrib.auth import get_user_model
from django.contrib.contenttypes.models import ContentType
from django.core.files.storage import default_storage
from authentic2.custom_user.models import User
from authentic2.manager.resources import UserResource
from authentic2.models import Attribute, AttributeValue
from authentic2.utils.misc import batch_queryset
@ -37,7 +37,7 @@ def get_user_dataset(qs):
at_mapping = {a.id: a for a in Attribute.objects.all()}
avs = (
AttributeValue.objects.filter(content_type=ContentType.objects.get_for_model(get_user_model()))
AttributeValue.objects.filter(content_type=ContentType.objects.get_for_model(User))
.filter(attribute__disabled=False)
.values()
)
@ -125,7 +125,7 @@ class UserExport:
def export_users_to_file(uuid, query):
export = UserExport(uuid)
qs = get_user_model().objects.all()
qs = User.objects.all()
qs.set_trigram_similarity_threshold()
qs.query = query
qs = qs.select_related('ou')

23
src/authentic2/manager/user_views.py
View File

@ -20,7 +20,7 @@ import datetime
import operator
from django.contrib import messages
from django.contrib.auth import REDIRECT_FIELD_NAME, get_user_model
from django.contrib.auth import REDIRECT_FIELD_NAME
from django.core.exceptions import PermissionDenied
from django.core.mail import EmailMultiAlternatives
from django.db import models, transaction
@ -43,6 +43,7 @@ from authentic2.a2_rbac.models import OrganizationalUnit, Role, RoleParenting
from authentic2.a2_rbac.utils import get_default_ou
from authentic2.apps.journal.views import JournalViewWithContext
from authentic2.backends.ldap_backend import LDAPBackend
from authentic2.custom_user.models import User
from authentic2.models import Attribute, PasswordReset, Setting
from authentic2.utils import hooks, spooler, switch_user
from authentic2.utils.misc import (
@ -93,12 +94,10 @@ from .views import (
TitleMixin,
)
User = get_user_model()
class UsersView(HideOUColumnMixin, BaseTableView):
template_name = 'authentic2/manager/users.html'
model = get_user_model()
model = User
table_class = UserTable
permissions = ['custom_user.search_user']
search_form_class = UserSearchForm
@ -175,7 +174,7 @@ users = UsersView.as_view()
class UserAddView(ActionMixin, BaseAddView):
model = get_user_model()
model = User
title = _('Create user')
action = _('Create')
fields = [
@ -307,7 +306,7 @@ user_add_choose_ou = UserAddChooseOU.as_view()
class UserDetailView(OtherActionsMixin, BaseDetailView):
model = get_user_model()
model = User
fields = ['username', 'ou', 'first_name', 'last_name', 'email']
form_class = UserEditForm
template_name = 'authentic2/manager/user_detail.html'
@ -504,7 +503,7 @@ user_detail = UserDetailView.as_view()
class UserEditView(OtherActionsMixin, ActionMixin, BaseEditView):
model = get_user_model()
model = User
template_name = 'authentic2/manager/user_edit.html'
form_class = UserEditForm
permissions = ['custom_user.change_user']
@ -623,7 +622,7 @@ users_export_progress = UsersExportProgressView.as_view()
class UserChangePasswordView(ActionMixin, BaseEditView):
template_name = 'authentic2/manager/form.html'
model = get_user_model()
model = User
form_class = UserChangePasswordForm
permissions = ['custom_user.change_password_user']
title = _('Change user password')
@ -651,7 +650,7 @@ user_change_password = UserChangePasswordView.as_view()
class UserChangeEmailView(BaseEditView):
template_name = 'authentic2/manager/user_change_email.html'
model = get_user_model()
model = User
form_class = UserChangeEmailForm
permissions = ['custom_user.change_email_user']
success_url = '..'
@ -681,7 +680,7 @@ user_change_email = UserChangeEmailView.as_view()
class UserRolesView(HideOUColumnMixin, BaseSubTableView):
model = get_user_model()
model = User
form_class = ChooseUserRoleForm
search_form_class = UserRoleSearchForm
success_url = '.'
@ -778,7 +777,7 @@ roles = UserRolesView.as_view()
class UserDeleteView(BaseDeleteView):
model = get_user_model()
model = User
title = _('Delete user')
template_name = 'authentic2/manager/user_delete.html'
success_url = reverse_lazy('a2-manager-users')
@ -1004,7 +1003,7 @@ class UserAuthorizationsView(
permissions = ['custom_user.view_user']
template_name = 'authentic2/manager/user_authorizations.html'
title = pgettext_lazy('manager', 'Consent Management')
model = get_user_model()
model = User
table_class = UserAuthorizationsTable
form_class = ChooseUserAuthorizationsForm
success_url = '.'

4
src/authentic2/manager/widgets.py
View File

@ -19,11 +19,11 @@ import functools
import operator
import pickle
from django.contrib.auth import get_user_model
from django.utils.encoding import force_str
from django_select2.forms import ModelSelect2MultipleWidget, ModelSelect2Widget
from authentic2.a2_rbac.models import Role
from authentic2.custom_user.models import User
from authentic2.utils import crypto
from authentic2_idp_oidc.models import OIDCAuthorization
@ -100,7 +100,7 @@ class SimpleModelSelect2MultipleWidget(Select2Mixin, ModelSelect2MultipleWidget)
class SearchUserWidgetMixin(SplitTermMixin):
model = get_user_model()
model = User
search_fields = [
'username__icontains',
'first_name__icontains',

5
src/authentic2/utils/misc.py
View File

@ -31,7 +31,6 @@ from django import forms
from django.conf import settings
from django.contrib.auth import REDIRECT_FIELD_NAME
from django.contrib.auth import authenticate as dj_authenticate
from django.contrib.auth import get_user_model
from django.contrib.auth import login as auth_login
from django.core.exceptions import FieldDoesNotExist, ImproperlyConfigured, ValidationError
from django.core.mail import EmailMessage, send_mail
@ -48,6 +47,7 @@ from django.utils.formats import localize
from django.utils.translation import gettext_lazy as _
from django.utils.translation import ngettext
from authentic2.custom_user.models import User
from authentic2.saml.saml2utils import filter_attribute_private_key, filter_element_private_key
from authentic2.validators import EmailValidator
@ -809,7 +809,6 @@ def send_registration_mail(request, email, ou, template_names=None, next_url=Non
Can raise an smtplib.SMTPException
"""
logger = logging.getLogger(__name__)
User = get_user_model()
if not template_names:
template_names = ['authentic2/activation_email']
@ -1222,7 +1221,7 @@ def send_email_change_email(user, email, request=None, context=None, template_na
# check if email should be unique and is not
email_is_not_unique = False
qs = get_user_model().objects.all()
qs = User.objects.all()
if app_settings.A2_EMAIL_IS_UNIQUE:
email_is_not_unique = qs.filter(email=email).exclude(pk=user.pk).exists()
elif user.ou and user.ou.email_is_unique:

20
src/authentic2/views.py
View File

@ -23,7 +23,7 @@ from email.utils import parseaddr
from django import shortcuts
from django.conf import settings
from django.contrib import messages
from django.contrib.auth import REDIRECT_FIELD_NAME, get_user_model
from django.contrib.auth import REDIRECT_FIELD_NAME
from django.contrib.auth import logout as auth_logout
from django.contrib.auth.decorators import login_required
from django.contrib.auth.views import PasswordChangeView as DjPasswordChangeView
@ -55,7 +55,7 @@ from django.views.generic.edit import CreateView, DeleteView, FormView, UpdateVi
from ratelimit.utils import is_ratelimited
from authentic2.a2_rbac.models import Role
from authentic2.custom_user.models import iter_attributes
from authentic2.custom_user.models import User, iter_attributes
from authentic2.forms import authentication as authentication_forms
from authentic2_idp_oidc.models import OIDCAuthorization
@ -76,8 +76,6 @@ from .utils.sms import SMSError, send_registration_sms, sms_ratelimit_key
from .utils.view_decorators import enable_view_restriction
from .utils.views import csrf_token_check
User = get_user_model()
logger = logging.getLogger(__name__)
@ -419,7 +417,7 @@ class PhoneChangeVerifyView(TemplateView):
if not token:
return shortcuts.redirect('phone-change')
authn = utils_misc.get_password_authenticator()
user_ct = ContentType.objects.get_for_model(get_user_model())
user_ct = ContentType.objects.get_for_model(User)
try:
token = models.Token.objects.get(
uuid=token,
@ -1719,7 +1717,7 @@ class RegistrationView(cbv.ValidateCSRFMixin, BaseRegistrationView):
class RegistrationCompletionView(CreateView):
model = get_user_model()
model = User
success_url = 'auth_homepage'
def get_template_names(self):
@ -1754,7 +1752,7 @@ class RegistrationCompletionView(CreateView):
def dispatch(self, request, *args, **kwargs):
registration_token = kwargs['registration_token'].replace(' ', '')
self.authenticator = utils_misc.get_password_authenticator()
user_ct = ContentType.objects.get_for_model(get_user_model())
user_ct = ContentType.objects.get_for_model(User)
try:
token = models.Token.use('registration', registration_token, delete=False)
except models.Token.DoesNotExist:
@ -1908,7 +1906,7 @@ class RegistrationCompletionView(CreateView):
for key in keys:
if key in attributes:
init_kwargs[key] = attributes[key]
kwargs['instance'] = get_user_model()(**init_kwargs)
kwargs['instance'] = User(**init_kwargs)
# phone identifier is a separate attribute and is set post user-creation
if hasattr(self, 'phone'):
kwargs['instance'].phone_verified_on = timezone.now()
@ -2030,7 +2028,7 @@ class RegistrationCompletionView(CreateView):
if (phone := getattr(self, 'phone', None)) and self.authenticator.is_phone_authn_active:
# phone identifier set post user-creation
models.AttributeValue.objects.create(
content_type=ContentType.objects.get_for_model(get_user_model()),
content_type=ContentType.objects.get_for_model(User),
object_id=user.id,
content=phone,
attribute=self.authenticator.phone_identifier_field,
@ -2168,7 +2166,7 @@ class ValidateDeletionView(TemplateView):
)
self.prompt = deletion_token.get('prompt', self.prompt)
user_pk = deletion_token['user_pk']
self.user = get_user_model().objects.get(pk=user_pk)
self.user = User.objects.get(pk=user_pk)
# A user account wont be deactived twice
if not self.user.is_active:
raise ValidationError(_('This account is inactive, it cannot be deleted.'))
@ -2181,7 +2179,7 @@ class ValidateDeletionView(TemplateView):
error = _('The account deletion request was not on this site, try again')
except ValidationError as e:
error = e.message
except get_user_model().DoesNotExist:
except User.DoesNotExist:
error = _('This account has previously been deleted.')
if error:

4
src/authentic2_auth_fc/api_views.py
View File

@ -14,13 +14,13 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from django.contrib.auth import get_user_model
from django.shortcuts import get_object_or_404
from rest_framework import status
from rest_framework.response import Response
from authentic2.api_views import DjangoPermission
from authentic2.compat.drf import action
from authentic2.custom_user.models import User
@action(
@ -30,6 +30,6 @@ from authentic2.compat.drf import action
permission_classes=(DjangoPermission('custom_user.view_user'),),
)
def fc_unlink(self, request, uuid):
user = get_object_or_404(get_user_model(), uuid=uuid)
user = get_object_or_404(User, uuid=uuid)
user.fc_accounts.all().delete()
return Response(status=status.HTTP_204_NO_CONTENT)

2
src/authentic2_auth_fc/backends.py
View File

@ -16,14 +16,12 @@
import logging
from django.contrib.auth import get_user_model
from django.contrib.auth.backends import ModelBackend
from django.core.exceptions import MultipleObjectsReturned, PermissionDenied
from . import models
logger = logging.getLogger(__name__)
User = get_user_model()
class FcBackend(ModelBackend):

3
src/authentic2_auth_fc/views.py
View File

@ -20,7 +20,6 @@ import time
from django.conf import settings
from django.contrib import messages
from django.contrib.auth import get_user_model
from django.contrib.auth.views import update_session_auth_hash
from django.core.cache import cache
from django.core.exceptions import PermissionDenied, ValidationError
@ -39,6 +38,7 @@ from requests_oauthlib import OAuth2Session
from authentic2 import app_settings as a2_app_settings
from authentic2 import constants
from authentic2.a2_rbac.utils import get_default_ou
from authentic2.custom_user.models import User
from authentic2.forms.passwords import SetPasswordForm
from authentic2.models import Attribute, AttributeValue, Lock
from authentic2.utils import hooks
@ -52,7 +52,6 @@ from . import app_settings, models, utils
from .utils import apply_user_info_mappings, build_logout_url, clean_fc_session
logger = logging.getLogger(__name__)
User = get_user_model()
class EmailExistsError(Exception):

3
src/authentic2_auth_oidc/backends.py
View File

@ -20,7 +20,6 @@ import logging
import requests
from django.conf import settings
from django.contrib import messages
from django.contrib.auth import get_user_model
from django.contrib.auth.backends import ModelBackend
from django.db import IntegrityError
from django.db.transaction import atomic
@ -31,6 +30,7 @@ from jwcrypto.jwt import JWT
from authentic2 import app_settings
from authentic2.a2_rbac.models import OrganizationalUnit
from authentic2.custom_user.models import User
from authentic2.models import Lock
from authentic2.utils import hooks
from authentic2.utils.crypto import base64url_encode
@ -243,7 +243,6 @@ class OIDCBackend(ModelBackend):
Lock.lock_identifier(identifier=id_token.sub)
User = get_user_model()
user = None
if provider.strategy == models.OIDCProvider.STRATEGY_FIND_UUID:
# use the OP sub to find an user by UUUID

4
src/authentic2_idp_oidc/apps.py
View File

@ -142,14 +142,14 @@ class AppConfig(django.apps.AppConfig):
data['unknown_uuids'] = new_unknown_uuids
def a2_hook_api_modify_queryset(self, view, qs):
from django.contrib.auth import get_user_model
from django.db.models import Q
from django.utils.timezone import now
from authentic2.custom_user.models import User
from .models import OIDCAuthorization, OIDCClient
client = self.get_oidc_client(view)
User = get_user_model()
# fast path
if not issubclass(qs.model, User) or client is None:

4
src/authentic2_idp_oidc/manager/forms.py
View File

@ -16,11 +16,11 @@
from django import forms
from django.contrib import messages
from django.contrib.auth import get_user_model
from django.core.exceptions import ValidationError
from django.utils.translation import gettext_lazy as _
from authentic2.attributes_ng.engine import get_service_attributes
from authentic2.custom_user.models import User
from authentic2.forms.mixins import SlugMixin
from authentic2.forms.widgets import DatalistTextInput
from authentic2.middleware import StoreRequestMiddleware
@ -63,7 +63,7 @@ class OIDCClientForm(SlugMixin, forms.ModelForm):
user = kwargs.pop('user')
super().__init__(*args, **kwargs)
# hide internal functionalities from regular administrators
if not (user and isinstance(user, get_user_model()) and user.is_superuser):
if not (user and isinstance(user, User) and user.is_superuser):
del self.fields['has_api_access']
del self.fields['activate_user_profiles']