app_settings,backends/model: add REALMS setting to aggregate realm from all sources

2014-04-01 14:29:52 +02:00 · 2014-04-01 14:29:52 +02:00 · a3cde8f13e
parent b352b07512
commit a3cde8f13e
4 changed files with 30 additions and 9 deletions
--- a/.gitignore
+++ b/.gitignore
@ -11,3 +11,4 @@ authentic.egg-info
 local_settings.py
 log.log
 authentic2/locale/fr/LC_MESSAGES/django.mo
+local_settings.*
--- a/authentic2/app_settings.py
+++ b/authentic2/app_settings.py
@ -1,9 +1,6 @@
 import sys

-
 from django.utils.translation import ugettext_lazy as _
-
-
 from django.core.exceptions import ImproperlyConfigured


@ -37,6 +34,24 @@ class AppSettings(object):
        return getattr(self.settings,
                'A2_ACCEPT_EMAIL_AUTHENTICATION', False)

+    @property
+    def REALMS(self):
+        realms = {}
+        if self.A2_REGISTRATION_REALM:
+            realms[self.A2_REGISTRATION_REALM] = self.A2_REGISTRATION_REALM
+        def add_realms(new_realms):
+            for realm in new_realms:
+                if not isinstance(realm, (tuple, list)):
+                    realms[realm] = realm
+                else:
+                    realms[realm[0]] = realm[1]
+        from django.contrib.auth import get_backends
+        for backend in get_backends():
+            if hasattr(backend, 'get_realms'):
+                add_realms(backend.get_realms())
+        if self.A2_REALMS:
+            add_realms(self.A2_REALMS)
+        return realms.items()

    def __getattr__(self, key):
        if key not in self.defaults:
--- a/authentic2/backends/ldap_backend.py
+++ b/authentic2/backends/ldap_backend.py
@ -19,6 +19,7 @@ from django.contrib.auth.models import Group, Permission
 from django.db import IntegrityError

 from ..cache import get_shared_cache
+from ..decorators import to_list

 try:
    import lasso
@ -253,6 +254,13 @@ class LDAPBackendError(RuntimeError):
    pass

 class LDAPBackend():
+    @classmethod
+    @to_list
+    def get_realms(self):
+        config = self.get_config()
+        for block in config:
+            yield block['realm']
+
    @classmethod
    def get_config(self):
        if isinstance(settings.LDAP_AUTH_SETTINGS[0], dict):
@ -306,7 +314,7 @@ class LDAPBackend():
        if username is None or password is None:
            return None
        if realm is None and '@' in username:
-            username, realm = username.split('@', 1)
+            username, realm = username.rsplit('@', 1)

        config = self.get_config()

--- a/authentic2/backends/models_backend.py
+++ b/authentic2/backends/models_backend.py
@ -29,11 +29,8 @@ class ModelBackend(ModelBackend):
        if realm is None:
            queries.append(models.Q(**{username_field: username}))
            if '@' not in username:
-                if app_settings.A2_REGISTRATION_REALM:
-                    queries.append(models.Q(**{username_field:
-                        upn(username, app_settings.A2_REGISTRATION_REALM)}))
-                if app_settings.A2_REALMS:
-                    for realm in app_settings.A2_REALMS:
+                if app_settings.REALMS:
+                    for realm, desc in app_settings.REALMS:
                        queries.append(models.Q(
                                **{username_field: upn(username, realm)}))
        else: