refactorize to improve reusability of the Kerberos backend

2014-08-09 19:36:30 +02:00 · 2014-08-09 19:36:30 +02:00 · 7896944e30
parent 823cdcb9ad
commit 7896944e30
1 changed files with 33 additions and 12 deletions
--- a/src/django_kerberos/backends.py
+++ b/src/django_kerberos/backends.py
@ -1,18 +1,40 @@
 import re

+import logging
+
 from . import app_settings

 from django.contrib.auth import get_user_model
 from django.contrib.auth.backends import ModelBackend

 class KerberosBackend(ModelBackend):
-    def authenticate(self, principal=None):
-        '''Match principal username with Django user model username'''
-        if not principal:
-            return
+    def __init__(self):
+        self.logger = logging.getLogger(__name__)
+
+    def username_from_principal(self, principal):
+        '''Make a username from a principal name'''
+        username, domain = principal.rsplit('@', 1)
+        return u'{0}@{1}'.format(username, domain.lower())
+
+    def authorize_principal(self, principal):
+        '''Is this principal authorized to login ?'''
+        return True
+
+    def provision_user(self, principal, user):
+        '''Modify user based on information we can retrieve on this principal'''
+        if app_settings.BACKEND_ADMIN_REGEXP:
+            if re.match(app_settings.BACKEND_ADMIN_REGEXP, principal):
+                if not user.is_staff or not user.is_superuser:
+                    self.logger.info('giving superuser power to principal %r', principal)
+                    user.is_staff = True
+                    user.is_superuser = True
+                    user.save()
+
+    def lookup_user(self, principal):
+        '''Find the user model linked to this principal'''
        User = get_user_model()
-        username = principal.split('@')[0]
        username_field = getattr(User, 'USERNAME_FIELD', 'username')
+        username = self.username_from_principal(principal)
        kwargs = {username_field: username}
        if app_settings.BACKEND_CREATE:
            user, created = User.objects.get_or_create(**kwargs)
@ -21,14 +43,13 @@ class KerberosBackend(ModelBackend):
                user = User.objects.get(**kwargs)
            except User.DoesNotExist:
                return
-        # basic authorization
-        if app_settings.BACKEND_ADMIN_REGEXP:
-            if re.match(app_settings.BACKEND_ADMIN_REGEXP, username):
-                if not user.is_staff or not user.is_superuser:
-                    user.is_staff = True
-                    user.is_superuser = True
-                    user.save()
+        self.provision_user(principal, user)
        return user


+    def authenticate(self, principal=None):
+        if principal and self.authorize_principal(principal):
+            return self.lookup_user(principal)
+
+