diff --git a/README.md b/README.md index 5536a73..1c4cc78 100644 --- a/README.md +++ b/README.md @@ -74,6 +74,16 @@ AUTHENS_USE_OLDCAS = False AUTHENS_USE_PASSWORD = False ``` +- (Optionnel) Il est possible d'autoriser la connexion via CAS pour les membres + de `staffs`, lorsque cette option est activée, leur promotion est fixée à 0, + lorsque l'option est désactivée, une tentative de connexion renvoie une erreur + car le format de `$HOME` n'est pas valide. + +```python +AUTHENS_ALLOW_STAFF = True +``` + + - (Optionnel) AuthENS utilise le paramètre Django standard [`LOGIN_REDIRECT_URL`](https://docs.djangoproject.com/en/3.0/ref/settings/#login-redirect-url) par défaut pour rediriger l'utilisateurice en cas de connexion réussie. diff --git a/authens/conf.py b/authens/conf.py index 732b984..1e9db4d 100644 --- a/authens/conf.py +++ b/authens/conf.py @@ -1,4 +1,5 @@ LDAP_SERVER_URL = "ldaps://ldap.spi.ens.fr:636" AUTHENS_USE_OLDCAS = True AUTHENS_USE_PASSWORD = True +AUTHENS_ALLOW_STAFF = False # TODO: CAS_SERVER_URL diff --git a/authens/models.py b/authens/models.py index a1cbd25..b68b7d0 100644 --- a/authens/models.py +++ b/authens/models.py @@ -30,6 +30,9 @@ class CASAccount(models.Model): verbose_name=_("année de création du compte CAS"), blank=False, null=False ) + # The entrance year 0 is used for members of staff + STAFF_ENTRANCE_YEAR = 0 + class Meta: verbose_name = _("Compte CAS") verbose_name_plural = _("Comptes CAS") diff --git a/authens/shortcuts.py b/authens/shortcuts.py index 2bed72b..8a8dd97 100644 --- a/authens/shortcuts.py +++ b/authens/shortcuts.py @@ -2,6 +2,7 @@ # TODO: make the python-ldap dependency optional import ldap + from django.conf import settings from django.contrib.auth import get_user_model diff --git a/authens/utils.py b/authens/utils.py index 2dc0876..7306506 100644 --- a/authens/utils.py +++ b/authens/utils.py @@ -3,6 +3,11 @@ from urllib.parse import urlunparse from cas import CASClient +from django.conf import settings + +from authens import conf as default_conf +from authens.models import CASAccount + def get_cas_client(request): """Return a CAS client configured for SPI's CAS.""" @@ -26,6 +31,14 @@ def parse_entrance_year(home_dir): return None dirs = home_dir.split("/") + + allow_staff = getattr( + settings, "AUTHENS_ALLOW_STAFF", default_conf.AUTHENS_ALLOW_STAFF + ) + + if allow_staff and dirs[:3] == ["", "users", "staffs"]: + return CASAccount.STAFF_ENTRANCE_YEAR + if len(dirs) < 3 or not dirs[2].isdecimal() or dirs[1] != "users": raise ValueError("Invalid home directory: {}".format(home_dir)) diff --git a/example_site/example_site/urls.py b/example_site/example_site/urls.py index ebb6718..1de3893 100644 --- a/example_site/example_site/urls.py +++ b/example_site/example_site/urls.py @@ -13,9 +13,10 @@ Including another URLconf 1. Import the include() function: from django.urls import include, path 2. Add a URL to urlpatterns: path('blog/', include('blog.urls')) """ +from example import views + from django.contrib import admin from django.urls import include, path -from example import views urlpatterns = [ path("admin/", admin.site.urls), diff --git a/setup.cfg b/setup.cfg index cd19421..f02b7e4 100644 --- a/setup.cfg +++ b/setup.cfg @@ -10,13 +10,8 @@ ignore = W503 [isort] -# For black compat: https://github.com/ambv/black#how-black-wraps-lines +profile = black combine_as_imports = true -default_section = THIRDPARTY -force_grid_wrap = 0 -include_trailing_comma = true known_django = django known_first_party = authens,tests -line_length = 88 -multi_line_output = 3 -sections = FUTURE,STDLIB,THIRDPARTY,FIRSTPARTY,LOCALFOLDER +sections = FUTURE,STDLIB,THIRDPARTY,DJANGO,FIRSTPARTY,LOCALFOLDER