Merge branch 'thubrecht/apromides' into 'master'

Gère les membres `staffs`

See merge request klub-dev-ens/authens!32

README.md

@@ -74,6 +74,16 @@ AUTHENS_USE_OLDCAS = False
 AUTHENS_USE_PASSWORD = False
 ```
 
+- (Optionnel) Il est possible d'autoriser la connexion via CAS pour les membres
+  de `staffs`, lorsque cette option est activée, leur promotion est fixée à 0,
+  lorsque l'option est désactivée, une tentative de connexion renvoie une erreur
+  car le format de `$HOME` n'est pas valide.
+
+```python
+AUTHENS_ALLOW_STAFF = True
+```
+
+
 - (Optionnel) AuthENS utilise le paramètre Django standard
   [`LOGIN_REDIRECT_URL`](https://docs.djangoproject.com/en/3.0/ref/settings/#login-redirect-url)
   par défaut pour rediriger l'utilisateurice en cas de connexion réussie.

authens/conf.py

@@ -1,4 +1,5 @@
 LDAP_SERVER_URL = "ldaps://ldap.spi.ens.fr:636"
 AUTHENS_USE_OLDCAS = True
 AUTHENS_USE_PASSWORD = True
+AUTHENS_ALLOW_STAFF = False
 # TODO: CAS_SERVER_URL

authens/models.py

@@ -30,6 +30,9 @@ class CASAccount(models.Model):
         verbose_name=_("année de création du compte CAS"), blank=False, null=False
     )
 
+    # The entrance year 0 is used for members of staff
+    STAFF_ENTRANCE_YEAR = 0
+
     class Meta:
         verbose_name = _("Compte CAS")
         verbose_name_plural = _("Comptes CAS")

authens/shortcuts.py

@@ -2,6 +2,7 @@
 
 # TODO: make the python-ldap dependency optional
 import ldap
+
 from django.conf import settings
 from django.contrib.auth import get_user_model
 

authens/utils.py

@@ -3,6 +3,11 @@ from urllib.parse import urlunparse
 
 from cas import CASClient
 
+from django.conf import settings
+
+from authens import conf as default_conf
+from authens.models import CASAccount
+
 
 def get_cas_client(request):
     """Return a CAS client configured for SPI's CAS."""
@@ -26,6 +31,14 @@ def parse_entrance_year(home_dir):
         return None
 
     dirs = home_dir.split("/")
+
+    allow_staff = getattr(
+        settings, "AUTHENS_ALLOW_STAFF", default_conf.AUTHENS_ALLOW_STAFF
+    )
+
+    if allow_staff and dirs[:3] == ["", "users", "staffs"]:
+        return CASAccount.STAFF_ENTRANCE_YEAR
+
     if len(dirs) < 3 or not dirs[2].isdecimal() or dirs[1] != "users":
         raise ValueError("Invalid home directory: {}".format(home_dir))
 

example_site/example_site/urls.py

@@ -13,9 +13,10 @@ Including another URLconf
     1. Import the include() function: from django.urls import include, path
     2. Add a URL to urlpatterns:  path('blog/', include('blog.urls'))
 """
+from example import views
+
 from django.contrib import admin
 from django.urls import include, path
-from example import views
 
 urlpatterns = [
     path("admin/", admin.site.urls),

setup.cfg

@@ -10,13 +10,8 @@ ignore =
   W503
 
 [isort]
-# For black compat: https://github.com/ambv/black#how-black-wraps-lines
+profile = black
 combine_as_imports = true
-default_section = THIRDPARTY
-force_grid_wrap = 0
-include_trailing_comma = true
 known_django = django
 known_first_party = authens,tests
-line_length = 88
-multi_line_output = 3
-sections = FUTURE,STDLIB,THIRDPARTY,FIRSTPARTY,LOCALFOLDER
+sections = FUTURE,STDLIB,THIRDPARTY,DJANGO,FIRSTPARTY,LOCALFOLDER