forked from DGNum/gestioCOF
3c8f1c58c5
lock_table used LOCK which is mysql-specific
69 lines
2.3 KiB
Python
69 lines
2.3 KiB
Python
from django.contrib.sites.models import Site
|
||
from django.conf import settings
|
||
from django_cas_ng.backends import CASBackend
|
||
from django_cas_ng.utils import get_cas_client
|
||
from django.contrib.auth import get_user_model
|
||
|
||
from gestioncof.models import CofProfile
|
||
|
||
User = get_user_model()
|
||
|
||
|
||
class COFCASBackend(CASBackend):
|
||
def authenticate_cas(self, ticket, service, request):
|
||
"""Verifies CAS ticket and gets or creates User object"""
|
||
|
||
client = get_cas_client(service_url=service)
|
||
username, attributes, _ = client.verify_ticket(ticket)
|
||
if attributes:
|
||
request.session['attributes'] = attributes
|
||
if not username:
|
||
return None
|
||
|
||
# Le CAS de l'ENS accepte les logins avec des espaces au début
|
||
# et à la fin, ainsi qu’avec une casse variable. On normalise pour
|
||
# éviter les doublons.
|
||
username = username.strip().lower()
|
||
|
||
profiles = CofProfile.objects.filter(login_clipper=username)
|
||
if len(profiles) > 0:
|
||
profile = profiles.order_by('-is_cof')[0]
|
||
user = profile.user
|
||
return user
|
||
try:
|
||
user = User.objects.get(username=username)
|
||
except User.DoesNotExist:
|
||
# user will have an "unusable" password
|
||
user = User.objects.create_user(username, '')
|
||
user.save()
|
||
return user
|
||
|
||
def authenticate(self, ticket, service, request):
|
||
"""Authenticates CAS ticket and retrieves user data"""
|
||
user = self.authenticate_cas(ticket, service, request)
|
||
if user is None:
|
||
return user
|
||
try:
|
||
profile = user.profile
|
||
except CofProfile.DoesNotExist:
|
||
profile, created = CofProfile.objects.get_or_create(user=user)
|
||
profile.save()
|
||
if not profile.login_clipper:
|
||
profile.login_clipper = user.username
|
||
profile.save()
|
||
if not user.email:
|
||
user.email = settings.CAS_EMAIL_FORMAT % profile.login_clipper
|
||
user.save()
|
||
if profile.is_buro and not user.is_staff:
|
||
user.is_staff = True
|
||
user.save()
|
||
return user
|
||
|
||
|
||
def context_processor(request):
|
||
'''Append extra data to the context of the given request'''
|
||
data = {
|
||
"user": request.user,
|
||
"site": Site.objects.get_current(),
|
||
}
|
||
return data
|