add ldap authentication and function to create ldap user on signup

2018-11-03 10:09:11 +05:45 · 2018-11-03 10:09:11 +05:45 · eab9d7b714
commit eab9d7b714
parent be949448c5
15 changed files with 154 additions and 2 deletions
--- a/.env.sample
+++ b/.env.sample
@ -1,2 +1,6 @@
 DEBUG=True
 ALLOWED_HOSTS=.localhost, .ipv6.work
 AUTH_LDAP_SERVER_URI=ldap://<ldap_host>
 AUTH_LDAP_BIND_DN=cn=admin,dc=example,dc=com
 AUTH_LDAP_BIND_PASSWORD=admin
 AUTH_LDAP_USER_DN_TEMPLATE=uid=%(user)s,ou=users,dc=example,dc=com
--- a/README.md
+++ b/README.md
@ -1,5 +1,13 @@
 ## Notes
 django-auth-ldap requires `openldap-devel`
 ## Deployment
 docker build -t ipv6dotwork .
 sudo docker rm -f ipv6dotwork
 sudo docker run -d -p 127.0.0.1:8001:8000 --env-file .env --name ipv6dotwork ipv6dotwork
--- a/ipv6work/settings.py
+++ b/ipv6work/settings.py
@ -56,6 +56,7 @@ INSTALLED_APPS += [
 # Our apps
 INSTALLED_APPS += [
    'jobs',
    'users',
 ]
 MIDDLEWARE = [
@ -120,7 +121,7 @@ AUTH_PASSWORD_VALIDATORS = [
 AUTHENTICATION_BACKENDS = (
    'rules.permissions.ObjectPermissionBackend',
-    'django.contrib.auth.backends.ModelBackend',
+    'django_auth_ldap.backend.LDAPBackend',
 )
 LOGIN_REDIRECT_URL = '/'
@ -153,3 +154,30 @@ MEDIA_ROOT = os.path.join(BASE_DIR, 'mediafiles/')
 MEDIA_URL = '/media/'
 CRISPY_TEMPLATE_PACK = 'bootstrap4'
 AUTH_LDAP_SERVER_URI = config('AUTH_LDAP_SERVER_URI')
 AUTH_LDAP_BIND_DN = config('AUTH_LDAP_BIND_DN')
 AUTH_LDAP_BIND_PASSWORD = config('AUTH_LDAP_BIND_PASSWORD')
 AUTH_LDAP_USER_DN_TEMPLATE = config('AUTH_LDAP_USER_DN_TEMPLATE')
 AUTH_LDAP_USER_ATTR_MAP = {
    'first_name': 'givenName',
    'last_name': 'sn',
    'email': 'mail',
 }
 AUTH_LDAP_ALWAYS_UPDATE_USER = True
 LOGGING = {
    'disable_existing_loggers': False,
    'version': 1,
    'handlers': {
        'console': {
            'class': 'logging.StreamHandler',
        },
    },
    'loggers': {
        'django_auth_ldap': {
            'level': 'DEBUG',
            'handlers': ['console'],
        },
    },
 }
--- a/ipv6work/urls.py
+++ b/ipv6work/urls.py
@ -18,6 +18,8 @@ from django.contrib import admin
 from django.urls import path, include, re_path
 from django.contrib.auth import views as auth_views
 from users.views import signup
 urlpatterns = [
    re_path(
        'login/',
@ -27,6 +29,7 @@ urlpatterns = [
        'logout/',
        auth_views.LogoutView.as_view(),
        name='logout'),
    path('signup/', signup),
    path('admin/', admin.site.urls),
    path('', include('jobs.urls'))
 ]
--- a/requirements.txt
+++ b/requirements.txt
@ -3,3 +3,4 @@ django-crispy-forms==1.7.2
 git+https://github.com/yourlabs/django-autocomplete-light.git#egg=django-autocomplete-light
 rules==2.0
 python-decouple==3.1
 ldap3==2.5.1
--- a/users/init.py
+++ b/users/init.py
--- a/users/admin.py
+++ b/users/admin.py
@ -0,0 +1,3 @@
 from django.contrib import admin
 # Register your models here.
--- a/users/apps.py
+++ b/users/apps.py
@ -0,0 +1,5 @@
 from django.apps import AppConfig
 class UsersConfig(AppConfig):
    name = 'users'
--- a/users/forms.py
+++ b/users/forms.py
@ -0,0 +1,19 @@
 from django import forms
 from django.contrib.auth.forms import UserCreationForm
 from django.contrib.auth import get_user_model
 User = get_user_model()
 class SignUpForm(UserCreationForm):
    first_name = forms.CharField(
        max_length=30, required=False, help_text='Optional.')
    last_name = forms.CharField(
        max_length=30, required=False, help_text='Optional.')
    email = forms.EmailField(
        max_length=254, help_text='Required. Inform a valid email address.')
    class Meta:
        model = User
        fields = ('username', 'first_name', 'last_name',
                  'email', 'password1', 'password2', )
--- a/users/ldap_funcs.py
+++ b/users/ldap_funcs.py
@ -0,0 +1,28 @@
 from django.conf import settings
 from ldap3 import Server, ServerPool, Connection, ObjectDef, AttrDef, Reader, Writer
 server = Server(settings.AUTH_LDAP_SERVER_URI)
 def create_user(user, password, firstname, lastname, email):
    conn = Connection(server, settings.AUTH_LDAP_BIND_DN,
                      settings.AUTH_LDAP_BIND_PASSWORD)
    if not conn.bind():
        raise Exception('Could not connect to LDAP Server')
    obj_new_user = ObjectDef(
        ['inetOrgPerson'], conn)
    w = Writer(conn, obj_new_user)
    dn = 'uid=%s,ou=users,dc=example,dc=com' % user
    w.new(dn)
    w[0].givenName = firstname
    w[0].sn = lastname
    w[0].cn = firstname + " " + lastname
    w[0].mail = email
    w[0].userPassword = password
    if not w.commit():
        conn.unbind()
        raise Exception("Couldn't write user")
    conn.unbind()
    return True
--- a/users/migrations/init.py
+++ b/users/migrations/init.py
--- a/users/models.py
+++ b/users/models.py
@ -0,0 +1,3 @@
 from django.db import models
 # Create your models here.
--- a/users/templates/users/signup.html
+++ b/users/templates/users/signup.html
@ -0,0 +1,21 @@
 {% extends 'base.html' %}
 {% block body_content %}
 <h2>Sign up</h2>
 <form method="post">
    {% csrf_token %}
    {% for field in form %}
    <p>
        {{ field.label_tag }}<br>
        {{ field }}
        {% if field.help_text %}
        <small style="color: grey">{{ field.help_text }}</small>
        {% endif %}
        {% for error in field.errors %}
        <p style="color: red">{{ error }}</p>
        {% endfor %}
    </p>
    {% endfor %}
    <button type="submit">Sign up</button>
 </form>
 {% endblock %}
--- a/users/tests.py
+++ b/users/tests.py
@ -0,0 +1,3 @@
 from django.test import TestCase
 # Create your tests here.
--- a/users/views.py
+++ b/users/views.py
@ -0,0 +1,26 @@
 from django.conf import settings
 from django.contrib.auth import login, authenticate
 from django.http import HttpResponseRedirect
 from django.shortcuts import render
 from .forms import SignUpForm
 from .ldap_funcs import create_user
 def signup(request):
    if request.method == 'POST':
        form = SignUpForm(request.POST)
        if form.is_valid():
            username = form.cleaned_data.get('username')
            raw_password = form.cleaned_data.get('password1')
            first_name = form.cleaned_data.get('first_name')
            last_name = form.cleaned_data.get('last_name')
            email = form.cleaned_data.get('email')
            create_user(username, raw_password, first_name, last_name, email)
            form.save()
            user = authenticate(username=username, password=raw_password)
            login(request, user, backend='django_auth_ldap.backend.LDAPBackend')
            return HttpResponseRedirect(settings.LOGIN_REDIRECT_URL)
    else:
        form = SignUpForm()
    return render(request, 'users/signup.html', {'form': form})
		`@ -0,0 +1,3 @@`
							`from django.contrib import admin`

							`# Register your models here.`
		`@ -0,0 +1,3 @@`
							`from django.db import models`

							`# Create your models here.`
		`@ -0,0 +1,3 @@`
							`from django.test import TestCase`

							`# Create your tests here.`