Browse Source

Remove ldap-auth module usage and settings
Move LDAP base DNs to settings.py

Fabs 10 years ago
parent
commit
fb757f9e8d
7 changed files with 34 additions and 71 deletions
  1. 8 5
      coin/members/forms.py
  2. 16 20
      coin/members/models.py
  3. 2 1
      coin/members/urls.py
  4. 5 42
      coin/settings.py
  5. 1 1
      coin/utils.py
  6. 2 1
      coin/vpn/models.py
  7. 0 1
      requirements.txt

+ 8 - 5
coin/members/forms.py

@@ -1,6 +1,6 @@
 # -*- coding: utf-8 -*-
 from django import forms
-from django.contrib.auth.forms import UserChangeForm, ReadOnlyPasswordHashField
+from django.contrib.auth.forms import PasswordResetForm, ReadOnlyPasswordHashField
 
 from coin.members.models import Member
 
@@ -8,7 +8,7 @@ from coin.members.models import Member
 class MemberCreationForm(forms.ModelForm):
     """
     This form was inspired from django.contrib.auth.forms.UserCreationForm
-    and adapted to coin spcificities
+    and adapted to coin specificities
     """
     username = forms.RegexField(required=False,
         label="Nom d'utilisateur", max_length=30, regex=r"^[\w.@+-]+$",
@@ -31,11 +31,10 @@ class MemberCreationForm(forms.ModelForm):
         return member
 
 
-
 class MemberChangeForm(forms.ModelForm):
     """
     This form was inspired from django.contrib.auth.forms.UserChangeForm
-    and adapted to coin spcificities
+    and adapted to coin specificities
     """
     password = ReadOnlyPasswordHashField()
 
@@ -57,4 +56,8 @@ class MemberChangeForm(forms.ModelForm):
 
     def clean_username(self):
         # idem clean_password
-        return self.initial["username"]
+        return self.initial["username"]
+
+
+class MemberPasswordResetForm(PasswordResetForm):
+    pass

+ 16 - 20
coin/members/models.py

@@ -8,13 +8,12 @@ from django.db.models import Q
 from django.db.models.signals import pre_save
 from django.dispatch import receiver
 from django.contrib.auth.models import AbstractUser
+from django.conf import settings
 from ldapdb.models.fields import CharField, IntegerField, ListField
 from south.modelsinspector import add_ignored_fields
 from coin.offers.models import OfferSubscription
 from coin.mixins import CoinLdapSyncMixin
 from coin import utils
-from django.contrib.auth.signals import user_logged_in
-from django.conf import settings
 
 
 class Member(CoinLdapSyncMixin, AbstractUser):
@@ -83,7 +82,7 @@ class Member(CoinLdapSyncMixin, AbstractUser):
         return '%s %s' % (self.first_name, self.last_name)
 
     def get_short_name(self):
-        return '%s' % self.username
+        return self.username
 
     # Renvoie la date de fin de la dernière cotisation du membre
     def end_date_of_membership(self):
@@ -176,10 +175,10 @@ class Member(CoinLdapSyncMixin, AbstractUser):
 
         ldap_user.save()
 
-        if creation:
-            ldap_group = LdapGroup.objects.get(pk='coin')
-            ldap_group.members.append(ldap_user.pk)
-            ldap_group.save()
+        # if creation:
+        #     ldap_group = LdapGroup.objects.get(pk='coin')
+        #     ldap_group.members.append(ldap_user.pk)
+        #     ldap_group.save()
 
     def delete_from_ldap(self):
         """
@@ -188,13 +187,17 @@ class Member(CoinLdapSyncMixin, AbstractUser):
         assert self.username, ('Can\'t delete from LDAP because missing '
                               'username value for the Member : %s' % self)
 
+        #Delete user from LDAP
+        ldap_user = LdapUser.objects.get(pk=self.username)
+        ldap_user.delete()
+
         # Lorsqu'un membre est supprimé du SI, son utilisateur LDAP
         # correspondant est sorti du groupe "coin" afin qu'il n'ait plus
         # accès au SI
-        ldap_group = LdapGroup.objects.get(pk='coin')
-        if self.username in ldap_group.members:
-            ldap_group.members.remove(self.username)
-            ldap_group.save()
+        # ldap_group = LdapGroup.objects.get(pk='coin')
+        # if self.username in ldap_group.members:
+        #     ldap_group.members.remove(self.username)
+        #     ldap_group.save()
 
     class Meta:
         verbose_name = 'membre'
@@ -240,8 +243,7 @@ class MembershipFee(models.Model):
 
 
 class LdapUser(ldapdb.models.Model):
-    # TODO: déplacer ligne suivante dans settings.py
-    base_dn = "ou=users,ou=unix,o=ILLYSE,l=Villeurbanne,st=RHA,c=FR"
+    base_dn = settings.LDAP_USER_BASE_DN #"ou=users,ou=unix,o=ILLYSE,l=Villeurbanne,st=RHA,c=FR"
     object_classes = ['inetOrgPerson', 'organizationalPerson', 'person',
                       'top', 'posixAccount']
 
@@ -266,15 +268,9 @@ class LdapUser(ldapdb.models.Model):
 
 
 class LdapGroup(ldapdb.models.Model):
-    """
-    Class for representing an LDAP group entry.
-    """
-    #TODO: config à externaliser
-    # LDAP meta-data
-    base_dn = "ou=groups,ou=unix,o=ILLYSE,l=Villeurbanne,st=RHA,c=FR"
+    base_dn = settings.LDAP_GROUP_BASE_DN #"ou=groups,ou=unix,o=ILLYSE,l=Villeurbanne,st=RHA,c=FR"
     object_classes = ['posixGroup']
 
-    # posixGroup attributes
     gid = IntegerField(db_column='gidNumber', unique=True)
     name = CharField(db_column='cn', max_length=200, primary_key=True)
     members = ListField(db_column='memberUid')

+ 2 - 1
coin/members/urls.py

@@ -24,7 +24,8 @@ urlpatterns = patterns(
     url(r'^password_reset/$', 'django.contrib.auth.views.password_reset',
         {'post_reset_redirect':'members:password_reset_done',
         'template_name':'members/registration/password_reset_form.html',
-        'email_template_name':'members/registration/password_reset_email.html'},
+        'email_template_name':'members/registration/password_reset_email.html',
+        'subject_template_name':'members/registration/password_reset_subject.txt'},
         name = 'password_reset'),
     url(r'^password_reset/done/$', 'django.contrib.auth.views.password_reset_done',
         {'template_name':'members/registration/password_reset_done.html',

+ 5 - 42
coin/settings.py

@@ -1,8 +1,6 @@
 # -*- coding: utf-8 -*-
 import os
 import ldap
-from django_auth_ldap.config import LDAPSearch, PosixGroupType
-# from custom.coin_posix_group_type import CoinPosixGroupType
 
 # Django settings for coin project.
 
@@ -208,51 +206,16 @@ TEMPLATE_CONTEXT_PROCESSORS = (
 AUTH_USER_MODEL = 'members.Member'
 
 AUTHENTICATION_BACKENDS = (
-    # 'django_auth_ldap.backend.LDAPBackend',
     'django.contrib.auth.backends.ModelBackend',
 )
 
-# LDAP Backend pour authentification
-
-AUTH_LDAP_SERVER_URI = "ldap://ldapdev.illyse.org:389"
-AUTH_LDAP_START_TLS = True
-AUTH_LDAP_GLOBAL_OPTIONS = {ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER}
-
-AUTH_LDAP_BIND_DN = "cn=illysedev,ou=services,o=ILLYSE,l=Villeurbanne,st=RHA,c=FR"
-AUTH_LDAP_BIND_PASSWORD = "gfj83-E8ECgGh23JK_Ol12"
-
-AUTH_LDAP_USER_SEARCH = LDAPSearch(
-    "ou=users,ou=unix,o=ILLYSE,l=Villeurbanne,st=RHA,c=FR",
-    ldap.SCOPE_SUBTREE,
-    "(cn=%(user)s)"
-)
-
-AUTH_LDAP_CACHE_GROUPS = False
-
-AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
-    "ou=groups,ou=unix,o=ILLYSE,l=Villeurbanne,st=RHA,c=FR",
-    ldap.SCOPE_SUBTREE,
-    "(objectClass=posixGroup)"
-)
-
-AUTH_LDAP_GROUP_TYPE = PosixGroupType()
-
-# AUTH_LDAP_REQUIRE_GROUP = "cn=admin,ou=groups,o=ILLYSE,"
-#                           "l=Villeurbanne,st=RHA,c=FR"
-
-AUTH_LDAP_USER_ATTR_MAP = {
-    "first_name": "givenName",
-    "last_name": "sn"
-}
-
-AUTH_LDAP_USER_FLAGS_BY_GROUP = {
-    "is_active": "cn=coin,ou=groups,ou=unix,o=ILLYSE,l=Villeurbanne,st=RHA,c=FR",
-    "is_staff": "cn=coin_admin,ou=groups,ou=unix,o=ILLYSE,l=Villeurbanne,st=RHA,c=FR",
-    "is_superuser": "cn=coin_admin,ou=groups,ou=unix,o=ILLYSE,l=Villeurbanne,st=RHA,c=FR"
-}
-
 GRAPHITE_SERVER = "http://graphite-dev.illyse.org"
 
+# LDAP Base DNs
+LDAP_USER_BASE_DN = "ou=users,ou=unix,o=ILLYSE,l=Villeurbanne,st=RHA,c=FR"
+LDAP_GROUP_BASE_DN = "ou=groups,ou=unix,o=ILLYSE,l=Villeurbanne,st=RHA,c=FR"
+VPN_CONF_BASE_DN = "ou=vpn,o=ILLYSE,l=Villeurbanne,st=RHA,c=FR"
+
 # Surcharge les paramètres en utilisant le fichier settings_local.py
 try:
     from settings_local import *

+ 1 - 1
coin/utils.py

@@ -53,7 +53,7 @@ def send_templated_email(subject, to, template_to_use, context, attachements, fr
     # (using html2text) if fail
     try:
         template_txt = get_template('%s.txt' % (template_to_use,))
-        text_content = template_txt.render(Context(context))
+        text_content = template_txt.render_to_string(Context(context))
     except TemplateDoesNotExist:
         text_content = html2text.html2text(html_content)
     

+ 2 - 1
coin/vpn/models.py

@@ -1,6 +1,7 @@
 # -*- coding: utf-8 -*-
 from django.db import models
 from django.core.exceptions import ValidationError
+from django.conf import settings
 from netfields import InetAddressField, NetManager
 import ldapdb.models
 from ldapdb.models.fields import CharField, ListField
@@ -141,7 +142,7 @@ class VPNSubscription(CoinLdapSyncMixin, models.Model):
 
 class LdapVPNConfig(ldapdb.models.Model):
     # TODO: déplacer ligne suivante dans settings.py
-    base_dn = "ou=vpn,o=ILLYSE,l=Villeurbanne,st=RHA,c=FR"
+    base_dn = settings.VPN_CONF_BASE_DN # "ou=vpn,o=ILLYSE,l=Villeurbanne,st=RHA,c=FR"
     object_classes = ['person', 'organizationalPerson', 'inetOrgPerson',
                       'top', 'radiusprofile']
 

+ 0 - 1
requirements.txt

@@ -1,6 +1,5 @@
 Django==1.6.4
 South==0.8.4
-django-auth-ldap==1.2.0
 psycopg2==2.5.2
 python-ldap==2.4.15
 wsgiref==0.1.2