auf_savoirs_en_partage/authentification.py

   1 # -*- encoding: utf-8 -*-
   2 import hashlib, sys
   3
   4 import settings
   5 from django.contrib.auth.backends import ModelBackend
   6 from django.contrib.auth.models import User as DjangoUser, check_password
   7
   8 from chercheurs.models import Utilisateur as RemoteUser
   9
  10 class CascadeBackend(ModelBackend):
  11     def authenticate(self, username=None, password=None):
  12         user = None
  13
  14         email = username
  15         md5pass = hashlib.md5(password).hexdigest ()
  16
  17         # Cherche les comptes roa+locaux
  18         remoteUser = localUser = None
  19         try:
  20             if settings.AUTH_PASSWORD_REQUIRED:
  21                 remoteUser = RemoteUser.objects.get (courriel=email, password=md5pass)
  22             else:
  23                 remoteUser = RemoteUser.objects.get (courriel=email)
  24         except:
  25             pass
  26         try:
  27             localUser = DjangoUser.objects.get (username=username)
  28         except: pass
  29
  30         # Si on a pas besoin du mdp, on doit copier qd meme,
  31         # il ne faut jamais retourner un "RemoteUser" ici
  32         if not settings.AUTH_PASSWORD_REQUIRED:
  33             if remoteUser and not localUser:
  34                 localUser = DjangoUser (username = username,
  35                         email = email,
  36                         first_name = remoteUser.prenom,
  37                         last_name = remoteUser.nom,
  38                         is_staff = settings.USERS_AS_STAFF,
  39                         is_active = True,
  40                         is_superuser = False)
  41                 localUser.set_password (password)
  42                 localUser.save ()
  43             user = localUser
  44         # Gestion des comptes roa vs. local
  45         else:
  46             # Local existe pas, on doit de tte facon le creer
  47             if not localUser:
  48                 localUser = DjangoUser (username = username,
  49                         email = email,
  50                         is_staff = settings.USERS_AS_STAFF,
  51                         is_active = True,
  52                         is_superuser = False)
  53             # Cas du compte local seul, on verifie le mot de passe
  54             elif not remoteUser:
  55                 if localUser.check_password (password):
  56                     user = localUser
  57             # Compte roa, on valide le mot de passe distant et on
  58             # met a jour la copie locale
  59             if remoteUser:
  60                 localUser.first_name = remoteUser.prenom
  61                 localUser.last_name = remoteUser.nom
  62                 # pass distant en md5
  63                 localUser.set_password (password)
  64                 localUser.save ()
  65                 user = localUser
  66
  67         return user