Commit 03ff08fa authored by Christophe Henry's avatar Christophe Henry

bugfix: allow login with username and email (startinblox/applications/sib-app#245)

parent 9d36043b
Pipeline #6159 passed with stage
in 27 seconds
import json
from django.contrib.auth.backends import ModelBackend, UserModel
from django.core.exceptions import PermissionDenied
from django.contrib.auth import get_user_model
from django.contrib.auth.backends import ModelBackend
from django.core.exceptions import PermissionDenied, ValidationError
from django.core.validators import validate_email
from jwkest import BadSyntax
from jwkest.jwt import JWT
from djangoldp_account.auth.solid import Solid
from djangoldp_account.errors import LDPLoginError
UserModel = get_user_model()
class ExternalUserBackend(ModelBackend):
class EmailOrUsernameAuthBackend(ModelBackend):
def authenticate(self, request, username=None, password=None, **kwargs):
try:
validate_email(username)
user = UserModel.objects.get(email=username)
if user.check_password(password):
return user
except (ValidationError, UserModel.DoesNotExist):
return super().authenticate(request, username, password, **kwargs)
user = None
class ExternalUserBackend(ModelBackend):
def authenticate(self, request, username=None, password=None, **kwargs):
if 'HTTP_AUTHORIZATION' in request.META:
jwt = request.META['HTTP_AUTHORIZATION']
if jwt.startswith("Bearer"):
jwt = jwt[7:]
username = kwargs.get(UserModel.USERNAME_FIELD)
_jwt = JWT()
try:
unpacked = json.loads(_jwt.unpack(jwt).part[1])
......@@ -29,8 +41,6 @@ class ExternalUserBackend(ModelBackend):
id_token = unpacked
try:
Solid.check_id_token_exp(id_token['exp'])
Solid.confirm_webid(id_token['sub'], id_token['iss'])
except LDPLoginError as e:
raise PermissionDenied(e.description)
......@@ -41,4 +51,3 @@ class ExternalUserBackend(ModelBackend):
if self.user_can_authenticate(user):
return user
......@@ -4,7 +4,6 @@ from django.utils.deprecation import MiddlewareMixin
class JWTUserMiddleware(MiddlewareMixin):
def process_request(self, request):
# AuthenticationMiddleware is required so that request.user exists.
if not hasattr(request, 'user'):
......
......@@ -35,7 +35,7 @@
{% csrf_token %}
<table class="sib-form-table">
<tr>
<td>{{ form.username.label_tag }}</td>
<td>{% trans "Username or email:" %}</td>
<td>{{ form.username }}</td>
</tr>
<tr>
......@@ -56,13 +56,8 @@
<form class="sib-login-form" method="post" action="{% url 'oidc_login' %}">
{% csrf_token %}
<table class="sib-form-table">
<tr>
<td><label for="id_subject">{% trans "email, web-id, or provider url:" %}</label></td>
<td><input type="text" name="subject" required id="id_subject"/></td>
</tr>
</table>
<label for="id_subject">{% trans "email, web-id, or provider url:" %}</label>
<input type="text" name="subject" required id="id_subject"/>
<input class="sib-validate" type="submit" value="{% trans 'login' %}"/>
<input type="hidden" name="next" value="{{ next }}"/>
</form>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment