| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849 |
- """
- LDAP authentication backend for ArchiveBox.
- This module extends django-auth-ldap to support the LDAP_CREATE_SUPERUSER flag.
- """
- __package__ = "archivebox.ldap"
- from typing import TYPE_CHECKING
- if TYPE_CHECKING:
- from django.contrib.auth.models import User
- from django_auth_ldap.backend import LDAPBackend as BaseLDAPBackend
- else:
- try:
- from django_auth_ldap.backend import LDAPBackend as BaseLDAPBackend
- except ImportError:
- # If django-auth-ldap is not installed, create a dummy base class
- class BaseLDAPBackend:
- """Dummy LDAP backend when django-auth-ldap is not installed."""
- pass
- class ArchiveBoxLDAPBackend(BaseLDAPBackend):
- """
- Custom LDAP authentication backend for ArchiveBox.
- Extends django-auth-ldap's LDAPBackend to support:
- - LDAP_CREATE_SUPERUSER: Automatically grant superuser privileges to LDAP users
- """
- def authenticate_ldap_user(self, ldap_user, password):
- """
- Authenticate using LDAP and optionally grant superuser privileges.
- This method is called by django-auth-ldap after successful LDAP authentication.
- """
- from archivebox.config.ldap import LDAP_CONFIG
- user = super().authenticate_ldap_user(ldap_user, password)
- if user and LDAP_CONFIG.LDAP_CREATE_SUPERUSER:
- # Grant superuser privileges to all LDAP-authenticated users
- if not user.is_superuser:
- user.is_superuser = True
- user.is_staff = True
- user.save()
- return user
|
