diff options
Diffstat (limited to 'django_openid_auth/auth.py')
-rw-r--r-- | django_openid_auth/auth.py | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/django_openid_auth/auth.py b/django_openid_auth/auth.py index 7395589..9b0e0b4 100644 --- a/django_openid_auth/auth.py +++ b/django_openid_auth/auth.py @@ -100,6 +100,17 @@ class OpenIDBackend: self.update_groups_from_teams(user, teams_response) self.update_staff_status_from_teams(user, teams_response) + teams_required = getattr(settings, + 'OPENID_LAUNCHPAD_TEAMS_REQUIRED', []) + if teams_required: + teams_mapping = self.get_teams_mapping() + groups_required = [group for team, group in teams_mapping.items() + if team in teams_required] + matches = set(groups_required).intersection( + user.groups.values_list('name', flat=True)) + if not matches: + return None + return user def _extract_user_details(self, openid_response): @@ -165,7 +176,7 @@ class OpenIDBackend: if getattr(settings, 'OPENID_STRICT_USERNAMES', False): if nickname is None or nickname == '': raise MissingUsernameViolation() - + # If we don't have a nickname, and we're not being strict, use a default nickname = nickname or 'openiduser' @@ -183,12 +194,12 @@ class OpenIDBackend: user__username__startswith=nickname) # No exception means we have an existing user for this identity # that starts with this nickname. - + # If they are an exact match, the user already exists and hasn't # changed their username, so continue to use it if nickname == user_openid.user.username: return nickname - + # It is possible we've had to assign them to nickname+i already. oid_username = user_openid.user.username if len(oid_username) > len(nickname): @@ -289,7 +300,7 @@ class OpenIDBackend: if updated: user.save() - def update_groups_from_teams(self, user, teams_response): + def get_teams_mapping(self): teams_mapping_auto = getattr(settings, 'OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO', False) teams_mapping_auto_blacklist = getattr(settings, 'OPENID_LAUNCHPAD_TEAMS_MAPPING_AUTO_BLACKLIST', []) teams_mapping = getattr(settings, 'OPENID_LAUNCHPAD_TEAMS_MAPPING', {}) @@ -299,7 +310,10 @@ class OpenIDBackend: all_groups = Group.objects.exclude(name__in=teams_mapping_auto_blacklist) for group in all_groups: teams_mapping[group.name] = group.name + return teams_mapping + def update_groups_from_teams(self, user, teams_response): + teams_mapping = self.get_teams_mapping() if len(teams_mapping) == 0: return |