mirror of
https://github.com/ArchiveBox/ArchiveBox.git
synced 2026-04-06 07:47:53 +10:00
49 lines
1.5 KiB
Python
49 lines
1.5 KiB
Python
"""
|
|
LDAP authentication backend for ArchiveBox.
|
|
|
|
This module extends django-auth-ldap to support the LDAP_CREATE_SUPERUSER flag.
|
|
"""
|
|
|
|
__package__ = "archivebox.ldap"
|
|
|
|
from typing import TYPE_CHECKING
|
|
|
|
if TYPE_CHECKING:
|
|
from django_auth_ldap.backend import LDAPBackend as BaseLDAPBackend
|
|
else:
|
|
try:
|
|
from django_auth_ldap.backend import LDAPBackend as BaseLDAPBackend
|
|
except ImportError:
|
|
# If django-auth-ldap is not installed, create a dummy base class
|
|
class BaseLDAPBackend:
|
|
"""Dummy LDAP backend when django-auth-ldap is not installed."""
|
|
pass
|
|
|
|
|
|
class ArchiveBoxLDAPBackend(BaseLDAPBackend):
|
|
"""
|
|
Custom LDAP authentication backend for ArchiveBox.
|
|
|
|
Extends django-auth-ldap's LDAPBackend to support:
|
|
- LDAP_CREATE_SUPERUSER: Automatically grant superuser privileges to LDAP users
|
|
"""
|
|
|
|
def authenticate_ldap_user(self, ldap_user, password):
|
|
"""
|
|
Authenticate using LDAP and optionally grant superuser privileges.
|
|
|
|
This method is called by django-auth-ldap after successful LDAP authentication.
|
|
"""
|
|
from archivebox.config.ldap import LDAP_CONFIG
|
|
|
|
user = super().authenticate_ldap_user(ldap_user, password)
|
|
|
|
if user and LDAP_CONFIG.LDAP_CREATE_SUPERUSER:
|
|
# Grant superuser privileges to all LDAP-authenticated users
|
|
if not user.is_superuser:
|
|
user.is_superuser = True
|
|
user.is_staff = True
|
|
user.save()
|
|
|
|
return user
|