diff --git a/Dockerfile b/Dockerfile index 7f4d04cd..d22353cc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ FROM python:3.9 ENV PYTHONDONTWRITEBYTECODE=1 ENV PYTHONUNBUFFERED=1 -RUN apt-get update && apt-get install -y libldap2-dev libsasl2-dev libgraphviz-dev graphviz pandoc +RUN apt-get update && apt-get install -y libsasl2-dev libgraphviz-dev graphviz pandoc COPY requirements.txt /kelvin/requirements.txt RUN pip install -r /kelvin/requirements.txt diff --git a/common/utils.py b/common/utils.py index 2032351a..d2f7567a 100644 --- a/common/utils.py +++ b/common/utils.py @@ -5,7 +5,6 @@ import re from functools import lru_cache -LDAP_CONNECTION = None @lru_cache() def is_teacher(user): diff --git a/kelvin/settings.py b/kelvin/settings.py index 701608e3..18c8da41 100644 --- a/kelvin/settings.py +++ b/kelvin/settings.py @@ -146,7 +146,6 @@ 'django.contrib.auth.backends.ModelBackend', 'api.backends.TokenBackend', 'django_cas_ng.backends.CASBackend', - 'web.vsbldapbackend.MyLDAPBackend' ] DATA_UPLOAD_MAX_MEMORY_SIZE = 100 * 1024 * 1024 diff --git a/kelvin/urls.py b/kelvin/urls.py index 6fa3d1ba..44ae1d1a 100644 --- a/kelvin/urls.py +++ b/kelvin/urls.py @@ -24,14 +24,12 @@ from django_cas_ng import views as auth_views else: from django.contrib.auth import views as auth_views -from django.contrib.auth.views import LoginView as LDAPLoginView urlpatterns = [ path('', include('web.urls')), path('admin/', admin.site.urls), path('accounts/logout/', auth_views.LogoutView.as_view(), name='cas_ng_logout'), path('accounts/login/', auth_views.LoginView.as_view(), name='cas_ng_login'), - path('accounts/login/ldap', LDAPLoginView.as_view()), path('api/', include('api.urls')), path('django-rq/', include('django_rq.urls')), path('survey/', include('survey.urls')), diff --git a/requirements.txt b/requirements.txt index 2a966f52..d0ebfa2c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -18,7 +18,6 @@ pandas==1.5.3 psycopg2 pygraphviz==1.7 pyserde==0.12.2 -python-ldap==3.4.0 python-magic==0.4.27 pyyaml==5.4 readwise-django-rq-scheduler==1.2.1 diff --git a/web/vsbldapbackend.py b/web/vsbldapbackend.py deleted file mode 100644 index 31e5a076..00000000 --- a/web/vsbldapbackend.py +++ /dev/null @@ -1,67 +0,0 @@ -import ldap - -from django.contrib.auth.backends import ModelBackend -from django.contrib.auth.models import User - - -# Django LDAP package (inspiration for multple atttempts) -# https://django-auth-ldap.readthedocs.io/en/latest/custombehavior.html - -# Auth backend: https://docs.djangoproject.com/en/3.0/topics/auth/customizing/ -# Auth backend reference: https://docs.djangoproject.com/en/3.0/ref/contrib/auth/#authentication-backends-reference - - -def ldap_auth(username, password): - ldap.set_option(ldap.OPT_REFERRALS,0) - ldap.protocol_version = 3 - - ldap_server='ldaps://ldap.vsb.cz' - - # VSB specific user context - trailing_context = username[-1] - - # the following is the user_dn format provided by the ldap server - user_dn = 'cn=' + username - - # adjust this to your base dn for searching - base_dn = 'ou=USERS,o=VSB' - - connect = ldap.initialize(ldap_server) - search_filter = 'cn=' + username - - listing = connect.search_s(base_dn, ldap.SCOPE_SUBTREE, user_dn, []) - - if len(listing) == 0: - print('User not found') - return False - else: - - #connect.set_option(ldap.OPT_REFERRALS, 0) - try: - #if authentication successful, get the full user data - connect.simple_bind_s('cn={},ou={},ou=USERS,o=VSB'.format(username, trailing_context), password) - result = connect.search_s(base_dn, ldap.SCOPE_SUBTREE, search_filter) - - # return all user data results - connect.unbind_s() - return True - except ldap.LDAPError as e: - connect.unbind_s() - print('authentication error') - return False - - -class MyLDAPBackend(ModelBackend): - def authenticate(self, request, username=None, password=None): - if not username or not password: - return None - - username = username.upper() - try: - authenticated = ldap_auth(username, password) - if authenticated: - return User.objects.get(username=username) - except User.DoesNotExist: - pass - - return None