finish feature osusertoldap
This commit is contained in:
commit
561b2d64db
7 changed files with 201 additions and 12 deletions
|
@ -0,0 +1 @@
|
||||||
|
from gnuviechadmin.celery import app as celery_app
|
21
gnuviechadmin/gnuviechadmin/celery.py
Normal file
21
gnuviechadmin/gnuviechadmin/celery.py
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
from __future__ import absolute_import
|
||||||
|
|
||||||
|
import os
|
||||||
|
|
||||||
|
from celery import Celery
|
||||||
|
|
||||||
|
from django.conf import settings
|
||||||
|
|
||||||
|
os.environ.setdefault('DJANGO_SETTINGS_MODULE',
|
||||||
|
'gnuviechadmin.settings.production')
|
||||||
|
|
||||||
|
|
||||||
|
app = Celery('gnuviechadmin')
|
||||||
|
|
||||||
|
app.config_from_object('django.conf:settings')
|
||||||
|
app.autodiscover_tasks(lambda: settings.INSTALLED_APPS)
|
||||||
|
|
||||||
|
|
||||||
|
@app.task(bind=True)
|
||||||
|
def debug_task(self):
|
||||||
|
print('Request: {0!r}'.format(self.request))
|
|
@ -279,6 +279,17 @@ SOUTH_TESTS_MIGRATE = False
|
||||||
########## END SOUTH CONFIGURATION
|
########## END SOUTH CONFIGURATION
|
||||||
|
|
||||||
|
|
||||||
|
########## CELERY CONFIGURATION
|
||||||
|
BROKER_URL = get_env_variable('GVA_BROKER_URL')
|
||||||
|
CELERY_RESULT_BACKEND = 'amqp'
|
||||||
|
CELERY_RESULT_PERSISTENT = True
|
||||||
|
CELERY_TASK_RESULT_EXPIRES = None
|
||||||
|
CELERY_ROUTES = (
|
||||||
|
'osusers.tasks.LdapRouter',
|
||||||
|
)
|
||||||
|
########## END CELERY CONFIGURATION
|
||||||
|
|
||||||
|
|
||||||
########## CUSTOM APP CONFIGURATION
|
########## CUSTOM APP CONFIGURATION
|
||||||
OSUSER_MINUID = int(get_env_variable('GVA_MIN_OS_UID'))
|
OSUSER_MINUID = int(get_env_variable('GVA_MIN_OS_UID'))
|
||||||
OSUSER_MINGID = int(get_env_variable('GVA_MIN_OS_GID'))
|
OSUSER_MINGID = int(get_env_variable('GVA_MIN_OS_GID'))
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
from django import forms
|
||||||
|
from django.utils.translation import ugettext as _
|
||||||
from django.contrib import admin
|
from django.contrib import admin
|
||||||
|
|
||||||
from .models import (
|
from .models import (
|
||||||
|
@ -7,6 +9,8 @@ from .models import (
|
||||||
User,
|
User,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
PASSWORD_MISMATCH_ERROR = _("Passwords don't match")
|
||||||
|
|
||||||
|
|
||||||
class AdditionalGroupInline(admin.TabularInline):
|
class AdditionalGroupInline(admin.TabularInline):
|
||||||
model = AdditionalGroup
|
model = AdditionalGroup
|
||||||
|
@ -18,9 +22,73 @@ class ShadowInline(admin.TabularInline):
|
||||||
can_delete = False
|
can_delete = False
|
||||||
|
|
||||||
|
|
||||||
|
class UserCreationForm(forms.ModelForm):
|
||||||
|
"""
|
||||||
|
A form for creating system users.
|
||||||
|
|
||||||
|
"""
|
||||||
|
password1 = forms.CharField(label=_('Password'),
|
||||||
|
widget=forms.PasswordInput)
|
||||||
|
password2 = forms.CharField(label=_('Password (again)'),
|
||||||
|
widget=forms.PasswordInput)
|
||||||
|
|
||||||
|
class Meta:
|
||||||
|
model = User
|
||||||
|
fields = []
|
||||||
|
|
||||||
|
def clean_password2(self):
|
||||||
|
"""
|
||||||
|
Check that the two password entries match.
|
||||||
|
|
||||||
|
"""
|
||||||
|
password1 = self.cleaned_data.get('password1')
|
||||||
|
password2 = self.cleaned_data.get('password2')
|
||||||
|
if password1 and password2 and password1 != password2:
|
||||||
|
raise forms.ValidationError(PASSWORD_MISMATCH_ERROR)
|
||||||
|
return password2
|
||||||
|
|
||||||
|
def save(self, commit=True):
|
||||||
|
"""
|
||||||
|
Save the provided password in hashed format.
|
||||||
|
|
||||||
|
"""
|
||||||
|
user = User.objects.create_user(
|
||||||
|
password=self.cleaned_data['password1'], commit=commit)
|
||||||
|
return user
|
||||||
|
|
||||||
|
def save_m2m(self):
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
class UserAdmin(admin.ModelAdmin):
|
class UserAdmin(admin.ModelAdmin):
|
||||||
inlines = [AdditionalGroupInline, ShadowInline]
|
inlines = [AdditionalGroupInline, ShadowInline]
|
||||||
readonly_fields = ['uid']
|
readonly_fields = ['uid']
|
||||||
|
add_form = UserCreationForm
|
||||||
|
|
||||||
|
add_fieldsets = (
|
||||||
|
(None, {
|
||||||
|
'classes': ('wide',),
|
||||||
|
'fields': ('password1', 'password2')}),
|
||||||
|
)
|
||||||
|
|
||||||
|
def get_form(self, request, obj=None, **kwargs):
|
||||||
|
"""
|
||||||
|
Use special form during user creation.
|
||||||
|
|
||||||
|
"""
|
||||||
|
defaults = {}
|
||||||
|
if obj is None:
|
||||||
|
defaults.update({
|
||||||
|
'form': self.add_form,
|
||||||
|
'fields': admin.util.flatten_fieldsets(self.add_fieldsets),
|
||||||
|
})
|
||||||
|
defaults.update(kwargs)
|
||||||
|
return super(UserAdmin, self).get_form(request, obj, **defaults)
|
||||||
|
|
||||||
|
def get_inline_instances(self, request, obj=None):
|
||||||
|
if obj is None:
|
||||||
|
return []
|
||||||
|
return super(UserAdmin, self).get_inline_instances(request, obj)
|
||||||
|
|
||||||
|
|
||||||
admin.site.register(Group)
|
admin.site.register(Group)
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
from datetime import date
|
from datetime import date
|
||||||
import os
|
import os
|
||||||
|
|
||||||
from django.db import models, transaction
|
from django.db import models
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.core.exceptions import ValidationError
|
from django.core.exceptions import ValidationError
|
||||||
from django.utils import timezone
|
from django.utils import timezone
|
||||||
|
@ -13,6 +13,15 @@ from model_utils.models import TimeStampedModel
|
||||||
from passlib.hash import sha512_crypt
|
from passlib.hash import sha512_crypt
|
||||||
from passlib.utils import generate_password
|
from passlib.utils import generate_password
|
||||||
|
|
||||||
|
from .tasks import (
|
||||||
|
add_ldap_user_to_group,
|
||||||
|
create_ldap_group,
|
||||||
|
create_ldap_user,
|
||||||
|
delete_ldap_group_if_empty,
|
||||||
|
delete_ldap_user,
|
||||||
|
remove_ldap_user_from_group,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
class GroupManager(models.Manager):
|
class GroupManager(models.Manager):
|
||||||
|
|
||||||
|
@ -42,6 +51,15 @@ class Group(TimeStampedModel, models.Model):
|
||||||
def __str__(self):
|
def __str__(self):
|
||||||
return '{0} ({1})'.format(self.groupname, self.gid)
|
return '{0} ({1})'.format(self.groupname, self.gid)
|
||||||
|
|
||||||
|
def save(self, *args, **kwargs):
|
||||||
|
super(Group, self).save(*args, **kwargs)
|
||||||
|
create_ldap_group.delay(self)
|
||||||
|
return self
|
||||||
|
|
||||||
|
def delete(self, *args, **kwargs):
|
||||||
|
delete_ldap_group_if_empty.delay(self)
|
||||||
|
super(Group, self).delete(*args, **kwargs)
|
||||||
|
|
||||||
|
|
||||||
class UserManager(models.Manager):
|
class UserManager(models.Manager):
|
||||||
|
|
||||||
|
@ -59,7 +77,7 @@ class UserManager(models.Manager):
|
||||||
for user in self.values('username').filter(
|
for user in self.values('username').filter(
|
||||||
username__startswith=settings.OSUSER_USERNAME_PREFIX).order_by(
|
username__startswith=settings.OSUSER_USERNAME_PREFIX).order_by(
|
||||||
'username'):
|
'username'):
|
||||||
if user == nextuser:
|
if user['username'] == nextuser:
|
||||||
count += 1
|
count += 1
|
||||||
nextuser = usernameformat.format(
|
nextuser = usernameformat.format(
|
||||||
settings.OSUSER_USERNAME_PREFIX, count)
|
settings.OSUSER_USERNAME_PREFIX, count)
|
||||||
|
@ -67,7 +85,7 @@ class UserManager(models.Manager):
|
||||||
break
|
break
|
||||||
return nextuser
|
return nextuser
|
||||||
|
|
||||||
def create_user(self, username=None, password=None):
|
def create_user(self, username=None, password=None, commit=False):
|
||||||
uid = self.get_next_uid()
|
uid = self.get_next_uid()
|
||||||
gid = Group.objects.get_next_gid()
|
gid = Group.objects.get_next_gid()
|
||||||
if username is None:
|
if username is None:
|
||||||
|
@ -75,19 +93,15 @@ class UserManager(models.Manager):
|
||||||
if password is None:
|
if password is None:
|
||||||
password = generate_password()
|
password = generate_password()
|
||||||
homedir = os.path.join(settings.OSUSER_HOME_BASEPATH, username)
|
homedir = os.path.join(settings.OSUSER_HOME_BASEPATH, username)
|
||||||
autocommit = transaction.get_autocommit()
|
|
||||||
if autocommit:
|
|
||||||
transaction.set_autocommit(False)
|
|
||||||
group = Group.objects.create(groupname=username, gid=gid)
|
group = Group.objects.create(groupname=username, gid=gid)
|
||||||
|
create_ldap_group.delay(group)
|
||||||
user = self.create(username=username, group=group, uid=uid,
|
user = self.create(username=username, group=group, uid=uid,
|
||||||
homedir=homedir,
|
homedir=homedir,
|
||||||
shell=settings.OSUSER_DEFAULT_SHELL)
|
shell=settings.OSUSER_DEFAULT_SHELL)
|
||||||
shadow = Shadow.objects.create_shadow(user=user, password=password)
|
Shadow.objects.create_shadow(user=user, password=password)
|
||||||
|
user.set_password(password)
|
||||||
|
if commit:
|
||||||
user.save()
|
user.save()
|
||||||
shadow.save()
|
|
||||||
transaction.commit()
|
|
||||||
if autocommit:
|
|
||||||
transaction.set_autocommit(True)
|
|
||||||
return user
|
return user
|
||||||
|
|
||||||
|
|
||||||
|
@ -111,6 +125,23 @@ class User(TimeStampedModel, models.Model):
|
||||||
def __str__(self):
|
def __str__(self):
|
||||||
return '{0} ({1})'.format(self.username, self.uid)
|
return '{0} ({1})'.format(self.username, self.uid)
|
||||||
|
|
||||||
|
def set_password(self, password):
|
||||||
|
create_ldap_user.delay(self, password)
|
||||||
|
|
||||||
|
def save(self, *args, **kwargs):
|
||||||
|
create_ldap_user.delay(self, password=None)
|
||||||
|
return super(User, self).save(*args, **kwargs)
|
||||||
|
|
||||||
|
def delete(self, *args, **kwargs):
|
||||||
|
for group in [
|
||||||
|
ag.group for ag in AdditionalGroup.objects.filter(user=self)
|
||||||
|
]:
|
||||||
|
remove_ldap_user_from_group.delay(self.username, group.groupname)
|
||||||
|
delete_ldap_user.delay(self)
|
||||||
|
delete_ldap_group_if_empty.delay(self.group)
|
||||||
|
self.group.delete()
|
||||||
|
super(User, self).delete(*args, **kwargs)
|
||||||
|
|
||||||
|
|
||||||
class ShadowManager(models.Manager):
|
class ShadowManager(models.Manager):
|
||||||
|
|
||||||
|
@ -185,5 +216,15 @@ class AdditionalGroup(TimeStampedModel, models.Model):
|
||||||
raise ValidationError(_(
|
raise ValidationError(_(
|
||||||
"You can not use a user's primary group."))
|
"You can not use a user's primary group."))
|
||||||
|
|
||||||
|
def save(self, *args, **kwargs):
|
||||||
|
add_ldap_user_to_group.delay(
|
||||||
|
self.user.username, self.group.groupname)
|
||||||
|
super(AdditionalGroup, self).save(*args, **kwargs)
|
||||||
|
|
||||||
|
def delete(self, *args, **kwargs):
|
||||||
|
remove_ldap_user_from_group.delay(
|
||||||
|
self.user.username, self.group.groupname)
|
||||||
|
super(AdditionalGroup, self).delete(*args, **kwargs)
|
||||||
|
|
||||||
def __str__(self):
|
def __str__(self):
|
||||||
return '{0} in {1}'.format(self.user, self.group)
|
return '{0} in {1}'.format(self.user, self.group)
|
||||||
|
|
43
gnuviechadmin/osusers/tasks.py
Normal file
43
gnuviechadmin/osusers/tasks.py
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
from __future__ import absolute_import
|
||||||
|
|
||||||
|
from celery import shared_task
|
||||||
|
|
||||||
|
|
||||||
|
class LdapRouter(object):
|
||||||
|
|
||||||
|
def route_for_task(self, task, args=None, kwargs=None):
|
||||||
|
if 'ldap' in task:
|
||||||
|
return {'exchange': 'ldap',
|
||||||
|
'exchange_type': 'direct',
|
||||||
|
'queue': 'ldap'}
|
||||||
|
return None
|
||||||
|
|
||||||
|
|
||||||
|
@shared_task
|
||||||
|
def create_ldap_group(group):
|
||||||
|
return group.groupname
|
||||||
|
|
||||||
|
|
||||||
|
@shared_task
|
||||||
|
def create_ldap_user(user, password):
|
||||||
|
return user.username
|
||||||
|
|
||||||
|
|
||||||
|
@shared_task
|
||||||
|
def add_ldap_user_to_group(username, groupname):
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
@shared_task
|
||||||
|
def remove_ldap_user_from_group(username, groupname):
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
@shared_task
|
||||||
|
def delete_ldap_user(user):
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
@shared_task
|
||||||
|
def delete_ldap_group_if_empty(group):
|
||||||
|
pass
|
|
@ -6,3 +6,7 @@ logutils==0.3.3
|
||||||
South==0.8.4
|
South==0.8.4
|
||||||
psycopg2==2.5.3
|
psycopg2==2.5.3
|
||||||
passlib==1.6.2
|
passlib==1.6.2
|
||||||
|
celery==3.1.11
|
||||||
|
billiard==3.3.0.17
|
||||||
|
kombu==3.0.16
|
||||||
|
pytz==2014.3
|
||||||
|
|
Loading…
Reference in a new issue