Fixes #23 #34

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open

jguy1987 wants to merge 6 commits into robgolding:master from jguy1987:win-fix

README.md

-Original file line number
+Diff line change
@@ Expand Up @@
     RADIUS_REMOTE_ROLES = True
     ```
+    The default behavior is for django-radius to bring groups in from RADIUS
+    when a user is authenticated. You may overwrite this behavior by setting the
+    following in settings.py of your Django project:
+    ```python
+    RADIUS_IMPORT_GROUPS = False
+    ```
+    This will still import the is_staff, is_superuser flags from RADIUS according
+    to the role assignment but ignore any group assignments, putting django
+    in charge of group to user assignment(s).
     When a user is successfully authenticated via the RADIUS backend, a `User`
     object is created in Django's built-in auth application with the same username.
     This user's password is set to the password which they logged into the RADIUS
@@ Expand Down Expand Up @@
     The syntax allows the following mappings:
     * `role=staff` (sets is_staff=True in the User object)
     * `role=superuser` (sets is_superuser=True for the User object)
+    * `role=su-staff` (sets both is_superuser and is_staff te True for the User object)
     * `group=Group1` (add the User object to `Group1`)
     To avoid namespace clashes in the RADIUS Attribute 25 values that may be
@@ Expand Down @@

radiusauth/backends/radius.py

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -155,8 +155,12 @@ def _perform_radius_auth(self, client, packet):
  
                        is_staff = True

                    elif role == "superuser":

                        is_superuser = True

                    elif role == "su-staff":

                        # su-staff role assignment sets both is_staff and is_superuser to True for the user in one step.

                        is_staff = True

                        is_superuser = True

                    else:

                        logging.warning("RADIUS Attribute Class contains unknown role '%s'. Only roles 'staff' and 'superuser' are allowed" % cl)

                        logging.warning("RADIUS Attribute Class contains unknown role '%s'. Only roles 'staff', 'superuser' and 'su-staff' are allowed" % cl)

            return groups, is_staff, is_superuser

        def _radius_auth(self, server, username, password):

    @@ -191,7 +195,17 @@ def get_django_user(self, username, password=None, groups=[], is_staff=False, is
  
                user.set_password(password)

            user.save()

            user.groups.set(groups)

            # If RADIUS_IMPORT_GROUPS is not set, configure it to default value False.

            # False means that a user import from RADIUS to Django will NOT overwrite the group

            # assignment of the user.

            # The default is TRUE to mimic django-radius's current behavior pre Pull Request.

            if not hasattr(settings, "RADIUS_IMPORT_GROUPS"):

                settings.RADIUS_IMPORT_GROUPS = True

            if settings.RADIUS_IMPORT_GROUPS:

                user.groups.set(groups)

            return user

        def get_user_groups(self, group_names):

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fixes #23 #34

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Fixes #23 #34

Are you sure you want to change the base?

Uh oh!

Fixes #23 #34

Uh oh!

Uh oh!

Diff view

Diff view

There are no files selected for viewing