fix django auth not work

2025-04-17 10:10:20 +00:00 · 2017-01-22 15:12:32 +08:00 · 2017-01-22 15:12:32 +08:00 · 6b5a7f4b64
commit 6b5a7f4b64
parent 10a3d8b8dd
4 changed files with 44 additions and 15 deletions
--- a/salt/auth/django.py
+++ b/salt/auth/django.py
@ -50,6 +50,10 @@ indicated above, though the model DOES NOT have to be named
 # Import python libs
 from __future__ import absolute_import
 import logging
+import os
+import sys
+
+from django.db import connection

 # Import 3rd-party libs
 import salt.ext.six as six
@ -77,6 +81,15 @@ def __virtual__():
    return False


+def is_connection_usable():
+    try:
+        connection.connection.ping()
+    except:
+        return False
+    else:
+        return True
+
+
 def django_auth_setup():
    '''
    Prepare the connection to the Django authentication framework
@ -95,21 +108,28 @@ def django_auth_setup():
        django_model_name = django_model_fullname.split('.')[-1]
        django_module_name = '.'.join(django_model_fullname.split('.')[0:-1])

-        __import__(django_module_name, globals(), locals(), 'SaltExternalAuthModel')
+        django_auth_module = __import__(django_module_name, globals(), locals(), 'SaltExternalAuthModel')
        DJANGO_AUTH_CLASS_str = 'django_auth_module.{0}'.format(django_model_name)
        DJANGO_AUTH_CLASS = eval(DJANGO_AUTH_CLASS_str)  # pylint: disable=W0123

-    if django.VERSION >= (1, 7):
-        django.setup()
-

 def auth(username, password):
    '''
    Simple Django auth
    '''
-    import django.contrib.auth  # pylint: disable=import-error
+    sys.path.append(__opts__['django_auth_path'])
+    os.environ.setdefault('DJANGO_SETTINGS_MODULE', __opts__['django_auth_settings'])
+
+    import django
+    if django.VERSION >= (1, 7):
+        django.setup()

    django_auth_setup()
+
+    if not is_connection_usable():
+        connection.close()
+
+    import django.contrib.auth  # pylint: disable=import-error
    user = django.contrib.auth.authenticate(username=username, password=password)
    if user is not None:
        if user.is_active:
--- a/salt/config/init.py
+++ b/salt/config/init.py
@ -928,6 +928,10 @@ VALID_OPTS = {
    # Note: to set enum arguments values like `cert_reqs` and `ssl_version` use constant names
    # without ssl module prefix: `CERT_REQUIRED` or `PROTOCOL_SSLv23`.
    'ssl': (dict, type(None)),
+
+    # django auth
+    'django_auth_path': str,
+    'django_auth_settings': str,
 }

 # default configurations
@ -1435,6 +1439,8 @@ DEFAULT_MASTER_OPTS = {
    'cache': 'localfs',
    'thin_extra_mods': '',
    'ssl': None,
+    'django_auth_path': '',
+    'django_auth_settings': '',
 }


--- a/salt/master.py
+++ b/salt/master.py
@ -1917,7 +1917,7 @@ class ClearFuncs(object):
            name = self.loadauth.load_name(clear_load)
            groups = self.loadauth.get_groups(clear_load)
            eauth_config = self.opts['external_auth'][clear_load['eauth']]
-            if '*' not in eauth_config and name not in eauth_config:
+            if '^model' not in eauth_config and '*' not in eauth_config and name not in eauth_config:
                found = False
                for group in groups:
                    if "{0}%".format(group) in eauth_config:
@ -2017,7 +2017,7 @@ class ClearFuncs(object):
                            break
            except KeyError:
                pass
-            if '*' not in eauth_users and token['name'] not in eauth_users \
+            if '^model' not in eauth_users and '*' not in eauth_users and token['name'] not in eauth_users \
                and not group_auth_match:
                log.warning('Authentication failure of type "token" occurred.')
                return ''
--- a/salt/netapi/rest_cherrypy/app.py
+++ b/salt/netapi/rest_cherrypy/app.py
@ -1687,16 +1687,19 @@ class Login(LowDataAdapter):
        try:
            eauth = self.opts.get('external_auth', {}).get(token['eauth'], {})

-            # Get sum of '*' perms, user-specific perms, and group-specific perms
-            perms = eauth.get(token['name'], [])
-            perms.extend(eauth.get('*', []))
+            if token['eauth'] == 'django' and '^model' in eauth:
+                perms = token['auth_list']
+            else:
+                # Get sum of '*' perms, user-specific perms, and group-specific perms
+                perms = eauth.get(token['name'], [])
+                perms.extend(eauth.get('*', []))

-            if 'groups' in token and token['groups']:
-                user_groups = set(token['groups'])
-                eauth_groups = set([i.rstrip('%') for i in eauth.keys() if i.endswith('%')])
+                if 'groups' in token and token['groups']:
+                    user_groups = set(token['groups'])
+                    eauth_groups = set([i.rstrip('%') for i in eauth.keys() if i.endswith('%')])

-                for group in user_groups & eauth_groups:
-                    perms.extend(eauth['{0}%'.format(group)])
+                    for group in user_groups & eauth_groups:
+                        perms.extend(eauth['{0}%'.format(group)])

            if not perms:
                logger.debug("Eauth permission list not found.")