Merge pull request #38863 from hujunya/fix_django_auth

fix django auth not work
2025-04-17 10:10:20 +00:00 · 2017-02-07 09:42:59 -06:00 · 2017-02-07 09:42:59 -06:00 · a0907bc861
commit a0907bc861
parent c3e541e0a2 2a99ff46d3
4 changed files with 45 additions and 15 deletions
--- a/salt/auth/django.py
+++ b/salt/auth/django.py
@ -50,12 +50,16 @@ indicated above, though the model DOES NOT have to be named
 # Import python libs
 from __future__ import absolute_import
 import logging
+import os
+import sys
+

 # Import 3rd-party libs
 import salt.ext.six as six
 # pylint: disable=import-error
 try:
    import django
+    from django.db import connection
    HAS_DJANGO = True
 except Exception as exc:
    # If Django is installed and is not detected, uncomment
@ -77,10 +81,22 @@ def __virtual__():
    return False


+def is_connection_usable():
+    try:
+        connection.connection.ping()
+    except Exception:
+        return False
+    else:
+        return True
+
+
 def django_auth_setup():
    '''
    Prepare the connection to the Django authentication framework
    '''
+    if django.VERSION >= (1, 7):
+        django.setup()
+
    global DJANGO_AUTH_CLASS

    if DJANGO_AUTH_CLASS is not None:
@ -95,21 +111,26 @@ def django_auth_setup():
        django_model_name = django_model_fullname.split('.')[-1]
        django_module_name = '.'.join(django_model_fullname.split('.')[0:-1])

-        __import__(django_module_name, globals(), locals(), 'SaltExternalAuthModel')
+        django_auth_module = __import__(django_module_name, globals(), locals(), 'SaltExternalAuthModel')
        DJANGO_AUTH_CLASS_str = 'django_auth_module.{0}'.format(django_model_name)
        DJANGO_AUTH_CLASS = eval(DJANGO_AUTH_CLASS_str)  # pylint: disable=W0123

-    if django.VERSION >= (1, 7):
-        django.setup()
-

 def auth(username, password):
    '''
    Simple Django auth
    '''
-    import django.contrib.auth  # pylint: disable=import-error
+    django_auth_path = __opts__['django_auth_path']
+    if django_auth_path not in sys.path:
+        sys.path.append(django_auth_path)
+    os.environ.setdefault('DJANGO_SETTINGS_MODULE', __opts__['django_auth_settings'])

    django_auth_setup()
+
+    if not is_connection_usable():
+        connection.close()
+
+    import django.contrib.auth  # pylint: disable=import-error
    user = django.contrib.auth.authenticate(username=username, password=password)
    if user is not None:
        if user.is_active:
--- a/salt/config/init.py
+++ b/salt/config/init.py
@ -932,6 +932,10 @@ VALID_OPTS = {
    # Note: to set enum arguments values like `cert_reqs` and `ssl_version` use constant names
    # without ssl module prefix: `CERT_REQUIRED` or `PROTOCOL_SSLv23`.
    'ssl': (dict, type(None)),
+
+    # django auth
+    'django_auth_path': str,
+    'django_auth_settings': str,
 }

 # default configurations
@ -1442,6 +1446,8 @@ DEFAULT_MASTER_OPTS = {
    'cache': 'localfs',
    'thin_extra_mods': '',
    'ssl': None,
+    'django_auth_path': '',
+    'django_auth_settings': '',
 }


--- a/salt/master.py
+++ b/salt/master.py
@ -1917,7 +1917,7 @@ class ClearFuncs(object):
            name = self.loadauth.load_name(clear_load)
            groups = self.loadauth.get_groups(clear_load)
            eauth_config = self.opts['external_auth'][clear_load['eauth']]
-            if '*' not in eauth_config and name not in eauth_config:
+            if '^model' not in eauth_config and '*' not in eauth_config and name not in eauth_config:
                found = False
                for group in groups:
                    if "{0}%".format(group) in eauth_config:
@ -2017,7 +2017,7 @@ class ClearFuncs(object):
                            break
            except KeyError:
                pass
-            if '*' not in eauth_users and token['name'] not in eauth_users \
+            if '^model' not in eauth_users and '*' not in eauth_users and token['name'] not in eauth_users \
                and not group_auth_match:
                log.warning('Authentication failure of type "token" occurred.')
                return ''
--- a/salt/netapi/rest_cherrypy/app.py
+++ b/salt/netapi/rest_cherrypy/app.py
@ -1687,16 +1687,19 @@ class Login(LowDataAdapter):
        try:
            eauth = self.opts.get('external_auth', {}).get(token['eauth'], {})

-            # Get sum of '*' perms, user-specific perms, and group-specific perms
-            perms = eauth.get(token['name'], [])
-            perms.extend(eauth.get('*', []))
+            if token['eauth'] == 'django' and '^model' in eauth:
+                perms = token['auth_list']
+            else:
+                # Get sum of '*' perms, user-specific perms, and group-specific perms
+                perms = eauth.get(token['name'], [])
+                perms.extend(eauth.get('*', []))

-            if 'groups' in token and token['groups']:
-                user_groups = set(token['groups'])
-                eauth_groups = set([i.rstrip('%') for i in eauth.keys() if i.endswith('%')])
+                if 'groups' in token and token['groups']:
+                    user_groups = set(token['groups'])
+                    eauth_groups = set([i.rstrip('%') for i in eauth.keys() if i.endswith('%')])

-                for group in user_groups & eauth_groups:
-                    perms.extend(eauth['{0}%'.format(group)])
+                    for group in user_groups & eauth_groups:
+                        perms.extend(eauth['{0}%'.format(group)])

            if not perms:
                logger.debug("Eauth permission list not found.")