User Authentication
We use the default Django authentication provided in the django.contrib.auth.views.login view. This will render the template from templates/registration/login.html.
In openl2m/settings.py, we set
LOGIN_REDIRECT_URL = 'home'
This forces all logins, re-logins on time-out etc. back to the ‘home’ url (defined in openl2m/urls.py)
Then we enforce login requirements without redirect to a specific page with the @login_required(redirect_field_name=None) decorator for all url handler functions, except for the ‘basic view’ in switches/views.py, switch_basics()
This allows for bookmarks to specific switches to redirect properly.
Logging
We tie into the django signals for user_logged_in/out/failed() in users/models.py, and add Log() entries as needed.
Logout
This is handled in users/views.py, LogoutView()
Accounts & Profiles
The Profile() model is defined in users/models.py. This adds fields to the base Django User() object via a 1to1 relationship. We also receive signals here to handle user account actions, so we can add/update the profile fields as needed.
Finally, in users/admin.py we override the default admin page for User(), and add in the view for both the Profile() and SwitchGroup() to the user view.
LDAP Authentication
in openl2m/settings.py, if openl2m/ldap_config.py exists, we import it. After settings variables for the django ldap module, we then add this to the authentication workflow as such:
AUTHENTICATION_BACKENDS.insert(0, 'django_auth_ldap.backend.LDAPBackend')
Ldap authentication now becomes to first one to check, so this now takes care of all the magic!
LDAP group mapping is managed via a signal handler in users/signals.py, ldap_auth_handler()
Here we enumerate through the group names for the user, and match them to the
settings.AUTH_LDAP_GROUP_TO_SWITCHGROUP_REGEX
expression. Matching ldap groups get created as SwitchGroup() (if needed), and the user is assigned a member of that SwitchGroup().