Add teams authentication backend

This backend will allow us to authenticate users based on the teams they are part of. It is based on the default ModelBackend.

Add teams authentication backend
3b73a411 · Roang · a233951d · 3b73a411 · 3b73a411 · 3b73a411
Commit 3b73a411 authored 7 months ago by Roang
--- a/src/backoffice/views/auth.py
+++ b/src/backoffice/views/auth.py
@@ -48,6 +48,7 @@ class AuthDebugView(ConferenceLoginRequiredMixin, View):
            'active': u.is_active,
            'flags': [],
            'groups': list(u.groups.values_list('name', flat=True)),
+            'teams': [f"{x['team__conference__name']}: {x['team__name']}" for x in u.teams.values('team__name', 'team__conference__name')],
            'permissions': [str(x) for x in u.get_all_permissions()],
        }
        if u.is_superuser:

--- a/src/backoffice/views/moderation/users.py
+++ b/src/backoffice/views/moderation/users.py
@@ -2,6 +2,7 @@ import logging
 from oauth2_provider.models import AccessToken
+from django.conf import settings
 from django.contrib import messages
 from django.contrib.sessions.exceptions import SuspiciousSession
 from django.contrib.sessions.models import Session
@@ -58,7 +59,7 @@ class ModerationUserDetailView(ModerationAdminMixin, DetailView):
        for session in Session.objects.all():
            try:
                session_data = session.get_decoded()
-                if session_data.get('_auth_user_id') == str(user.pk) and session_data.get('_auth_user_backend') == 'django.contrib.auth.backends.ModelBackend':
+                if session_data.get('_auth_user_id') == str(user.pk) and session_data.get('_auth_user_backend') == settings.BASE_AUTHENTICATION_BACKEND:
                    session.delete()
                    deleted_sessions += 1

--- a/src/core/backends.py
+++ b/src/core/backends.py
+from django.contrib.auth import get_user_model
+from django.contrib.auth.backends import ModelBackend
+from django.contrib.auth.models import Permission
+from django.db.models import Q
+UserModel = get_user_model()
+class TeamsBackend(ModelBackend):
+    """
+    Authenticates against settings.AUTH_USER_MODEL.
+    """
+    def _get_group_permissions(self, user_obj):
+        user_groups_field = get_user_model()._meta.get_field('groups')
+        user_groups_query = f'group__{user_groups_field.related_query_name()}'
+        teams = user_obj.teams.values('team')
+        return Permission.objects.filter(Q(**{user_groups_query: user_obj}) | Q(group__in=teams))
--- a/src/hub/settings/base.py
+++ b/src/hub/settings/base.py
@@ -270,10 +270,11 @@ AUTH_PASSWORD_VALIDATORS = [
    },
 ]
+BASE_AUTHENTICATION_BACKEND = 'core.backends.TeamsBackend'
 AUTHENTICATION_BACKENDS = (
    'rules.permissions.ObjectPermissionBackend',
    'oauth2_provider.backends.OAuth2Backend',
-    'django.contrib.auth.backends.ModelBackend',
+    BASE_AUTHENTICATION_BACKEND,
 )
 # Session Cookie configuration

--- a/src/plainui/views/ticket_tokens.py
+++ b/src/plainui/views/ticket_tokens.py
@@ -7,6 +7,7 @@ __all__ = (
 from django_ratelimit.decorators import ratelimit
+from django.conf import settings
 from django.contrib import messages
 from django.contrib.auth import login
 from django.contrib.auth import views as auth_views
@@ -143,7 +144,7 @@ class RedeemTokenUserCreateView(ConferenceRequiredMixin, FormView):
                user = form.save()
                ConferenceMemberTicket.redeem_pretix_ticket(self.conf, user, form.cleaned_data['token'])
                ConferenceMember.objects.update_or_create(conference=self.conf, user=user, defaults={'has_ticket': True})
-                login(self.request, user, backend='django.contrib.auth.backends.ModelBackend')
+                login(self.request, user, backend=settings.BASE_AUTHENTICATION_BACKEND)
                return HttpResponseRedirect(self.get_success_url())
        except TicketValidationError as e:
            form.add_error(None, str(e))