Remove obsolete authenticate() implementation

lunkwill42 · lunkwill42 · commit 313675665318 · 2025-10-22T16:05:06.000+02:00
The old `nav.web.auth.authenticate()` function has been replaced by
proper Django authentication backends and can therefore be removed.
diff --git a/python/nav/web/auth/__init__.py b/python/nav/web/auth/__init__.py
@@ -19,21 +19,16 @@
 
 import logging
 from typing import Optional
-
 from urllib import parse
 
 from django.http import HttpRequest
 from django.urls import reverse
 
 from nav.auditlog.models import LogEntry
-from nav.models.profiles import Account
-from nav.web.auth import ldap, remote_user
-from nav.web.auth.ldap_auth_backend import _handle_ldap_admin_status
-
+from nav.web.auth import remote_user
 from nav.web.auth.sudo import desudo
 from nav.web.auth.utils import clear_session, get_account
 
-
 _logger = logging.getLogger(__name__)
 
 
@@ -47,64 +42,6 @@
 LOGOUT_URL = '/index/logout/'
 
 
-def authenticate(username: str, password: str) -> Optional[Account]:
-    """Authenticate username and password against database.
-    Returns account object if user was authenticated, else None.
-    """
-    # FIXME Log stuff?
-    auth = False
-    account = None
-
-    # Try to find the account in the database. If it's not found we can try
-    # LDAP.
-    try:
-        account = Account.objects.get(login__iexact=username)
-    except Account.DoesNotExist:
-        if ldap.available:
-            user = ldap.authenticate(username, password)
-            # If we authenticated, store the user in database.
-            if user:
-                account = Account(
-                    login=user.username, name=user.get_real_name(), ext_sync='ldap'
-                )
-                account.set_password(password)
-                account.save()
-                _handle_ldap_admin_status(user, account)
-                # We're authenticated now
-                auth = True
-
-    if account and account.locked:
-        _logger.info("Locked user %s tried to log in", account.login)
-
-    if (
-        account
-        and account.ext_sync == 'ldap'
-        and ldap.available
-        and not auth
-        and not account.locked
-    ):
-        try:
-            auth = ldap.authenticate(username, password)
-        except ldap.NoAnswerError:
-            # Fallback to stored password if ldap is unavailable
-            auth = False
-        else:
-            if auth:
-                account.set_password(password)
-                account.save()
-                _handle_ldap_admin_status(auth, account)
-            else:
-                return
-
-    if account and not auth:
-        auth = account.check_password(password)
-
-    if auth and account:
-        return account
-    else:
-        return None
-
-
 def get_login_url(request: HttpRequest) -> str:
     """Calculate which login_url to use"""
     path = parse.quote(request.get_full_path())
