Replace custom NAV login authenticator with a series of Django authentication backends #3626
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This replaces the authentication mechanism used in the `do_login` view to instead employ Django's authentication system.
This explicitly sets the `AUTHENTICATION_BACKENDS` setting to include both the new `LdapBackend` and Django's built-in `ModelBackend` in the correct order - thereby replicating the legacy LDAP-based login flow of NAV in Django terms.
The old `nav.web.auth.authenticate()` function has been replaced by proper Django authentication backends and can therefore be removed.
For some reason, these test modules imported Django models via the `nav.web.auth` module, which no longer has them. This just updates the imports, but many tests still fail, since the `nav.web.auth.authenticate` function no longer exists.
lunkwill42
added
802.1X
nonews
|
Test results 15 files 15 suites 14m 15s ⏱️ For more details on these failures, see this check. Results for commit c3bb990. |
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## feature/nav-django-ldap-backend #3626 +/- ##
====================================================================
+ Coverage 18.88% 62.41% +43.53%
====================================================================
Files 612 612
Lines 45153 45119 -34
Branches 43 43
====================================================================
+ Hits 8527 28161 +19634
+ Misses 36616 16948 -19668
Partials 10 10 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Scope and purpose
Fixes #3625. Dependent on #3624
This explicitly sets
AUTHENTICATION_BACKENDSin Django settings to include the standardModelBackendfrom Django, and the newLdapBackendimplemented in #3624.It changes the existing implementation of NAV's
do_login()view to use Django's authentication mechanism, rather than NAV's customauthenticate()function, making the login flow work with the new authentication backends instead.However, tests are not updated yet. ATM, the failing tests mostly concern themselves with testing the now-removed
nav.web.auth.authenticate()function, so these tests will have to be re-thought (likely, they could be removed and rebuilt as tests for the new ldap backend instead?)Also, these changes to not consider the
REMOTE_USER-based login mechanism, so @hmpf may have to look into that before we can merge this.All in all, the goal is that this should be mergeable before/without completing a transition to implementing django-allauth in NAV.
Contributor Checklist
Every pull request should have this checklist filled out, no matter how small it is.
More information about contributing to NAV can be found in the
Hacker's guide to NAV.
<major>.<minor>.x). For a new feature or other additions, it should be based onmaster.