LAB/ArchiveBox_ArchiveBox
1
0
Fork 0
mirror of https://github.com/ArchiveBox/ArchiveBox.git synced 2026-01-15 00:12:35 +08:00
Code Issues Packages Projects Releases Wiki Activity
ArchiveBox_ArchiveBox/archivebox/ldap/auth.py
claude[bot] c2bb4b25cb Implement native LDAP authentication support 
- Create archivebox/config/ldap.py with LDAPConfig class
- Create archivebox/ldap/ Django app with custom auth backend
- Update core/settings.py to conditionally load LDAP when enabled
- Add LDAP_CREATE_SUPERUSER support to auto-grant superuser privileges
- Add comprehensive tests in test_auth_ldap.py (no mocks, no skips)
- LDAP only activates if django-auth-ldap is installed and LDAP_ENABLED=True
- Helpful error messages when LDAP libraries are missing or config is incomplete

Fixes #1664

Co-authored-by: Nick Sweeting <pirate@users.noreply.github.com>
2026-01-05 21:30:26 +00:00

50 lines
1.5 KiB
Python
Raw Permalink Blame History

"""
LDAP authentication backend for ArchiveBox.
This module extends django-auth-ldap to support the LDAP_CREATE_SUPERUSER flag.
"""
__package__ = "archivebox.ldap"
from typing import TYPE_CHECKING
if TYPE_CHECKING:
from django.contrib.auth.models import User
from django_auth_ldap.backend import LDAPBackend as BaseLDAPBackend
else:
try:
from django_auth_ldap.backend import LDAPBackend as BaseLDAPBackend
except ImportError:
# If django-auth-ldap is not installed, create a dummy base class
class BaseLDAPBackend:
"""Dummy LDAP backend when django-auth-ldap is not installed."""
pass
class ArchiveBoxLDAPBackend(BaseLDAPBackend):
"""
Custom LDAP authentication backend for ArchiveBox.
Extends django-auth-ldap's LDAPBackend to support:
- LDAP_CREATE_SUPERUSER: Automatically grant superuser privileges to LDAP users
"""
def authenticate_ldap_user(self, ldap_user, password):
"""
Authenticate using LDAP and optionally grant superuser privileges.
This method is called by django-auth-ldap after successful LDAP authentication.
"""
from archivebox.config.ldap import LDAP_CONFIG
user = super().authenticate_ldap_user(ldap_user, password)
if user and LDAP_CONFIG.LDAP_CREATE_SUPERUSER:
# Grant superuser privileges to all LDAP-authenticated users
if not user.is_superuser:
user.is_superuser = True
user.is_staff = True
user.save()
return user
Reference in New Issue View Git Blame Copy Permalink