|
|
@@ -58,22 +58,24 @@ class TokenAuthentication(authentication.TokenAuthentication):
|
|
|
if token.is_expired:
|
|
|
raise exceptions.AuthenticationFailed("Token expired")
|
|
|
|
|
|
- if not token.user.is_active:
|
|
|
- raise exceptions.AuthenticationFailed("User inactive")
|
|
|
-
|
|
|
+ user = token.user
|
|
|
# When LDAP authentication is active try to load user data from LDAP directory
|
|
|
if settings.REMOTE_AUTH_BACKEND == 'netbox.authentication.LDAPBackend':
|
|
|
from netbox.authentication import LDAPBackend
|
|
|
ldap_backend = LDAPBackend()
|
|
|
|
|
|
# Load from LDAP if FIND_GROUP_PERMS is active
|
|
|
- if ldap_backend.settings.FIND_GROUP_PERMS:
|
|
|
- user = ldap_backend.populate_user(token.user.username)
|
|
|
+ # Always query LDAP when user is not active, otherwise it is never activated again
|
|
|
+ if ldap_backend.settings.FIND_GROUP_PERMS or not token.user.is_active:
|
|
|
+ ldap_user = ldap_backend.populate_user(token.user.username)
|
|
|
# If the user is found in the LDAP directory use it, if not fallback to the local user
|
|
|
- if user:
|
|
|
- return user, token
|
|
|
+ if ldap_user:
|
|
|
+ user = ldap_user
|
|
|
+
|
|
|
+ if not user.is_active:
|
|
|
+ raise exceptions.AuthenticationFailed("User inactive")
|
|
|
|
|
|
- return token.user, token
|
|
|
+ return user, token
|
|
|
|
|
|
|
|
|
class TokenPermissions(DjangoObjectPermissions):
|
Kevin Petremann