From 95580ee743b53c1e6770e6b6cce5dfddc81d71b9 Mon Sep 17 00:00:00 2001
From: Vladimir D <vladimir@brandlight.org>
Date: Wed, 24 Jan 2024 22:18:02 +0400
Subject: [PATCH] populate is_staff and is_superuser flags at LDAP
 authentication

---
 archivebox/config.py         |  1 +
 archivebox/core/__init__.py  |  2 ++
 archivebox/core/apps.py      |  5 +++++
 archivebox/core/auth.py      | 13 +++++++++++++
 archivebox/core/auth_ldap.py | 11 +++++++++++
 5 files changed, 32 insertions(+)
 create mode 100644 archivebox/core/auth.py
 create mode 100644 archivebox/core/auth_ldap.py

diff --git a/archivebox/config.py b/archivebox/config.py
index c4a3aef6..4c7bed0c 100644
--- a/archivebox/config.py
+++ b/archivebox/config.py
@@ -112,6 +112,7 @@ CONFIG_SCHEMA: Dict[str, ConfigDefaultDict] = {
         'LDAP_FIRSTNAME_ATTR':       {'type': str,   'default': None},
         'LDAP_LASTNAME_ATTR':        {'type': str,   'default': None},
         'LDAP_EMAIL_ATTR':           {'type': str,   'default': None},
+        'LDAP_CREATE_SUPERUSER':      {'type': bool,  'default': False},
     },
 
     'ARCHIVE_METHOD_TOGGLES': {
diff --git a/archivebox/core/__init__.py b/archivebox/core/__init__.py
index 3e1d607a..9cd0ce16 100644
--- a/archivebox/core/__init__.py
+++ b/archivebox/core/__init__.py
@@ -1 +1,3 @@
 __package__ = 'archivebox.core'
+
+default_app_config = 'archivebox.core.apps.CoreConfig'
diff --git a/archivebox/core/apps.py b/archivebox/core/apps.py
index b1150eb9..32088de4 100644
--- a/archivebox/core/apps.py
+++ b/archivebox/core/apps.py
@@ -5,3 +5,8 @@ class CoreConfig(AppConfig):
     name = 'core'
     # WIP: broken by Django 3.1.2 -> 4.0 migration
     default_auto_field = 'django.db.models.UUIDField'
+
+    def ready(self):
+        from .auth import register_signals
+
+        register_signals()
diff --git a/archivebox/core/auth.py b/archivebox/core/auth.py
new file mode 100644
index 00000000..fb15d5a8
--- /dev/null
+++ b/archivebox/core/auth.py
@@ -0,0 +1,13 @@
+import os
+from django.conf import settings
+from ..config import (
+    LDAP
+)
+
+def register_signals():
+
+    if LDAP:
+        import django_auth_ldap.backend
+        from .auth_ldap import create_user
+
+        django_auth_ldap.backend.populate_user.connect(create_user)
diff --git a/archivebox/core/auth_ldap.py b/archivebox/core/auth_ldap.py
new file mode 100644
index 00000000..bd35d25e
--- /dev/null
+++ b/archivebox/core/auth_ldap.py
@@ -0,0 +1,11 @@
+from django.conf import settings
+from ..config import (
+    LDAP_CREATE_SUPERUSER
+)
+
+def create_user(sender, user=None, ldap_user=None, **kwargs):
+
+    if not user.id and LDAP_CREATE_SUPERUSER:
+        user.is_superuser = True
+
+    user.is_staff = True