Make a Django auth backend for logging into NAV with LDAP, NAV-style #3498
Description
With #3619 we are attempting to switch to Django's authentication backend system for logging in users.
While there exists a ready-made library (see django-auth-ldap) it would take longer to adapt it to NAV's ancient idiosyncracies than reusing the existing ldap integration and "just" writing a Django-style auth backend. (Also we won't need to change any settings...)
The POC needs to branch off #3619, not master!
Necessary functions to reuse are found in nav.web.auth.
Spec:
Assuming that the ldap-backend comes first in the list of backends:
- On login (implementation of
BaseBackend.authenticate):- If ldap is not available, return None
- If the user does not exist in ldap, return None
- if the user exists in ldap but not locally, create the user locally and set the inputted password as the password for the new user.
- Try authenticating the user in ldap.
- If the user is newly created and the inputted password is wrong, set the locally stored password to invalid and return False
- Return False for any other errors
- If everything ok, update premissions the NAV way (
nav.web.auth._handle_ldap_admin_status) and return the Account