Refactor authentication backends to enhance NoPasswordAuthBackend functionality; integrate Allauth for email login and improve password handling logic.

2025-07-19 04:49:37 +02:00 · 2025-05-28 12:21:43 -04:00 · 2025-05-28 12:21:43 -04:00 · 8be723b9ad
commit 8be723b9ad
parent a7128756bd
2 changed files with 35 additions and 8 deletions
--- a/backend/server/main/settings.py
+++ b/backend/server/main/settings.py
@ -238,8 +238,8 @@ HEADLESS_FRONTEND_URLS = {

 AUTHENTICATION_BACKENDS = [
    'users.backends.NoPasswordAuthBackend',
-    'allauth.account.auth_backends.AuthenticationBackend',
-    'django.contrib.auth.backends.ModelBackend',
+    # 'allauth.account.auth_backends.AuthenticationBackend',
+    # 'django.contrib.auth.backends.ModelBackend',
 ]

 EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
--- a/backend/server/users/backends.py
+++ b/backend/server/users/backends.py
@ -1,15 +1,42 @@
 from django.contrib.auth.backends import ModelBackend
 from allauth.socialaccount.models import SocialAccount
+from allauth.account.auth_backends import AuthenticationBackend as AllauthBackend
+from django.contrib.auth import get_user_model
+
+User = get_user_model()

 class NoPasswordAuthBackend(ModelBackend):
    def authenticate(self, request, username=None, password=None, **kwargs):
-        # First, attempt normal authentication
-        user = super().authenticate(request, username=username, password=password, **kwargs)
-        if user is None:
+        # Handle allauth-specific authentication (like email login)
+        allauth_backend = AllauthBackend()
+        allauth_user = allauth_backend.authenticate(request, username=username, password=password, **kwargs)
+        
+        # If allauth handled it, check our password disable logic
+        if allauth_user:
+            has_social_accounts = SocialAccount.objects.filter(user=allauth_user).exists()
+            if has_social_accounts and getattr(allauth_user, 'disable_password', False):
+                return None
+            return allauth_user
+        
+        # Fallback to regular username/password authentication
+        if username is None or password is None:
            return None
        
-        if SocialAccount.objects.filter(user=user).exists() and user.disable_password:
-            # If yes, disable login via password
+        try:
+            # Get the user first
+            user = User.objects.get(username=username)
+        except User.DoesNotExist:
            return None
        
+        # Check if this user has social accounts and password is disabled
+        has_social_accounts = SocialAccount.objects.filter(user=user).exists()
+        
+        # If user has social accounts and disable_password is True, deny password login
+        if has_social_accounts and getattr(user, 'disable_password', False):
+            return None
+        
+        # Otherwise, proceed with normal password authentication
+        if user.check_password(password) and self.user_can_authenticate(user):
            return user
+        
+        return None