add auth/strip_domain option

2025-06-26 16:45:52 +00:00 · 2024-07-18 06:50:29 +02:00 · 2024-07-18 06:50:29 +02:00 · 13b1aaed39
commit 13b1aaed39
parent f117fd06af
5 changed files with 24 additions and 1 deletions
--- a/DOCUMENTATION.md
+++ b/DOCUMENTATION.md
@ -795,6 +795,12 @@ providers like ldap, kerberos

 Default: `False`

+##### strip_domain
+
+Strip domain from username
+
+Default: `False`
+
 #### rights

 ##### type
--- a/2
+++ b/2
@ -73,6 +73,8 @@
 # Convert username to lowercase, must be true for case-insensitive auth providers
 #lc_username = False

+# Strip domain name from username
+#strip_domain = False

 [rights]

--- a/radicale/auth/init.py
+++ b/radicale/auth/init.py
@ -52,6 +52,7 @@ def load(configuration: "config.Configuration") -> "BaseAuth":
 class BaseAuth:

    _lc_username: bool
+    _strip_domain: bool

    def __init__(self, configuration: "config.Configuration") -> None:
        """Initialize BaseAuth.
@ -63,6 +64,7 @@ class BaseAuth:
        """
        self.configuration = configuration
        self._lc_username = configuration.get("auth", "lc_username")
+        self._strip_domain = configuration.get("auth", "strip_domain")

    def get_external_login(self, environ: types.WSGIEnviron) -> Union[
            Tuple[()], Tuple[str, str]]:
@ -91,4 +93,8 @@ class BaseAuth:
        raise NotImplementedError

    def login(self, login: str, password: str) -> str:
-        return self._login(login, password).lower() if self._lc_username else self._login(login, password)
+        if self._lc_username:
+            login = login.lower()
+        if self._strip_domain:
+            login = login.split('@')[0]
+        return self._login(login, password)
--- a/radicale/config.py
+++ b/radicale/config.py
@ -191,6 +191,10 @@ DEFAULT_CONFIG_SCHEMA: types.CONFIG_SCHEMA = OrderedDict([
            "value": "1",
            "help": "incorrect authentication delay",
            "type": positive_float}),
+        ("strip_domain", {
+            "value": "False",
+            "help": "strip domain from username",
+            "type": bool}),
        ("lc_username", {
            "value": "False",
            "help": "convert username to lowercase, must be true for case-insensitive auth providers",
--- a/radicale/tests/test_auth.py
+++ b/radicale/tests/test_auth.py
@ -120,6 +120,11 @@ class TestBaseAuthRequests(BaseTest):
        self._test_htpasswd("plain", "tmp:bepo", (
            ("tmp", "bepo", True), ("TMP", "bepo", True), ("tmp1", "bepo", False)))

+    def test_htpasswd_strip_domain(self) -> None:
+        self.configure({"auth": {"strip_domain": "True"}})
+        self._test_htpasswd("plain", "tmp:bepo", (
+            ("tmp", "bepo", True), ("tmp@domain.example", "bepo", True), ("tmp1", "bepo", False)))
+
    def test_remote_user(self) -> None:
        self.configure({"auth": {"type": "remote_user"}})
        _, responses = self.propfind("/", """\