Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromiumos / infra / autotest-drone / affe09b5a82a1ec1a6c8f19571e07bb9f901abe0 / . / frontend / apache_auth.py
blob: f8a887ed9a9dbc7a23f0186b9521a544f924c204 [file] [log] [blame]
mblighe8819cd2008-02-15 16:48:40 +0000[diff] [blame]1from django.contrib.auth.models import User, Group, check_password
2from django.contrib import auth
3from django import http
4
showardff901382008-07-07 23:22:16 +0000[diff] [blame]5from frontend import thread_local
mblighe8819cd2008-02-15 16:48:40 +0000[diff] [blame]6from frontend.afe import models, management
7
8DEBUG_USER = 'debug_user'
9
10class SimpleAuthBackend:
jadmanski0afbb632008-06-06 21:10:57 +0000[diff] [blame]11 """
12 Automatically allows any login. This backend is for use when Apache is
13 doing the real authentication. Also ensures logged-in user exists in
14 frontend.afe.models.User database.
15 """
16 def authenticate(self, username=None, password=None):
17 try:
18 user = User.objects.get(username=username)
19 except User.DoesNotExist:
20 # password is meaningless
21 user = User(username=username,
22 password='apache authentication')
23 user.is_staff = True
24 user.save() # need to save before adding groups
25 user.groups.add(Group.objects.get(
26 name=management.BASIC_ADMIN))
mblighe8819cd2008-02-15 16:48:40 +0000[diff] [blame]27
jadmanski0afbb632008-06-06 21:10:57 +0000[diff] [blame]28 SimpleAuthBackend.check_afe_user(username)
29 return user
mblighe8819cd2008-02-15 16:48:40 +0000[diff] [blame]30
31
jadmanski0afbb632008-06-06 21:10:57 +0000[diff] [blame]32 @staticmethod
33 def check_afe_user(username):
34 user, _ = models.User.objects.get_or_create(login=username)
35 user.save()
mblighe8819cd2008-02-15 16:48:40 +0000[diff] [blame]36
jadmanski0afbb632008-06-06 21:10:57 +0000[diff] [blame]37 def get_user(self, user_id):
38 try:
39 return User.objects.get(pk=user_id)
40 except User.DoesNotExist:
41 return None
mblighe8819cd2008-02-15 16:48:40 +0000[diff] [blame]42
43
44class ApacheAuthMiddleware(object):
jadmanski0afbb632008-06-06 21:10:57 +0000[diff] [blame]45 """
46 Middleware for use when Apache is doing authentication. Looks for
47 REQUEST_USER in requests and logs that user in. If no such header is
48 found, looks for HTTP_AUTHORIZATION header with username to login (this
49 allows CLI to authenticate).
50 """
mblighe8819cd2008-02-15 16:48:40 +0000[diff] [blame]51
jadmanski0afbb632008-06-06 21:10:57 +0000[diff] [blame]52 def process_request(self, request):
53 # look for a username from Apache
54 user = request.META.get('REMOTE_USER')
55 if user is None:
56 # look for a user in headers. This is insecure but
57 # it's our temporarily solution for CLI auth.
58 user = request.META.get('HTTP_AUTHORIZATION')
59 if user is None:
60 # no user info - assume we're in development mode
61 user = DEBUG_USER
62 user_object = auth.authenticate(username=user,
63 password='')
64 auth.login(request, user_object)
showardff901382008-07-07 23:22:16 +0000[diff] [blame]65 thread_local.set_user(models.User.objects.get(login=user))
jadmanski0afbb632008-06-06 21:10:57 +0000[diff] [blame]66 return None