Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromiumos / infra / autotest-drone / 9d821ab7d97c677a63589e6d71ee3c9da46f7077 / . / frontend / apache_auth.py
blob: a74dda3bc9e08234190dcc554df4d130c627a0b6 [file] [log] [blame]
mblighe8819cd2008-02-15 16:48:40 +0000[diff] [blame]1from django.contrib.auth.models import User, Group, check_password
2from django.contrib import auth
3from django import http
4
showardff901382008-07-07 23:22:16 +0000[diff] [blame]5from frontend import thread_local
mblighe8819cd2008-02-15 16:48:40 +0000[diff] [blame]6from frontend.afe import models, management
7
8DEBUG_USER = 'debug_user'
9
10class SimpleAuthBackend:
jadmanski0afbb632008-06-06 21:10:57 +0000[diff] [blame]11 """
12 Automatically allows any login. This backend is for use when Apache is
13 doing the real authentication. Also ensures logged-in user exists in
14 frontend.afe.models.User database.
15 """
16 def authenticate(self, username=None, password=None):
17 try:
18 user = User.objects.get(username=username)
19 except User.DoesNotExist:
20 # password is meaningless
21 user = User(username=username,
22 password='apache authentication')
23 user.is_staff = True
24 user.save() # need to save before adding groups
25 user.groups.add(Group.objects.get(
26 name=management.BASIC_ADMIN))
mblighe8819cd2008-02-15 16:48:40 +0000[diff] [blame]27
jadmanski0afbb632008-06-06 21:10:57 +0000[diff] [blame]28 SimpleAuthBackend.check_afe_user(username)
29 return user
mblighe8819cd2008-02-15 16:48:40 +0000[diff] [blame]30
31
jadmanski0afbb632008-06-06 21:10:57 +0000[diff] [blame]32 @staticmethod
33 def check_afe_user(username):
showard3dd47c22008-07-10 00:41:36 +0000[diff] [blame]34 user, created = models.User.objects.get_or_create(login=username)
35 if created:
36 user.save()
mblighe8819cd2008-02-15 16:48:40 +0000[diff] [blame]37
jadmanski0afbb632008-06-06 21:10:57 +0000[diff] [blame]38 def get_user(self, user_id):
39 try:
40 return User.objects.get(pk=user_id)
41 except User.DoesNotExist:
42 return None
mblighe8819cd2008-02-15 16:48:40 +0000[diff] [blame]43
44
45class ApacheAuthMiddleware(object):
jadmanski0afbb632008-06-06 21:10:57 +0000[diff] [blame]46 """
47 Middleware for use when Apache is doing authentication. Looks for
48 REQUEST_USER in requests and logs that user in. If no such header is
49 found, looks for HTTP_AUTHORIZATION header with username to login (this
50 allows CLI to authenticate).
51 """
mblighe8819cd2008-02-15 16:48:40 +0000[diff] [blame]52
jadmanski0afbb632008-06-06 21:10:57 +0000[diff] [blame]53 def process_request(self, request):
54 # look for a username from Apache
55 user = request.META.get('REMOTE_USER')
56 if user is None:
57 # look for a user in headers. This is insecure but
58 # it's our temporarily solution for CLI auth.
59 user = request.META.get('HTTP_AUTHORIZATION')
60 if user is None:
61 # no user info - assume we're in development mode
62 user = DEBUG_USER
63 user_object = auth.authenticate(username=user,
64 password='')
65 auth.login(request, user_object)
showardff901382008-07-07 23:22:16 +0000[diff] [blame]66 thread_local.set_user(models.User.objects.get(login=user))
jadmanski0afbb632008-06-06 21:10:57 +0000[diff] [blame]67 return None