blob: 481e367479ab13cc7421451144e203866b1b2b6c [file] [log] [blame]
mblighe8819cd2008-02-15 16:48:40 +00001from django.contrib.auth.models import User, Group, check_password
2from django.contrib import auth
3from django import http
4
showardff901382008-07-07 23:22:16 +00005from frontend import thread_local
mblighe8819cd2008-02-15 16:48:40 +00006from frontend.afe import models, management
7
8DEBUG_USER = 'debug_user'
9
10class SimpleAuthBackend:
jadmanski0afbb632008-06-06 21:10:57 +000011 """
12 Automatically allows any login. This backend is for use when Apache is
13 doing the real authentication. Also ensures logged-in user exists in
14 frontend.afe.models.User database.
15 """
16 def authenticate(self, username=None, password=None):
17 try:
18 user = User.objects.get(username=username)
19 except User.DoesNotExist:
20 # password is meaningless
21 user = User(username=username,
22 password='apache authentication')
23 user.is_staff = True
24 user.save() # need to save before adding groups
25 user.groups.add(Group.objects.get(
26 name=management.BASIC_ADMIN))
mblighe8819cd2008-02-15 16:48:40 +000027
jadmanski0afbb632008-06-06 21:10:57 +000028 SimpleAuthBackend.check_afe_user(username)
29 return user
mblighe8819cd2008-02-15 16:48:40 +000030
31
jadmanski0afbb632008-06-06 21:10:57 +000032 @staticmethod
33 def check_afe_user(username):
showard3dd47c22008-07-10 00:41:36 +000034 user, created = models.User.objects.get_or_create(login=username)
35 if created:
36 user.save()
mblighe8819cd2008-02-15 16:48:40 +000037
jadmanski0afbb632008-06-06 21:10:57 +000038 def get_user(self, user_id):
39 try:
40 return User.objects.get(pk=user_id)
41 except User.DoesNotExist:
42 return None
mblighe8819cd2008-02-15 16:48:40 +000043
44
showard6f1593c2008-07-11 16:56:16 +000045class GetApacheUserMiddleware(object):
jadmanski0afbb632008-06-06 21:10:57 +000046 """
47 Middleware for use when Apache is doing authentication. Looks for
showard6f1593c2008-07-11 16:56:16 +000048 REMOTE_USER in headers and passed the username found to
49 thread_local.set_user(). If no such header is found, looks for
50 HTTP_AUTHORIZATION header with username (this allows CLI to authenticate).
51 If neither of those are found, DEBUG_USER is used.
jadmanski0afbb632008-06-06 21:10:57 +000052 """
mblighe8819cd2008-02-15 16:48:40 +000053
jadmanski0afbb632008-06-06 21:10:57 +000054 def process_request(self, request):
55 # look for a username from Apache
56 user = request.META.get('REMOTE_USER')
57 if user is None:
58 # look for a user in headers. This is insecure but
59 # it's our temporarily solution for CLI auth.
60 user = request.META.get('HTTP_AUTHORIZATION')
61 if user is None:
62 # no user info - assume we're in development mode
63 user = DEBUG_USER
showard6f1593c2008-07-11 16:56:16 +000064 thread_local.set_user(user)
65
66
67class ApacheAuthMiddleware(GetApacheUserMiddleware):
68 """
69 Like GetApacheUserMiddleware, but also logs the user into Django's auth
70 system, and replaces the username in thread_local with the actual User model
71 object.
72 """
73
showarda79583c2008-07-17 17:01:15 +000074
showard6f1593c2008-07-11 16:56:16 +000075 def process_request(self, request):
76 super(ApacheAuthMiddleware, self).process_request(request)
77 username = thread_local.get_user()
showarda79583c2008-07-17 17:01:15 +000078 thread_local.set_user(None)
showard6f1593c2008-07-11 16:56:16 +000079 user_object = auth.authenticate(username=username,
jadmanski0afbb632008-06-06 21:10:57 +000080 password='')
81 auth.login(request, user_object)
showard6f1593c2008-07-11 16:56:16 +000082 thread_local.set_user(models.User.objects.get(login=username))