mbligh | e8819cd | 2008-02-15 16:48:40 +0000 | [diff] [blame] | 1 | from django.contrib.auth.models import User, Group, check_password |
| 2 | from django.contrib import auth |
| 3 | from django import http |
| 4 | |
showard | ff90138 | 2008-07-07 23:22:16 +0000 | [diff] [blame] | 5 | from frontend import thread_local |
mbligh | e8819cd | 2008-02-15 16:48:40 +0000 | [diff] [blame] | 6 | from frontend.afe import models, management |
| 7 | |
| 8 | DEBUG_USER = 'debug_user' |
| 9 | |
| 10 | class SimpleAuthBackend: |
jadmanski | 0afbb63 | 2008-06-06 21:10:57 +0000 | [diff] [blame] | 11 | """ |
| 12 | Automatically allows any login. This backend is for use when Apache is |
| 13 | doing the real authentication. Also ensures logged-in user exists in |
| 14 | frontend.afe.models.User database. |
| 15 | """ |
| 16 | def authenticate(self, username=None, password=None): |
| 17 | try: |
| 18 | user = User.objects.get(username=username) |
| 19 | except User.DoesNotExist: |
| 20 | # password is meaningless |
| 21 | user = User(username=username, |
| 22 | password='apache authentication') |
| 23 | user.is_staff = True |
| 24 | user.save() # need to save before adding groups |
| 25 | user.groups.add(Group.objects.get( |
| 26 | name=management.BASIC_ADMIN)) |
mbligh | e8819cd | 2008-02-15 16:48:40 +0000 | [diff] [blame] | 27 | |
jadmanski | 0afbb63 | 2008-06-06 21:10:57 +0000 | [diff] [blame] | 28 | SimpleAuthBackend.check_afe_user(username) |
| 29 | return user |
mbligh | e8819cd | 2008-02-15 16:48:40 +0000 | [diff] [blame] | 30 | |
| 31 | |
jadmanski | 0afbb63 | 2008-06-06 21:10:57 +0000 | [diff] [blame] | 32 | @staticmethod |
| 33 | def check_afe_user(username): |
showard | 3dd47c2 | 2008-07-10 00:41:36 +0000 | [diff] [blame] | 34 | user, created = models.User.objects.get_or_create(login=username) |
| 35 | if created: |
| 36 | user.save() |
mbligh | e8819cd | 2008-02-15 16:48:40 +0000 | [diff] [blame] | 37 | |
jadmanski | 0afbb63 | 2008-06-06 21:10:57 +0000 | [diff] [blame] | 38 | def get_user(self, user_id): |
| 39 | try: |
| 40 | return User.objects.get(pk=user_id) |
| 41 | except User.DoesNotExist: |
| 42 | return None |
mbligh | e8819cd | 2008-02-15 16:48:40 +0000 | [diff] [blame] | 43 | |
| 44 | |
showard | 6f1593c | 2008-07-11 16:56:16 +0000 | [diff] [blame] | 45 | class GetApacheUserMiddleware(object): |
jadmanski | 0afbb63 | 2008-06-06 21:10:57 +0000 | [diff] [blame] | 46 | """ |
| 47 | Middleware for use when Apache is doing authentication. Looks for |
showard | 6f1593c | 2008-07-11 16:56:16 +0000 | [diff] [blame] | 48 | REMOTE_USER in headers and passed the username found to |
| 49 | thread_local.set_user(). If no such header is found, looks for |
| 50 | HTTP_AUTHORIZATION header with username (this allows CLI to authenticate). |
| 51 | If neither of those are found, DEBUG_USER is used. |
jadmanski | 0afbb63 | 2008-06-06 21:10:57 +0000 | [diff] [blame] | 52 | """ |
mbligh | e8819cd | 2008-02-15 16:48:40 +0000 | [diff] [blame] | 53 | |
jadmanski | 0afbb63 | 2008-06-06 21:10:57 +0000 | [diff] [blame] | 54 | def process_request(self, request): |
| 55 | # look for a username from Apache |
| 56 | user = request.META.get('REMOTE_USER') |
| 57 | if user is None: |
| 58 | # look for a user in headers. This is insecure but |
| 59 | # it's our temporarily solution for CLI auth. |
| 60 | user = request.META.get('HTTP_AUTHORIZATION') |
| 61 | if user is None: |
| 62 | # no user info - assume we're in development mode |
| 63 | user = DEBUG_USER |
showard | 6f1593c | 2008-07-11 16:56:16 +0000 | [diff] [blame] | 64 | thread_local.set_user(user) |
| 65 | |
| 66 | |
| 67 | class ApacheAuthMiddleware(GetApacheUserMiddleware): |
| 68 | """ |
| 69 | Like GetApacheUserMiddleware, but also logs the user into Django's auth |
| 70 | system, and replaces the username in thread_local with the actual User model |
| 71 | object. |
| 72 | """ |
| 73 | |
| 74 | def process_request(self, request): |
| 75 | super(ApacheAuthMiddleware, self).process_request(request) |
| 76 | username = thread_local.get_user() |
| 77 | user_object = auth.authenticate(username=username, |
jadmanski | 0afbb63 | 2008-06-06 21:10:57 +0000 | [diff] [blame] | 78 | password='') |
| 79 | auth.login(request, user_object) |
showard | 6f1593c | 2008-07-11 16:56:16 +0000 | [diff] [blame] | 80 | thread_local.set_user(models.User.objects.get(login=username)) |