Django

Code

Ticket #10809: modwsgi_auth_handler.2.diff

File modwsgi_auth_handler.2.diff, 4.5 kB (added by davidfischer, 10 months ago)

Contains the mod_wsgi auth handler and supporting documentation

  • django/contrib/auth/handlers/modwsgi.py

    old new  
     1from django.contrib.auth.models import User 
     2from django import db 
     3 
     4def authenticate_user(environ, user, password): 
     5    """ 
     6    Authentication handler that checks against Django's auth database 
     7    """ 
     8 
     9    db.reset_queries()  
     10 
     11    kwargs = {'username': user, 'is_active': True}  
     12 
     13    try:  
     14        # verify the user exists 
     15        try:  
     16            user = User.objects.get(**kwargs)  
     17        except User.DoesNotExist:  
     18            return None 
     19 
     20        # verify the password for the given user 
     21        if user.check_password(password):  
     22            return True 
     23        else:  
     24            return False 
     25    finally:  
     26        db.connection.close() 
     27 

  • docs/howto/apache-auth.txt

    old new  
    1919.. _Subversion: http://subversion.tigris.org/ 
    2020.. _mod_dav: http://httpd.apache.org/docs/2.0/mod/mod_dav.html 
    2121 
    22 Configuring Apache 
    23 ================== 
     22Authentication with mod_wsgi 
     23============================ 
    2424 
    25 To check against Django's authorization database from a Apache configuration 
    26 file, you'll need to use mod_python's ``PythonAuthenHandler`` directive along 
     25Make sure that mod_wsgi is installed and activated and that you have 
     26followed the steps to  
     27:ref:`use Django with Apache and mod_wsgi <howto-deployment-modwsgi>`. 
     28 
     29Next, edit the Apache ``httpd.conf`` file to add a path that you want 
     30only authenticated users to be able to view:  
     31 
     32.. code-block:: apache 
     33 
     34    WSGIScriptAlias / /path/to/mysite/apache/django.wsgi 
     35     
     36    WSGIProcessGroup %{GLOBAL} 
     37    WSGIApplicationGroup django 
     38     
     39    <Location "/secret"> 
     40        AuthType Basic 
     41        AuthName "Top Secret" 
     42        Require valid-user 
     43        AuthBasicProvider wsgi 
     44        WSGIAuthUserScript /path/to/mysite/apache/django.wsgi 
     45    </Location> 
     46 
     47The ``WSGIAuthUserScript`` directive tells mod_wsgi to execute the  
     48``check_password`` function in that script passing the user name and 
     49password that it receives from the prompt. In this example, 
     50the ``WSGIAuthUserScript`` is the same as the ``WSGIScriptAlias`` that 
     51defines your application.  
     52 
     53.. admonition:: Using Apache 2.2 with authentication 
     54 
     55    Make sure that ``mod_auth_basic`` and ``mod_authz_user`` are loaded. 
     56 
     57    These might be compiled statically into Apache, or you might need to use  
     58    LoadModule to load them dynamically in your ``httpd.conf``: 
     59 
     60    .. code-block:: apache 
     61         
     62        LoadModule auth_basic_module modules/mod_auth_basic.so 
     63        LoadModule authz_user_module modules/mod_authz_user.so 
     64 
     65Finally, edit your "WSGI file" to tie Apache's authentication to your site's  
     66users: 
     67 
     68.. code-block:: python 
     69     
     70    import os 
     71    import sys 
     72     
     73    os.environ['DJANGO_SETTINGS_MODULE'] = 'mysite.settings' 
     74 
     75    from django.contrib.auth.handlers.modwsgi import authenticate_user 
     76     
     77    def check_password(environ, user, password): 
     78        return authenticate_user(environ, user, password) 
     79     
     80    from django.core.handlers.wsgi import WSGIHandler 
     81 
     82    application = WSGIHandler() 
     83 
     84 
     85Requests beginning with ``/secret/`` will now require a user to authenticate. 
     86 
     87The mod_wsgi `access control mechanisms documentation`_ provides additional 
     88details and information about alternative methods of authentication. 
     89 
     90.. _access control mechanisms documentation: http://code.google.com/p/modwsgi/wiki/AccessControlMechanisms 
     91 
     92Authentication with mod_python 
     93============================== 
     94 
     95To check against Django's authorization database from mod_python,  
     96you'll need to use mod_python's ``PythonAuthenHandler`` directive along 
    2797with the standard ``Auth*`` and ``Require`` directives: 
    2898 
    2999.. code-block:: apache 
     
    84154            PythonAuthenHandler django.contrib.auth.handlers.modpython 
    85155        </Location> 
    86156 
    87 By default, the authentication handler will limit access to the ``/example/`` 
    88 location to users marked as staff members.  You can use a set of 
     157By default, the mod_python authentication handler will limit access to the  
     158``/example/`` location to users marked as staff members.  You can use a set of 
    89159``PythonOption`` directives to modify this behavior: 
    90160 
    91161    ================================  =========================================