Ticket #689: 689.2.diff
| File 689.2.diff, 10.0 KB (added by , 15 years ago) |
|---|
-
django/contrib/auth/backends.py
diff --git a/django/contrib/auth/backends.py b/django/contrib/auth/backends.py index bba883b..fdc0df9 100644
a b class ModelBackend(object): 78 78 return User.objects.get(pk=user_id) 79 79 except User.DoesNotExist: 80 80 return None 81 82 class RemoteUserAuthBackend(ModelBackend): 83 create_unknown_user = True 84 85 def authenticate(self, username, password=None): 86 """ 87 Authenticate user - RemoteUserAuth middleware passes REMOTE_USER 88 as username. 89 """ 90 if password is not None: 91 return None 92 user = None 93 if username: 94 username = self.parse_user(username) 95 if self.create_unknown_user: 96 user, created = User.objects.get_or_create(username=username) 97 if created: 98 user = self.configure_user(user) 99 else: 100 try: 101 user = User.objects.get(username=username) 102 except User.DoesNotExist: 103 return None 104 return user 105 106 def parse_user(self, username): 107 """ Parse the provided username. 108 Override this method if you need to do special things with the 109 username, like stripping @realm or cleaning something like 110 cn=x,dc=sas,etc. 111 """ 112 return username 113 114 def configure_user(self, user): 115 """ Configure a user after login. 116 i.e: to read group membership from LDAP and so on. 117 Called only if user User object has just been created." 118 """ 119 return user -
django/contrib/auth/middleware.py
diff --git a/django/contrib/auth/middleware.py b/django/contrib/auth/middleware.py index 42dc15a..7deb0fe 100644
a b class AuthenticationMiddleware(object): 10 10 assert hasattr(request, 'session'), "The Django authentication middleware requires session middleware to be installed. Edit your MIDDLEWARE_CLASSES setting to insert 'django.contrib.sessions.middleware.SessionMiddleware'." 11 11 request.__class__.user = LazyUser() 12 12 return None 13 14 class RemoteUserAuthMiddleware(object): 15 def process_request(self, request): 16 from django.contrib.auth import authenticate, login 17 # AuthenticationMiddleware is required to create request.user 18 error = """The Django RemoteUserAuth middleware requires authentication middleware to be installed. Edit your MIDDLEWARE_CLASSES 19 setting to insert 'django.contrib.auth.middleware.AuthenticationMiddleware' *before* the RemoteUserMiddleware class.""" 20 assert hasattr(request, 'user'), error 21 if request.user.is_anonymous(): 22 user = None 23 try: 24 user = authenticate(username=request.META['REMOTE_USER']) 25 except KeyError: 26 pass # No remote user available 27 if user is not None: 28 request.user = user # set request.user to the authenticated user 29 login(request, user) # auto-login the user to Django 30 return None 31 -
django/contrib/auth/tests/__init__.py
diff --git a/django/contrib/auth/tests/__init__.py b/django/contrib/auth/tests/__init__.py index 23cfbaf..b40a9c2 100644
a b 1 from django.contrib.auth.tests.basic import BASIC_TESTS 1 from django.contrib.auth.tests.basic import BASIC_TESTS, HttpAuthTest 2 2 from django.contrib.auth.tests.views import PasswordResetTest, ChangePasswordTest 3 3 from django.contrib.auth.tests.forms import FORM_TESTS 4 4 from django.contrib.auth.tests.tokens import TOKEN_GENERATOR_TESTS … … __test__ = { 11 11 'FORM_TESTS': FORM_TESTS, 12 12 'TOKEN_GENERATOR_TESTS': TOKEN_GENERATOR_TESTS, 13 13 'CHANGEPASSWORD_TESTS': ChangePasswordTest, 14 'HTTPAUTH_TESTS': HttpAuthTest, 14 15 } -
django/contrib/auth/tests/basic.py
diff --git a/django/contrib/auth/tests/basic.py b/django/contrib/auth/tests/basic.py index 2071710..be2b8ca 100644
a b u'joe@somewhere.org' 54 54 >>> u.password 55 55 u'!' 56 56 """ 57 58 from django.test import TestCase 59 from django.contrib.auth.models import User 60 from django.conf import settings 61 62 class HttpAuthTest(TestCase): 63 def setUp(self): 64 self.curr_middleware = settings.MIDDLEWARE_CLASSES 65 self.curr_auth = settings.AUTHENTICATION_BACKENDS 66 67 settings.MIDDLEWARE_CLASSES +=\ 68 ('django.contrib.auth.middleware.RemoteUserAuthMiddleware', ) 69 settings.AUTHENTICATION_BACKENDS =\ 70 ('django.contrib.auth.backends.RemoteUserAuthBackend',) 71 72 def test_remote_user(self): 73 "REMOTE_USER variable set by Web server is respected" 74 extra_headers = {'REMOTE_USER': 'iamnotanuser'} 75 response = self.client.get('/', **extra_headers) 76 77 u = User.objects.get(username='iamnotanuser') 78 # if no exception ws raises above it means this works. 79 80 def tearDown(self): 81 # Restore settings to avoid breaking other tests. 82 settings.MIDDLEWARE_CLASSES = self.curr_middleware 83 settings.AUTHENTICATION_BACKENDS = self.curr_auth -
new file docs/topics/auth-remote-user.txt
diff --git a/docs/topics/auth-remote-user.txt b/docs/topics/auth-remote-user.txt new file mode 100644 index 0000000..71a2782
- + 1 .. _topics-auth-remote-user: 2 3 ====================================================== 4 Authenticating against REMOTE_USER from the Web Server 5 ====================================================== 6 7 Typically on intranet sites users are already authenticated by the web server 8 (e.g. a Windows domain using IIS Integrated Authentication, or an environment 9 using solutions like Apache `mod_authnz_ldap`_, `CAS`_, `Cosign`_, `WebAuth`_, 10 etc.) 11 12 .. _mod_authnz_ldap: http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html 13 .. _CAS: http://www.ja-sig.org/products/cas/ 14 .. _Cosign: http://weblogin.org 15 .. _WebAuth: http://www.stanford.edu/services/webauth/ 16 17 When the web server takes care of authentication it sets the ``REMOTE_USER`` 18 header for use in the underlying application. Then it's up to this 19 application to take care of the authorization. 20 21 Django can be configured to make use of the ``REMOTE_USER`` header making it 22 possible to integrate your Django applications with a pre-existing single 23 sign-on enterprise infrastructure. 24 25 We assume that you have already configured your web server to authenticate 26 users (i.e. by using ``mod_auth_sspi`` in Apache, Integrated Authentication in 27 IIS or one of the solutions listed above). 28 29 Configuring Django 30 ================== 31 32 First of all, you must add the ``RemoteUserAuthMiddleware`` to the 33 ``MIDDLEWARE_CLASSES`` setting just **after** (never before) 34 ``AuthenticationMiddleware``. 35 36 With this setup, ``RemoteUserAuthMiddleware`` will detect the ``REMOTE_USER`` 37 variable in the requests and will auto-login the user by using the username 38 contained in such variable. The user must already exist in the authentication 39 backend being used by Django. 40 41 Additionally, you need to add an authentication backend to Django. This backend 42 is responsible of doing extra authorization and user setup when it's logged in 43 by the ``RemoteUserAuthMiddleware``. A fully-working sample backend is provided 44 which you can use by adding ``RemoteUserAuthBackend`` in the 45 ``AUTHENTICATION_BACKENDS`` setting. 46 47 If you want even more control, you can create your own authentication backend 48 that inherits from ``RemoteUserAuthBackend``, override a few methods and attributes: 49 50 * ``create_unknown_user``: Attribute, tell if the user specified in ``REMOTE_USER`` 51 should be created when it does not exist in the Django database. Defaults to ``True``. 52 * ``parse_user``: Should cleanup ``REMOTE_USER`` (i.e. strip @realm from 53 it). It takes the ``username`` as argument, and must return the cleaned 54 ``username``. 55 * ``configure_user``: Will be called after ``unknown_user`` only when a new 56 ``User`` object has been created so you can configure it. Takes the 57 newly created ``User`` instance as it's only argument. Should also return 58 the ``User`` instance that represents the user. 59 60 and use it in the ``AUTHENTICATION_BACKENDS`` setting. 61 62 Examples: 63 64 settings.py:: 65 66 MIDDLEWARE_CLASSES = ( 67 'django.contrib.auth.middleware.AuthenticationMiddleware', 68 'django.contrib.auth.middleware.RemoteUserAuthMiddleware', 69 ... 70 ) 71 72 AUTHENTICATION_BACKENDS = ( 73 'django.contrib.auth.backends.RemoteUserAuthBackend', 74 ) -
docs/topics/auth.txt
diff --git a/docs/topics/auth.txt b/docs/topics/auth.txt index 6de6a3b..4717b3d 100644
a b plug in another authentication sources. You can override Django's default 1224 1224 database-based scheme, or you can use the default system in tandem with other 1225 1225 systems. 1226 1226 1227 .. versionadded:: 1.1 1228 Handling authentication at the web server was added in Django 1.1 1229 1230 Handling authentication at the web server 1231 ----------------------------------------- 1232 1233 There's a very specific situation/scenario in which you want to handle 1234 authentication at the web server's level (i.e. standard HTTP AUTH) and want 1235 Django to honour this authentication. This is covered in 1236 :ref:`Authenticating against REMOTE_USER<topics-auth-remote-user>` 1237 1227 1238 Specifying authentication backends 1228 1239 ---------------------------------- 1229 1240 … … A full authorization implementation can be found in 1360 1371 the ``auth_permission`` table most of the time. 1361 1372 1362 1373 .. _django/contrib/auth/backends.py: http://code.djangoproject.com/browser/django/trunk/django/contrib/auth/backends.py 1374 -
docs/topics/index.txt
diff --git a/docs/topics/index.txt b/docs/topics/index.txt index 5d83980..710cfc0 100644
a b Introductions to all the key parts of Django you'll need to know: 17 17 files 18 18 testing 19 19 auth 20 auth-remote-user 20 21 cache 21 22 email 22 23 i18n