| 1 |
from django.parts.auth import anonymoususers |
|---|
| 2 |
from django.models.auth import users, User |
|---|
| 3 |
import md5 |
|---|
| 4 |
import datetime |
|---|
| 5 |
|
|---|
| 6 |
try: |
|---|
| 7 |
from django.conf.settings import \ |
|---|
| 8 |
REALM_DOMAINS, EMAIL_DEFAULT_TO_REALM, \ |
|---|
| 9 |
DEFAULT_DOMAIN, PASSWORD_SENTINEL |
|---|
| 10 |
except ImportError: |
|---|
| 11 |
# These settings adjust the behaviour of the httpdauth.HttpAuth middleware. |
|---|
| 12 |
# |
|---|
| 13 |
# To prevent email addresses from being determined, set: |
|---|
| 14 |
# |
|---|
| 15 |
# REALM_DOMAINS = {} |
|---|
| 16 |
# EMAIL_DEFAULT_TO_REALM = False |
|---|
| 17 |
# DEFAULT_DOMAIN = None |
|---|
| 18 |
# |
|---|
| 19 |
# Otherwise, set: |
|---|
| 20 |
# |
|---|
| 21 |
# REALM_DOMAINS maps Kerberos realms to email address domains. |
|---|
| 22 |
REALM_DOMAINS = {} |
|---|
| 23 |
|
|---|
| 24 |
# If the realm lookup fails but EMAIL_DEFAULT_TO_REALM is true, a lowercase |
|---|
| 25 |
# version of the realm will be used as the email address domain. |
|---|
| 26 |
EMAIL_DEFAULT_TO_REALM = False |
|---|
| 27 |
|
|---|
| 28 |
# Finally: if EMAIL_DEFAULT_TO_REALM isn't appropriate but there's a single |
|---|
| 29 |
# domain where all the other addresses go, set DEFAULT_DOMAIN. Otherwise, |
|---|
| 30 |
# set it to None. |
|---|
| 31 |
DEFAULT_DOMAIN = None |
|---|
| 32 |
|
|---|
| 33 |
# This sentinel is used instead of an MD5 hash in the password field of |
|---|
| 34 |
# the created user record. |
|---|
| 35 |
PASSWORD_SENTINEL = 'XXno_passwordXX' |
|---|
| 36 |
|
|---|
| 37 |
class HttpAuth: |
|---|
| 38 |
""" |
|---|
| 39 |
Grabs what the webserver thinks is the logged on user id, |
|---|
| 40 |
and use that instead, creating the record if it doesn't exist in the table. |
|---|
| 41 |
|
|---|
| 42 |
There are currently three problems with this at the moment. |
|---|
| 43 |
* It doesn't update the last-login |
|---|
| 44 |
* It doesn't update the session cookie |
|---|
| 45 |
* It has no idea what the email address is |
|---|
| 46 |
""" |
|---|
| 47 |
def process_request(self, request): |
|---|
| 48 |
"gets REMOTE_USER and sets the userid based on that" |
|---|
| 49 |
if request.user.is_anonymous(): |
|---|
| 50 |
remote_user = request.META.get('REMOTE_USER') |
|---|
| 51 |
if remote_user is not None: |
|---|
| 52 |
email = email_domain = None |
|---|
| 53 |
try: |
|---|
| 54 |
username, realm = remote_user.split('@') |
|---|
| 55 |
email_domain = REALM_DOMAINS.get(realm.upper()) |
|---|
| 56 |
if email_domain is None and EMAIL_DEFAULT_TO_REALM: |
|---|
| 57 |
email_domain = realm.lower() |
|---|
| 58 |
except ValueError: |
|---|
| 59 |
username = remote_user |
|---|
| 60 |
email_domain = email_domain or DEFAULT_DOMAIN |
|---|
| 61 |
try: |
|---|
| 62 |
user = users.get_object(username__exact=username) |
|---|
| 63 |
except (users.UserDoesNotExist): |
|---|
| 64 |
now = datetime.datetime.now() |
|---|
| 65 |
if email_domain is not None: |
|---|
| 66 |
email = '%s@%s' % (username, email_domain) |
|---|
| 67 |
user = User(None, username,'','', email, |
|---|
| 68 |
PASSWORD_SENTINEL, False, True, |
|---|
| 69 |
False, now, now) |
|---|
| 70 |
user.save() |
|---|
| 71 |
request.user= user |
|---|
| 72 |
return None |
|---|
