Ticket #10809: modwsgi_auth_handler.2.diff

File modwsgi_auth_handler.2.diff, 4.5 KB (added by David Fischer, 11 years ago)

Contains the mod_wsgi auth handler and supporting documentation

  • django/contrib/auth/handlers/modwsgi.py

     
     1from django.contrib.auth.models import User
     2from django import db
     3
     4def authenticate_user(environ, user, password):
     5    """
     6    Authentication handler that checks against Django's auth database
     7    """
     8
     9    db.reset_queries()
     10
     11    kwargs = {'username': user, 'is_active': True}
     12
     13    try:
     14        # verify the user exists
     15        try:
     16            user = User.objects.get(**kwargs)
     17        except User.DoesNotExist:
     18            return None
     19
     20        # verify the password for the given user
     21        if user.check_password(password):
     22            return True
     23        else:
     24            return False
     25    finally:
     26        db.connection.close()
     27
  • docs/howto/apache-auth.txt

     
    1919.. _Subversion: http://subversion.tigris.org/
    2020.. _mod_dav: http://httpd.apache.org/docs/2.0/mod/mod_dav.html
    2121
    22 Configuring Apache
    23 ==================
     22Authentication with mod_wsgi
     23============================
    2424
    25 To check against Django's authorization database from a Apache configuration
    26 file, you'll need to use mod_python's ``PythonAuthenHandler`` directive along
     25Make sure that mod_wsgi is installed and activated and that you have
     26followed the steps to
     27:ref:`use Django with Apache and mod_wsgi <howto-deployment-modwsgi>`.
     28
     29Next, edit the Apache ``httpd.conf`` file to add a path that you want
     30only authenticated users to be able to view:
     31
     32.. code-block:: apache
     33
     34    WSGIScriptAlias / /path/to/mysite/apache/django.wsgi
     35   
     36    WSGIProcessGroup %{GLOBAL}
     37    WSGIApplicationGroup django
     38   
     39    <Location "/secret">
     40        AuthType Basic
     41        AuthName "Top Secret"
     42        Require valid-user
     43        AuthBasicProvider wsgi
     44        WSGIAuthUserScript /path/to/mysite/apache/django.wsgi
     45    </Location>
     46
     47The ``WSGIAuthUserScript`` directive tells mod_wsgi to execute the
     48``check_password`` function in that script passing the user name and
     49password that it receives from the prompt. In this example,
     50the ``WSGIAuthUserScript`` is the same as the ``WSGIScriptAlias`` that
     51defines your application.
     52
     53.. admonition:: Using Apache 2.2 with authentication
     54
     55    Make sure that ``mod_auth_basic`` and ``mod_authz_user`` are loaded.
     56
     57    These might be compiled statically into Apache, or you might need to use
     58    LoadModule to load them dynamically in your ``httpd.conf``:
     59
     60    .. code-block:: apache
     61       
     62        LoadModule auth_basic_module modules/mod_auth_basic.so
     63        LoadModule authz_user_module modules/mod_authz_user.so
     64
     65Finally, edit your "WSGI file" to tie Apache's authentication to your site's
     66users:
     67
     68.. code-block:: python
     69   
     70    import os
     71    import sys
     72   
     73    os.environ['DJANGO_SETTINGS_MODULE'] = 'mysite.settings'
     74
     75    from django.contrib.auth.handlers.modwsgi import authenticate_user
     76   
     77    def check_password(environ, user, password):
     78        return authenticate_user(environ, user, password)
     79   
     80    from django.core.handlers.wsgi import WSGIHandler
     81
     82    application = WSGIHandler()
     83
     84
     85Requests beginning with ``/secret/`` will now require a user to authenticate.
     86
     87The mod_wsgi `access control mechanisms documentation`_ provides additional
     88details and information about alternative methods of authentication.
     89
     90.. _access control mechanisms documentation: http://code.google.com/p/modwsgi/wiki/AccessControlMechanisms
     91
     92Authentication with mod_python
     93==============================
     94
     95To check against Django's authorization database from mod_python,
     96you'll need to use mod_python's ``PythonAuthenHandler`` directive along
    2797with the standard ``Auth*`` and ``Require`` directives:
    2898
    2999.. code-block:: apache
     
    84154            PythonAuthenHandler django.contrib.auth.handlers.modpython
    85155        </Location>
    86156
    87 By default, the authentication handler will limit access to the ``/example/``
    88 location to users marked as staff members.  You can use a set of
     157By default, the mod_python authentication handler will limit access to the
     158``/example/`` location to users marked as staff members.  You can use a set of
    89159``PythonOption`` directives to modify this behavior:
    90160
    91161    ================================  =========================================
Back to Top