Ticket #3609: BasicAuthentication.diff
| File BasicAuthentication.diff, 4.6 KB (added by , 17 years ago) |
|---|
-
django/contrib/admin/views/decorators.py
2 2 from django.conf import settings 3 3 from django.contrib.auth.models import User 4 4 from django.contrib.auth import authenticate, login 5 from django.contrib.auth.middleware import basic_challenge 5 6 from django.shortcuts import render_to_response 6 7 from django.utils.translation import gettext_lazy 7 8 import base64, datetime, md5 … … 11 12 LOGIN_FORM_KEY = 'this_is_the_login_form' 12 13 13 14 def _display_login_form(request, error_message=''): 15 if getattr(settings, 'BASIC_WWW_AUTHENTICATION', False): 16 return basic_challenge() 14 17 request.session.set_test_cookie() 15 18 if request.POST and request.POST.has_key('post_data'): 16 19 # User has failed login BUT has previously saved post data. -
django/contrib/auth/middleware.py
1 from django.conf import settings 2 from django.http import HttpResponse 3 4 from django.contrib.auth import authenticate, login, logout 5 6 def basic_challenge(realm = None): 7 if realm is None: 8 realm = getattr(settings, 'WWW_AUTHENTICATION_REALM', _('Restricted Access')) 9 # TODO: Make a nice template for a 401 message? 10 response = HttpResponse(_('Authorization Required'), mimetype="text/plain") 11 response['WWW-Authenticate'] = 'Basic realm="%s"' % (realm) 12 response.status_code = 401 13 return response 14 15 def basic_authenticate(authentication): 16 # Taken from paste.auth 17 (authmeth, auth) = authentication.split(' ',1) 18 if 'basic' != authmeth.lower(): 19 return None 20 auth = auth.strip().decode('base64') 21 username, password = auth.split(':',1) 22 return authenticate(username = username, password = password) 23 24 class BasicAuthenticationMiddleware: 25 def process_request(self, request): 26 if not getattr(settings, 'BASIC_WWW_AUTHENTICATION', False): 27 return None 28 if not request.META.has_key('HTTP_AUTHORIZATION'): 29 # If the user out of the session as well 30 logout(request) 31 return None 32 user = basic_authenticate(request.META['HTTP_AUTHORIZATION']) 33 if user is None: 34 return basic_challenge() 35 else: 36 login(request, user) 37 1 38 class LazyUser(object): 2 39 def __get__(self, request, obj_type=None): 3 40 if not hasattr(request, '_cached_user'): -
django/contrib/auth/views.py
35 35 "Logs out the user and displays 'You are logged out' message." 36 36 from django.contrib.auth import logout 37 37 logout(request) 38 39 # This 'works' as a way to log out users but it is confusing. You 40 # log out and it asks for your credentials again? 41 #if not getattr(settings, 'BASIC_WWW_AUTHENTICATION', False): 42 # from middleware import basic_challenge 43 # return basic_challenge() 38 44 if next_page is None: 39 45 return render_to_response(template_name, {'title': _('Logged out')}, context_instance=RequestContext(request)) 40 46 else: -
django/contrib/auth/decorators.py
1 from django.conf import settings 2 1 3 from django.contrib.auth import LOGIN_URL, REDIRECT_FIELD_NAME 2 4 from django.http import HttpResponseRedirect 3 5 from urllib import quote … … 2 4 5 from django.contrib.auth.middleware import basic_challenge 6 3 7 def user_passes_test(test_func, login_url=LOGIN_URL): … … 12 16 def _checklogin(request, *args, **kwargs): 13 17 if test_func(request.user): 14 18 return view_func(request, *args, **kwargs) 15 return HttpResponseRedirect('%s?%s=%s' % (login_url, REDIRECT_FIELD_NAME, quote(request.get_full_path()))) 19 if getattr(settings, 'BASIC_WWW_AUTHENTICATION', False): 20 return basic_challenge() 21 else: 22 return HttpResponseRedirect('%s?%s=%s' % (login_url, REDIRECT_FIELD_NAME, quote(request.get_full_path()))) 16 23 _checklogin.__doc__ = view_func.__doc__ 17 24 _checklogin.__dict__ = view_func.__dict__ 18 19 25 return _checklogin 20 26 return _dec 21 27