Ticket #3609: BasicAuthentication.diff

File BasicAuthentication.diff, 4.6 KB (added by pterk@…, 8 years ago)
  • django/contrib/admin/views/decorators.py

     
    22from django.conf import settings
    33from django.contrib.auth.models import User
    44from django.contrib.auth import authenticate, login
     5from django.contrib.auth.middleware import basic_challenge
    56from django.shortcuts import render_to_response
    67from django.utils.translation import gettext_lazy
    78import base64, datetime, md5
     
    1112LOGIN_FORM_KEY = 'this_is_the_login_form'
    1213
    1314def _display_login_form(request, error_message=''):
     15    if getattr(settings, 'BASIC_WWW_AUTHENTICATION', False):
     16        return basic_challenge()
    1417    request.session.set_test_cookie()
    1518    if request.POST and request.POST.has_key('post_data'):
    1619        # User has failed login BUT has previously saved post data.
  • django/contrib/auth/middleware.py

     
     1from django.conf import settings
     2from django.http import HttpResponse
     3
     4from django.contrib.auth import authenticate, login, logout
     5
     6def basic_challenge(realm = None):
     7    if realm is None:
     8        realm = getattr(settings, 'WWW_AUTHENTICATION_REALM', _('Restricted Access'))
     9    # TODO: Make a nice template for a 401 message?
     10    response =  HttpResponse(_('Authorization Required'), mimetype="text/plain")
     11    response['WWW-Authenticate'] = 'Basic realm="%s"' % (realm)
     12    response.status_code = 401
     13    return response
     14
     15def basic_authenticate(authentication):
     16    # Taken from paste.auth
     17    (authmeth, auth) = authentication.split(' ',1)
     18    if 'basic' != authmeth.lower():
     19        return None
     20    auth = auth.strip().decode('base64')
     21    username, password = auth.split(':',1)
     22    return authenticate(username = username, password = password)
     23
     24class BasicAuthenticationMiddleware:
     25    def process_request(self, request):
     26        if not getattr(settings, 'BASIC_WWW_AUTHENTICATION', False):
     27            return None
     28        if not request.META.has_key('HTTP_AUTHORIZATION'):
     29            # If the user out of the session as well
     30            logout(request)
     31            return None
     32        user =  basic_authenticate(request.META['HTTP_AUTHORIZATION'])
     33        if user is None:
     34            return basic_challenge()
     35        else:
     36            login(request, user)
     37
    138class LazyUser(object):
    239    def __get__(self, request, obj_type=None):
    340        if not hasattr(request, '_cached_user'):
  • django/contrib/auth/views.py

     
    3535    "Logs out the user and displays 'You are logged out' message."
    3636    from django.contrib.auth import logout
    3737    logout(request)
     38   
     39    # This 'works' as a way to log out users but it is confusing. You
     40    # log out and it asks for your credentials again?
     41    #if not getattr(settings, 'BASIC_WWW_AUTHENTICATION', False):
     42    #    from middleware import basic_challenge
     43    #    return basic_challenge()
    3844    if next_page is None:
    3945        return render_to_response(template_name, {'title': _('Logged out')}, context_instance=RequestContext(request))
    4046    else:
  • django/contrib/auth/decorators.py

     
     1from django.conf import settings
     2
    13from django.contrib.auth import LOGIN_URL, REDIRECT_FIELD_NAME
    24from django.http import HttpResponseRedirect
    35from urllib import quote
     
    24
     5from django.contrib.auth.middleware import basic_challenge
     6
    37def user_passes_test(test_func, login_url=LOGIN_URL):
     
    1216        def _checklogin(request, *args, **kwargs):
    1317            if test_func(request.user):
    1418                return view_func(request, *args, **kwargs)
    15             return HttpResponseRedirect('%s?%s=%s' % (login_url, REDIRECT_FIELD_NAME, quote(request.get_full_path())))
     19            if getattr(settings, 'BASIC_WWW_AUTHENTICATION', False):
     20                return basic_challenge()
     21            else:
     22                return HttpResponseRedirect('%s?%s=%s' % (login_url, REDIRECT_FIELD_NAME, quote(request.get_full_path())))
    1623        _checklogin.__doc__ = view_func.__doc__
    1724        _checklogin.__dict__ = view_func.__dict__
    18 
    1925        return _checklogin
    2026    return _dec
    2127
Back to Top