1 | from django.parts.auth import anonymoususers |
---|
2 | from django.models.auth import users, User |
---|
3 | import md5 |
---|
4 | import datetime |
---|
5 | |
---|
6 | try: |
---|
7 | from django.conf.settings import \ |
---|
8 | REALM_DOMAINS, EMAIL_DEFAULT_TO_REALM, \ |
---|
9 | DEFAULT_DOMAIN, PASSWORD_SENTINEL |
---|
10 | except ImportError: |
---|
11 | # These settings adjust the behaviour of the httpdauth.HttpAuth middleware. |
---|
12 | # |
---|
13 | # To prevent email addresses from being determined, set: |
---|
14 | # |
---|
15 | # REALM_DOMAINS = {} |
---|
16 | # EMAIL_DEFAULT_TO_REALM = False |
---|
17 | # DEFAULT_DOMAIN = None |
---|
18 | # |
---|
19 | # Otherwise, set: |
---|
20 | # |
---|
21 | # REALM_DOMAINS maps Kerberos realms to email address domains. |
---|
22 | REALM_DOMAINS = {} |
---|
23 | |
---|
24 | # If the realm lookup fails but EMAIL_DEFAULT_TO_REALM is true, a lowercase |
---|
25 | # version of the realm will be used as the email address domain. |
---|
26 | EMAIL_DEFAULT_TO_REALM = False |
---|
27 | |
---|
28 | # Finally: if EMAIL_DEFAULT_TO_REALM isn't appropriate but there's a single |
---|
29 | # domain where all the other addresses go, set DEFAULT_DOMAIN. Otherwise, |
---|
30 | # set it to None. |
---|
31 | DEFAULT_DOMAIN = None |
---|
32 | |
---|
33 | # This sentinel is used instead of an MD5 hash in the password field of |
---|
34 | # the created user record. |
---|
35 | PASSWORD_SENTINEL = 'XXno_passwordXX' |
---|
36 | |
---|
37 | class HttpAuth: |
---|
38 | """ |
---|
39 | Grabs what the webserver thinks is the logged on user id, |
---|
40 | and use that instead, creating the record if it doesn't exist in the table. |
---|
41 | |
---|
42 | There are currently three problems with this at the moment. |
---|
43 | * It doesn't update the last-login |
---|
44 | * It doesn't update the session cookie |
---|
45 | * It has no idea what the email address is |
---|
46 | """ |
---|
47 | def process_request(self, request): |
---|
48 | "gets REMOTE_USER and sets the userid based on that" |
---|
49 | if request.user.is_anonymous(): |
---|
50 | remote_user = request.META.get('REMOTE_USER') |
---|
51 | if remote_user is not None: |
---|
52 | email = email_domain = None |
---|
53 | try: |
---|
54 | username, realm = remote_user.split('@') |
---|
55 | email_domain = REALM_DOMAINS.get(realm.upper()) |
---|
56 | if email_domain is None and EMAIL_DEFAULT_TO_REALM: |
---|
57 | email_domain = realm.lower() |
---|
58 | except ValueError: |
---|
59 | username = remote_user |
---|
60 | email_domain = email_domain or DEFAULT_DOMAIN |
---|
61 | try: |
---|
62 | user = users.get_object(username__exact=username) |
---|
63 | except (users.UserDoesNotExist): |
---|
64 | now = datetime.datetime.now() |
---|
65 | if email_domain is not None: |
---|
66 | email = '%s@%s' % (username, email_domain) |
---|
67 | user = User(None, username,'','', email, |
---|
68 | PASSWORD_SENTINEL, False, True, |
---|
69 | False, now, now) |
---|
70 | user.save() |
---|
71 | request.user= user |
---|
72 | return None |
---|
73 | |
---|