| 1 | from django.parts.auth import anonymoususers |
|---|
| 2 | from django.models.auth import users, User |
|---|
| 3 | import md5 |
|---|
| 4 | import datetime |
|---|
| 5 | |
|---|
| 6 | try: |
|---|
| 7 | from django.conf.settings import \ |
|---|
| 8 | REALM_DOMAINS, EMAIL_DEFAULT_TO_REALM, \ |
|---|
| 9 | DEFAULT_DOMAIN, PASSWORD_SENTINEL |
|---|
| 10 | except ImportError: |
|---|
| 11 | # These settings adjust the behaviour of the httpdauth.HttpAuth middleware. |
|---|
| 12 | # |
|---|
| 13 | # To prevent email addresses from being determined, set: |
|---|
| 14 | # |
|---|
| 15 | # REALM_DOMAINS = {} |
|---|
| 16 | # EMAIL_DEFAULT_TO_REALM = False |
|---|
| 17 | # DEFAULT_DOMAIN = None |
|---|
| 18 | # |
|---|
| 19 | # Otherwise, set: |
|---|
| 20 | # |
|---|
| 21 | # REALM_DOMAINS maps Kerberos realms to email address domains. |
|---|
| 22 | REALM_DOMAINS = {} |
|---|
| 23 | |
|---|
| 24 | # If the realm lookup fails but EMAIL_DEFAULT_TO_REALM is true, a lowercase |
|---|
| 25 | # version of the realm will be used as the email address domain. |
|---|
| 26 | EMAIL_DEFAULT_TO_REALM = False |
|---|
| 27 | |
|---|
| 28 | # Finally: if EMAIL_DEFAULT_TO_REALM isn't appropriate but there's a single |
|---|
| 29 | # domain where all the other addresses go, set DEFAULT_DOMAIN. Otherwise, |
|---|
| 30 | # set it to None. |
|---|
| 31 | DEFAULT_DOMAIN = None |
|---|
| 32 | |
|---|
| 33 | # This sentinel is used instead of an MD5 hash in the password field of |
|---|
| 34 | # the created user record. |
|---|
| 35 | PASSWORD_SENTINEL = 'XXno_passwordXX' |
|---|
| 36 | |
|---|
| 37 | class HttpAuth: |
|---|
| 38 | """ |
|---|
| 39 | Grabs what the webserver thinks is the logged on user id, |
|---|
| 40 | and use that instead, creating the record if it doesn't exist in the table. |
|---|
| 41 | |
|---|
| 42 | There are currently three problems with this at the moment. |
|---|
| 43 | * It doesn't update the last-login |
|---|
| 44 | * It doesn't update the session cookie |
|---|
| 45 | * It has no idea what the email address is |
|---|
| 46 | """ |
|---|
| 47 | def process_request(self, request): |
|---|
| 48 | "gets REMOTE_USER and sets the userid based on that" |
|---|
| 49 | if request.user.is_anonymous(): |
|---|
| 50 | remote_user = request.META.get('REMOTE_USER') |
|---|
| 51 | if remote_user is not None: |
|---|
| 52 | email = email_domain = None |
|---|
| 53 | try: |
|---|
| 54 | username, realm = remote_user.split('@') |
|---|
| 55 | email_domain = REALM_DOMAINS.get(realm.upper()) |
|---|
| 56 | if email_domain is None and EMAIL_DEFAULT_TO_REALM: |
|---|
| 57 | email_domain = realm.lower() |
|---|
| 58 | except ValueError: |
|---|
| 59 | username = remote_user |
|---|
| 60 | email_domain = email_domain or DEFAULT_DOMAIN |
|---|
| 61 | try: |
|---|
| 62 | user = users.get_object(username__exact=username) |
|---|
| 63 | except (users.UserDoesNotExist): |
|---|
| 64 | now = datetime.datetime.now() |
|---|
| 65 | if email_domain is not None: |
|---|
| 66 | email = '%s@%s' % (username, email_domain) |
|---|
| 67 | user = User(None, username,'','', email, |
|---|
| 68 | PASSWORD_SENTINEL, False, True, |
|---|
| 69 | False, now, now) |
|---|
| 70 | user.save() |
|---|
| 71 | request.user= user |
|---|
| 72 | return None |
|---|
| 73 | |
|---|