Index: django/contrib/auth/handlers/modwsgi.py =================================================================== --- django/contrib/auth/handlers/modwsgi.py (revision 0) +++ django/contrib/auth/handlers/modwsgi.py (revision 0) @@ -0,0 +1,27 @@ +from django.contrib.auth.models import User +from django import db + +def authenticate_user(environ, user, password): + """ + Authentication handler that checks against Django's auth database + """ + + db.reset_queries() + + kwargs = {'username': user, 'is_active': True} + + try: + # verify the user exists + try: + user = User.objects.get(**kwargs) + except User.DoesNotExist: + return None + + # verify the password for the given user + if user.check_password(password): + return True + else: + return False + finally: + db.connection.close() + Index: docs/howto/apache-auth.txt =================================================================== --- docs/howto/apache-auth.txt (revision 11602) +++ docs/howto/apache-auth.txt (working copy) @@ -19,11 +19,81 @@ .. _Subversion: http://subversion.tigris.org/ .. _mod_dav: http://httpd.apache.org/docs/2.0/mod/mod_dav.html -Configuring Apache -================== +Authentication with mod_wsgi +============================ -To check against Django's authorization database from a Apache configuration -file, you'll need to use mod_python's ``PythonAuthenHandler`` directive along +Make sure that mod_wsgi is installed and activated and that you have +followed the steps to +:ref:`use Django with Apache and mod_wsgi `. + +Next, edit the Apache ``httpd.conf`` file to add a path that you want +only authenticated users to be able to view: + +.. code-block:: apache + + WSGIScriptAlias / /path/to/mysite/apache/django.wsgi + + WSGIProcessGroup %{GLOBAL} + WSGIApplicationGroup django + + + AuthType Basic + AuthName "Top Secret" + Require valid-user + AuthBasicProvider wsgi + WSGIAuthUserScript /path/to/mysite/apache/django.wsgi + + +The ``WSGIAuthUserScript`` directive tells mod_wsgi to execute the +``check_password`` function in that script passing the user name and +password that it receives from the prompt. In this example, +the ``WSGIAuthUserScript`` is the same as the ``WSGIScriptAlias`` that +defines your application. + +.. admonition:: Using Apache 2.2 with authentication + + Make sure that ``mod_auth_basic`` and ``mod_authz_user`` are loaded. + + These might be compiled statically into Apache, or you might need to use + LoadModule to load them dynamically in your ``httpd.conf``: + + .. code-block:: apache + + LoadModule auth_basic_module modules/mod_auth_basic.so + LoadModule authz_user_module modules/mod_authz_user.so + +Finally, edit your "WSGI file" to tie Apache's authentication to your site's +users: + +.. code-block:: python + + import os + import sys + + os.environ['DJANGO_SETTINGS_MODULE'] = 'mysite.settings' + + from django.contrib.auth.handlers.modwsgi import authenticate_user + + def check_password(environ, user, password): + return authenticate_user(environ, user, password) + + from django.core.handlers.wsgi import WSGIHandler + + application = WSGIHandler() + + +Requests beginning with ``/secret/`` will now require a user to authenticate. + +The mod_wsgi `access control mechanisms documentation`_ provides additional +details and information about alternative methods of authentication. + +.. _access control mechanisms documentation: http://code.google.com/p/modwsgi/wiki/AccessControlMechanisms + +Authentication with mod_python +============================== + +To check against Django's authorization database from mod_python, +you'll need to use mod_python's ``PythonAuthenHandler`` directive along with the standard ``Auth*`` and ``Require`` directives: .. code-block:: apache @@ -84,8 +154,8 @@ PythonAuthenHandler django.contrib.auth.handlers.modpython -By default, the authentication handler will limit access to the ``/example/`` -location to users marked as staff members. You can use a set of +By default, the mod_python authentication handler will limit access to the +``/example/`` location to users marked as staff members. You can use a set of ``PythonOption`` directives to modify this behavior: ================================ =========================================