| 1 | from django.contrib.auth.models import User, Permission, AnonymousUser
|
|---|
| 2 |
|
|---|
| 3 |
|
|---|
| 4 | class ModelBackend(object):
|
|---|
| 5 | """
|
|---|
| 6 | Authenticates against django.contrib.auth.models.User.
|
|---|
| 7 | """
|
|---|
| 8 | supports_inactive_user = True
|
|---|
| 9 |
|
|---|
| 10 | user_model = User
|
|---|
| 11 | permission_model = Permission
|
|---|
| 12 | anonymous_user_model = AnonymousUser
|
|---|
| 13 |
|
|---|
| 14 | def get_anonymous_user(self):
|
|---|
| 15 | return AnonymousUser()
|
|---|
| 16 |
|
|---|
| 17 | # TODO: Model, login attribute name and password attribute name should be
|
|---|
| 18 | # configurable.
|
|---|
| 19 | def authenticate(self, username=None, password=None):
|
|---|
| 20 | try:
|
|---|
| 21 | user = self.user_model.objects.get(username=username)
|
|---|
| 22 | if user.check_password(password):
|
|---|
| 23 | return user
|
|---|
| 24 | except self.user_model.DoesNotExist:
|
|---|
| 25 | return None
|
|---|
| 26 |
|
|---|
| 27 | def get_group_permissions(self, user_obj, obj=None):
|
|---|
| 28 | """
|
|---|
| 29 | Returns a set of permission strings that this user has through his/her
|
|---|
| 30 | groups.
|
|---|
| 31 | """
|
|---|
| 32 | if user_obj.is_anonymous() or obj is not None:
|
|---|
| 33 | return set()
|
|---|
| 34 | if not hasattr(user_obj, '_group_perm_cache'):
|
|---|
| 35 | if user_obj.is_superuser:
|
|---|
| 36 | perms = self.permission_model.objects.all()
|
|---|
| 37 | else:
|
|---|
| 38 | perms = self.permission_model.objects.filter(group__user=user_obj)
|
|---|
| 39 | perms = perms.values_list('content_type__app_label', 'codename').order_by()
|
|---|
| 40 | user_obj._group_perm_cache = set(["%s.%s" % (ct, name) for ct, name in perms])
|
|---|
| 41 | return user_obj._group_perm_cache
|
|---|
| 42 |
|
|---|
| 43 | def get_all_permissions(self, user_obj, obj=None):
|
|---|
| 44 | if user_obj.is_anonymous() or obj is not None:
|
|---|
| 45 | return set()
|
|---|
| 46 | if not hasattr(user_obj, '_perm_cache'):
|
|---|
| 47 | user_obj._perm_cache = set([u"%s.%s" % (p.content_type.app_label, p.codename) for p in user_obj.user_permissions.select_related()])
|
|---|
| 48 | user_obj._perm_cache.update(self.get_group_permissions(user_obj))
|
|---|
| 49 | return user_obj._perm_cache
|
|---|
| 50 |
|
|---|
| 51 | def has_perm(self, user_obj, perm, obj=None):
|
|---|
| 52 | if not user_obj.is_active:
|
|---|
| 53 | return False
|
|---|
| 54 | return perm in self.get_all_permissions(user_obj, obj)
|
|---|
| 55 |
|
|---|
| 56 | def has_module_perms(self, user_obj, app_label):
|
|---|
| 57 | """
|
|---|
| 58 | Returns True if user_obj has any permissions in the given app_label.
|
|---|
| 59 | """
|
|---|
| 60 | if not user_obj.is_active:
|
|---|
| 61 | return False
|
|---|
| 62 | for perm in self.get_all_permissions(user_obj):
|
|---|
| 63 | if perm[:perm.index('.')] == app_label:
|
|---|
| 64 | return True
|
|---|
| 65 | return False
|
|---|
| 66 |
|
|---|
| 67 | def get_user(self, user_id):
|
|---|
| 68 | try:
|
|---|
| 69 | return self.user_model.objects.get(pk=user_id)
|
|---|
| 70 | except self.user_model.DoesNotExist:
|
|---|
| 71 | return None
|
|---|
| 72 |
|
|---|
| 73 |
|
|---|
| 74 | class RemoteUserBackend(ModelBackend):
|
|---|
| 75 | """
|
|---|
| 76 | This backend is to be used in conjunction with the ``RemoteUserMiddleware``
|
|---|
| 77 | found in the middleware module of this package, and is used when the server
|
|---|
| 78 | is handling authentication outside of Django.
|
|---|
| 79 |
|
|---|
| 80 | By default, the ``authenticate`` method creates ``User`` objects for
|
|---|
| 81 | usernames that don't already exist in the database. Subclasses can disable
|
|---|
| 82 | this behavior by setting the ``create_unknown_user`` attribute to
|
|---|
| 83 | ``False``.
|
|---|
| 84 | """
|
|---|
| 85 |
|
|---|
| 86 | # Create a User object if not already in the database?
|
|---|
| 87 | create_unknown_user = True
|
|---|
| 88 |
|
|---|
| 89 | def authenticate(self, remote_user):
|
|---|
| 90 | """
|
|---|
| 91 | The username passed as ``remote_user`` is considered trusted. This
|
|---|
| 92 | method simply returns the ``User`` object with the given username,
|
|---|
| 93 | creating a new ``User`` object if ``create_unknown_user`` is ``True``.
|
|---|
| 94 |
|
|---|
| 95 | Returns None if ``create_unknown_user`` is ``False`` and a ``User``
|
|---|
| 96 | object with the given username is not found in the database.
|
|---|
| 97 | """
|
|---|
| 98 | if not remote_user:
|
|---|
| 99 | return
|
|---|
| 100 | user = None
|
|---|
| 101 | username = self.clean_username(remote_user)
|
|---|
| 102 |
|
|---|
| 103 | # Note that this could be accomplished in one try-except clause, but
|
|---|
| 104 | # instead we use get_or_create when creating unknown users since it has
|
|---|
| 105 | # built-in safeguards for multiple threads.
|
|---|
| 106 | if self.create_unknown_user:
|
|---|
| 107 | user, created = self.user_model.objects.get_or_create(username=username)
|
|---|
| 108 | if created:
|
|---|
| 109 | user = self.configure_user(user)
|
|---|
| 110 | else:
|
|---|
| 111 | try:
|
|---|
| 112 | user = self.user_model.objects.get(username=username)
|
|---|
| 113 | except self.user_model.DoesNotExist:
|
|---|
| 114 | pass
|
|---|
| 115 | return user
|
|---|
| 116 |
|
|---|
| 117 | def clean_username(self, username):
|
|---|
| 118 | """
|
|---|
| 119 | Performs any cleaning on the "username" prior to using it to get or
|
|---|
| 120 | create the user object. Returns the cleaned username.
|
|---|
| 121 |
|
|---|
| 122 | By default, returns the username unchanged.
|
|---|
| 123 | """
|
|---|
| 124 | return username
|
|---|
| 125 |
|
|---|
| 126 | def configure_user(self, user):
|
|---|
| 127 | """
|
|---|
| 128 | Configures a user after creation and returns the updated user.
|
|---|
| 129 |
|
|---|
| 130 | By default, returns the user unmodified.
|
|---|
| 131 | """
|
|---|
| 132 | return user
|
|---|