| 1 | from django.parts.auth import anonymoususers
|
|---|
| 2 | from django.models.auth import users, User
|
|---|
| 3 | import md5
|
|---|
| 4 | import datetime
|
|---|
| 5 |
|
|---|
| 6 | try:
|
|---|
| 7 | from django.conf.settings import \
|
|---|
| 8 | REALM_DOMAINS, EMAIL_DEFAULT_TO_REALM, \
|
|---|
| 9 | DEFAULT_DOMAIN, PASSWORD_SENTINEL
|
|---|
| 10 | except ImportError:
|
|---|
| 11 | # These settings adjust the behaviour of the httpdauth.HttpAuth middleware.
|
|---|
| 12 | #
|
|---|
| 13 | # To prevent email addresses from being determined, set:
|
|---|
| 14 | #
|
|---|
| 15 | # REALM_DOMAINS = {}
|
|---|
| 16 | # EMAIL_DEFAULT_TO_REALM = False
|
|---|
| 17 | # DEFAULT_DOMAIN = None
|
|---|
| 18 | #
|
|---|
| 19 | # Otherwise, set:
|
|---|
| 20 | #
|
|---|
| 21 | # REALM_DOMAINS maps Kerberos realms to email address domains.
|
|---|
| 22 | REALM_DOMAINS = {}
|
|---|
| 23 |
|
|---|
| 24 | # If the realm lookup fails but EMAIL_DEFAULT_TO_REALM is true, a lowercase
|
|---|
| 25 | # version of the realm will be used as the email address domain.
|
|---|
| 26 | EMAIL_DEFAULT_TO_REALM = False
|
|---|
| 27 |
|
|---|
| 28 | # Finally: if EMAIL_DEFAULT_TO_REALM isn't appropriate but there's a single
|
|---|
| 29 | # domain where all the other addresses go, set DEFAULT_DOMAIN. Otherwise,
|
|---|
| 30 | # set it to None.
|
|---|
| 31 | DEFAULT_DOMAIN = None
|
|---|
| 32 |
|
|---|
| 33 | # This sentinel is used instead of an MD5 hash in the password field of
|
|---|
| 34 | # the created user record.
|
|---|
| 35 | PASSWORD_SENTINEL = 'XXno_passwordXX'
|
|---|
| 36 |
|
|---|
| 37 | class HttpAuth:
|
|---|
| 38 | """
|
|---|
| 39 | Grabs what the webserver thinks is the logged on user id,
|
|---|
| 40 | and use that instead, creating the record if it doesn't exist in the table.
|
|---|
| 41 |
|
|---|
| 42 | There are currently three problems with this at the moment.
|
|---|
| 43 | * It doesn't update the last-login
|
|---|
| 44 | * It doesn't update the session cookie
|
|---|
| 45 | * It has no idea what the email address is
|
|---|
| 46 | """
|
|---|
| 47 | def process_request(self, request):
|
|---|
| 48 | "gets REMOTE_USER and sets the userid based on that"
|
|---|
| 49 | if request.user.is_anonymous():
|
|---|
| 50 | remote_user = request.META.get('REMOTE_USER')
|
|---|
| 51 | if remote_user is not None:
|
|---|
| 52 | email = email_domain = None
|
|---|
| 53 | try:
|
|---|
| 54 | username, realm = remote_user.split('@')
|
|---|
| 55 | email_domain = REALM_DOMAINS.get(realm.upper())
|
|---|
| 56 | if email_domain is None and EMAIL_DEFAULT_TO_REALM:
|
|---|
| 57 | email_domain = realm.lower()
|
|---|
| 58 | except ValueError:
|
|---|
| 59 | username = remote_user
|
|---|
| 60 | email_domain = email_domain or DEFAULT_DOMAIN
|
|---|
| 61 | try:
|
|---|
| 62 | user = users.get_object(username__exact=username)
|
|---|
| 63 | except (users.UserDoesNotExist):
|
|---|
| 64 | now = datetime.datetime.now()
|
|---|
| 65 | if email_domain is not None:
|
|---|
| 66 | email = '%s@%s' % (username, email_domain)
|
|---|
| 67 | user = User(None, username,'','', email,
|
|---|
| 68 | PASSWORD_SENTINEL, False, True,
|
|---|
| 69 | False, now, now)
|
|---|
| 70 | user.save()
|
|---|
| 71 | request.user= user
|
|---|
| 72 | return None
|
|---|
| 73 |
|
|---|