source: mauRepo/dj_security/trunk/dj_security/middleware.py @ 8899

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/mauRepo/dj_security/trunk/dj_security/middleware.py
Revision 8899, 6.3 KB checked in by aharwood, 5 years ago (diff)

Updated to use client ip address

  • Property svn:mime-type set to text/plain
Line 
1'''
2BSD Licence
3Copyright (c) 2012, Science & Technology Facilities Council (STFC)
4All rights reserved.
5
6Redistribution and use in source and binary forms, with or without modification,
7are permitted provided that the following conditions are met:
8
9    * Redistributions of source code must retain the above copyright notice,
10        this list of conditions and the following disclaimer.
11    * Redistributions in binary form must reproduce the above copyright notice,
12        this list of conditions and the following disclaimer in the documentation
13        and/or other materials provided with the distribution.
14    * Neither the name of the Science & Technology Facilities Council (STFC)
15        nor the names of its contributors may be used to endorse or promote
16        products derived from this software without specific prior written permission.
17
18THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
19AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
20THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
21PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
22BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
23OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
26OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
27OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28
29Created on 2 Nov 2012
30
31@author: mnagni
32'''
33
34from paste.auth.auth_tkt import AuthTicket
35from django.conf import settings
36from django.db.utils import DatabaseError
37from dj_security.exception import DSJOpenIDNotFoundError
38
39from userdb_model.models import User
40
41import socket
42import urlparse
43import logging
44from dj_security import auth_tkt_name, cookie_domain, shared_secret
45from django.http import HttpResponseRedirect
46
47# Get an instance of a logger
48LOGGER = logging.getLogger(__name__)
49
50class DJS_Middleware(object):
51    """
52        Validates if the actual user is authenticated agains a
53        given authentication service.
54        Actually the middleware intercepts all the requests submitted
55        to the underlying Django application and verifies if the presence
56        or not of a valid paste cookie in the request.
57    """           
58    __do_init = False
59   
60    def __init_app(self):
61        try:
62            setattr(settings, 'HOSTNAME', socket.gethostname())
63        except Exception:
64            setattr(settings, 'HOSTNAME', 'localhost')
65        from django.contrib.sites.models import Site
66        from django.db.utils import DatabaseError   
67        try:
68            site = Site()
69            site.name = getattr(settings, 'HOSTNAME')
70            site.domain = getattr(settings, 'HOSTNAME') \
71                + '/' + getattr(settings, 'APPLICATION_ROOT')
72            site.save()
73            #Sets the default site
74            setattr(settings, 'SITE_ID', site.pk)
75        except DatabaseError as ex:
76            print str(ex)
77   
78    def process_request(self, request):
79        if DJS_Middleware.__do_init:
80            self.__init_app()
81        request.registration_url = getattr(settings, "URL_REGISTRATION", None)
82       
83        if request.GET.has_key('registration'):
84            return HttpResponseRedirect(request.registration_url)
85        pass
86   
87    def process_response(self, request, response):
88        return response               
89
90def _calculate_remote_host(url_path):
91    remote_url = urlparse.urlparse(url_path)
92    LOGGER.debug("calculating remote_ip for %s" % (str(remote_url)))
93    port = 80
94    host = None
95    if remote_url.netloc:
96        host = remote_url.netloc
97    elif remote_url.path:
98        host = remote_url.path
99                   
100    if host is None:
101        return None
102   
103    if ':' in host:
104        return host.split(':')
105    else:
106        return host, '80'
107       
108   
109def _calculate_remote_ip(host, port):     
110    addrinfo = socket.getaddrinfo(host, int(port))
111    LOGGER.info("%s has remote_ip %s" % (host, addrinfo[0][-1][0]))                                 
112    return addrinfo[0][-1][0]
113
114def get_user_byuserkey(user_id):
115    """
116        Returns a tbusers row specified by `user_id`
117    - String **user_id**
118        a user
119    """
120    try:
121        return User.objects.get(userkey=user_id)
122    except DatabaseError as ex:
123        logging.error("Userkey: %s - Not Found" % user_id)
124        raise DSJOpenIDNotFoundError(ex)
125
126def _get_dataset_list(user):
127    """
128    Returns a list of current datasetids (resources) for the user from the userdb.
129    Add the special 'reguser' resource that all registered users get
130    """
131    #
132    # The following line can be used to get the datasets for another user (for testing)
133    #user = User.objects.get(userkey=xxx)
134
135    udjs = user.currentDatasets(filter_duplicates=True)
136   
137    datasets = ['reguser']
138   
139    for udj in udjs:
140        datasets.append(udj.datasetid.datasetid)
141   
142    datasets.sort()
143   
144    return datasets
145
146def _generate_auth_cookie(user, remote_ip, remote_host, response):
147
148    secret = shared_secret()
149   
150##    datasets = _get_dataset_list(user)
151   
152    token = AuthTicket(
153            secret,
154            user.accountid,
155            remote_ip,
156            user_data = '{"userkey": "%s", "accountid": "%s"}' % (user.userkey, getattr("user", "accountid", "NotAssigned")))
157                   
158    LOGGER.info("Created authTicket for %s from %s" % (user.accountid, remote_ip))
159
160    c_domain = cookie_domain(remote_host)
161    response.set_cookie(auth_tkt_name(),
162                        token.cookie_value(),
163                        domain = c_domain)
164    LOGGER.debug("Set authTicket in response for %s from %s to domain %s"
165                 % (user.accountid, remote_ip, remote_host))
166
167    return response
168
169def _encode_authenticated_response(request, response, redirect_to, user):
170     
171    remote_host, remote_port = _calculate_remote_host(redirect_to)
172
173    remote_addr = request.META.get("REMOTE_ADDR", "99.99.99.99")
174    remote_ip = _calculate_remote_ip(remote_host, remote_port)
175    LOGGER.info("Cookie IP REMOTE_ADDR: %s" % remote_addr)
176    LOGGER.info("responding to remote_ip: %s" % (remote_ip))     
177
178    return _generate_auth_cookie(user, remote_addr, remote_host, response)       
Note: See TracBrowser for help on using the repository browser.