source: mauRepo/dj_security/trunk/dj_security/middleware.py @ 8690

'''
BSD Licence
Copyright (c) 2012, Science & Technology Facilities Council (STFC)
All rights reserved.

Redistribution and use in source and binary forms, with or without modification, 
are permitted provided that the following conditions are met:

    * Redistributions of source code must retain the above copyright notice, 
        this list of conditions and the following disclaimer.
    * Redistributions in binary form must reproduce the above copyright notice,
        this list of conditions and the following disclaimer in the documentation
        and/or other materials provided with the distribution.
    * Neither the name of the Science & Technology Facilities Council (STFC) 
        nor the names of its contributors may be used to endorse or promote 
        products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, 
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Created on 2 Nov 2012

@author: mnagni
'''
from paste.auth.auth_tkt import AuthTicket
from django.conf import settings
import socket
import urlparse 

import logging

# Get an instance of a logger
LOGGER = logging.getLogger(__name__)

class DJ_Security_Middleware(object):
    """
        Validates if the actual user is authenticated agains a 
        given authentication service.
        Actually the middleware intercepts all the requests submitted 
        to the underlying Django application and verifies if the presence 
        or not of a valid paste cookie in the request.
    """            
    def process_response(self, request, response):
        # 'auth_user' is set by the dj_security_login 
        # module after a succesfull authentication
        if not request.POST.get('username', None) \
                or not getattr(request, 'auth_user', False):
            return response
                
        remote_ip = _calculate_remote_ip(request.GET.get('r'))
        LOGGER.debug("responding to remote_ip: %s" % (remote_ip))      
        username = request.POST.get('username')
        token = AuthTicket(
                    getattr(settings, 'SHARED_SECRET', 'sharedsecret'), 
                    username, 
                    remote_ip, 
                    user_data = getattr(request, 'auth_user', ''))                
        LOGGER.debug("Created authTicket for %s from %s" % (username, remote_ip))
        response.set_cookie('auth_tkt', 
                            token.cookie_value(), 
                            domain = getattr(settings, 'COOKIE_DOMAIN', None))
        LOGGER.debug("Set authTicket in response for %s from %s" % (username, remote_ip))
        return response
    
def _calculate_remote_ip(url_path):   
    remote_url = urlparse.urlparse(url_path)
    LOGGER.debug("calculating remote_ip for %s" % (str(remote_url)))
    port = 80
    host = remote_url.netloc
    if remote_url.netloc:
        if ':' in remote_url.netloc:
            host, port = remote_url.netloc.split(':')
        addrinfo = socket.getaddrinfo(host, int(port))
        LOGGER.debug("%s has remote_ip %s" % (url_path, addrinfo[0][-1][0]))                                 
        return addrinfo[0][-1][0]
    return None