source: mauRepo/dj_security/trunk/dj_security/middleware.py @ 8740

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/mauRepo/dj_security/trunk/dj_security/middleware.py@8740
Revision 8740, 6.6 KB checked in by mnagni, 7 years ago (diff)

Incomplete - # 22698: [CEDA Site Python Port] MyCEDA Login needs to be more user-friendly
 http://team.ceda.ac.uk/trac/ceda/ticket/22698

  • Property svn:mime-type set to text/plain
Line 
1'''
2BSD Licence
3Copyright (c) 2012, Science & Technology Facilities Council (STFC)
4All rights reserved.
5
6Redistribution and use in source and binary forms, with or without modification,
7are permitted provided that the following conditions are met:
8
9    * Redistributions of source code must retain the above copyright notice,
10        this list of conditions and the following disclaimer.
11    * Redistributions in binary form must reproduce the above copyright notice,
12        this list of conditions and the following disclaimer in the documentation
13        and/or other materials provided with the distribution.
14    * Neither the name of the Science & Technology Facilities Council (STFC)
15        nor the names of its contributors may be used to endorse or promote
16        products derived from this software without specific prior written permission.
17
18THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
19AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
20THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
21PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
22BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
23OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
26OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
27OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28
29Created on 2 Nov 2012
30
31@author: mnagni
32'''
33from paste.auth.auth_tkt import AuthTicket
34from django.conf import settings
35from django.db.utils import DatabaseError
36from dj_security.exception import DSJOpenIDNotFoundError, DJSException
37
38from userdb_model.models import User
39
40import socket
41import urlparse
42import base64
43import logging
44from django.contrib.auth import SESSION_KEY
45
46# Get an instance of a logger
47LOGGER = logging.getLogger(__name__)
48
49class DJS_Middleware(object):
50    """
51        Validates if the actual user is authenticated agains a
52        given authentication service.
53        Actually the middleware intercepts all the requests submitted
54        to the underlying Django application and verifies if the presence
55        or not of a valid paste cookie in the request.
56    """           
57    __do_init = False
58   
59    def __init_app(self):
60        try:
61            setattr(settings, 'HOSTNAME', socket.gethostname())
62        except Exception:
63            setattr(settings, 'HOSTNAME', 'localhost')
64        from django.contrib.sites.models import Site
65        from django.db.utils import DatabaseError   
66        try:
67            site = Site()
68            site.name = getattr(settings, 'HOSTNAME')
69            site.domain = getattr(settings, 'HOSTNAME') \
70                + '/' + getattr(settings, 'APPLICATION_ROOT')
71            site.save()
72            #Sets the default site
73            setattr(settings, 'SITE_ID', site.pk)
74        except DatabaseError as ex:
75            print str(ex)
76   
77    def process_request(self, request):
78        if DJS_Middleware.__do_init:
79            self.__init_app()
80        pass
81   
82    def process_response(self, request, response):
83        LOGGER.debug("responding to request.path: %s" % (request.path))
84        session = getattr(request, 'session', None)
85       
86        if not session:       
87            return response
88       
89        if request.GET.get('r') and getattr(request, 'session', None):
90            request.session['r'] = request.GET.get('r')
91       
92        if request.path.endswith('account/register/') or request.path.endswith('accounts/profile/'):
93            return _encode_authenticated_response(request, response)
94       
95        return response
96       
97   
98def _calculate_remote_ip(url_path):   
99    remote_url = urlparse.urlparse(url_path)
100    LOGGER.debug("calculating remote_ip for %s" % (str(remote_url)))
101    port = 80
102    host = None
103    if remote_url.netloc:
104        host = remote_url.netloc
105    elif remote_url.path:
106        host = remote_url.path
107       
108    if not host:
109        return None
110   
111    if ':' in host:
112        host, port = host.split(':')
113    addrinfo = socket.getaddrinfo(host, int(port))
114    LOGGER.info("%s has remote_ip %s" % (url_path, addrinfo[0][-1][0]))                                 
115    return addrinfo[0][-1][0]
116
117def get_user_byuserkey(user_id):
118    """
119        Returns a tbusers row specified by `user_id`
120    - String **user_id**
121        a user
122    """
123    try:
124        return User.objects.get(userkey=user_id)
125    except DatabaseError as ex:
126        logging.error("Userkey: %s - Not Found" % user_id)
127        raise DSJOpenIDNotFoundError(ex)
128
129def _get_path_to_host(request, force_path = None):
130    host = request.environ.get('HTTP_HOST')
131    if not host:
132        host = ''.join([request.environ['SERVER_HOST'],
133                        ':' ,
134                        request.environ['SERVER_PORT']])
135   
136    if force_path:
137        return base64.b64encode(''.join(['http://',
138                                      host, '/',
139                                      force_path]))
140       
141    return base64.b64encode(''.join(['http://',
142                                      host, '/',
143                                      request.path]))
144
145def _encode_authenticated_response(request, response):
146    def_r = _get_path_to_host(request)
147    remote_url = request.session.get('r', def_r)
148   
149    if not remote_url:
150        raise DJSException('Missing url where redirect logged in user')
151   
152    remote_ip = _calculate_remote_ip(base64.b64decode(remote_url))
153    LOGGER.info("responding to remote_ip: %s" % (remote_ip))     
154    user = get_user_byuserkey(request.session[SESSION_KEY])
155   
156    ''' 
157    if request.session.has_key('openid'):
158        username = request.session.get('openid').openid
159        request.user = get_user_byopenid(username)
160    elif hasattr(request, 'user'):
161    '''   
162   
163    token = AuthTicket(
164                getattr(settings, 'SHARED_SECRET', 'sharedsecret'),
165                user.accountid,
166                remote_ip,
167                user_data = '{"userkey": "%s", "accountid": "%s"}'
168                % (user.userkey, getattr("user", "accountid", "NotAssigned")))               
169    LOGGER.info("Created authTicket for %s from %s" % (user.accountid, remote_ip))
170    idomain = getattr(settings, 'COOKIE_DOMAIN', None)
171    response.set_cookie('auth_tkt',
172                        token.cookie_value(),
173                        domain = idomain)
174    LOGGER.debug("Set authTicket in response for %s from %s to domain %s"
175                 % (user.accountid, remote_ip, idomain))
176    return response
Note: See TracBrowser for help on using the repository browser.