source: mauRepo/dj_security_middleware/trunk/dj_security_middleware/dj_security_middleware/middleware.py @ 8683

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/mauRepo/dj_security_middleware/trunk/dj_security_middleware/dj_security_middleware/middleware.py@8683
Revision 8683, 6.0 KB checked in by mnagni, 7 years ago (diff)

Fixes a blocking bug when the 'auth_tkt' is None

  • Property svn:mime-type set to text/plain
Line 
1'''
2BSD Licence
3Copyright (c) 2012, Science & Technology Facilities Council (STFC)
4All rights reserved.
5
6Redistribution and use in source and binary forms, with or without modification,
7are permitted provided that the following conditions are met:
8
9    * Redistributions of source code must retain the above copyright notice,
10        this list of conditions and the following disclaimer.
11    * Redistributions in binary form must reproduce the above copyright notice,
12        this list of conditions and the following disclaimer in the documentation
13        and/or other materials provided with the distribution.
14    * Neither the name of the Science & Technology Facilities Council (STFC)
15        nor the names of its contributors may be used to endorse or promote
16        products derived from this software without specific prior written permission.
17
18THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
19AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
20THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
21PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
22BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
23OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
26OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
27OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28
29Created on 2 Nov 2012
30
31@author: mnagni
32'''
33from paste.auth import auth_tkt
34from paste.auth.auth_tkt import BadTicket
35from django.conf import settings
36from dj_security_middleware.exception import DJMiddlewareException,\
37    MissingCookieException
38from django.utils.html import escape
39from django.utils.http import urlencode
40from django.http import HttpResponseRedirect
41import socket
42
43import logging
44
45# Get an instance of a logger
46logger = logging.getLogger(__name__)
47
48LOGIN_SERVICE_ERROR = 'No LOGIN_SETTING parameter is defined in the \
49application settings.py file. Please define a proper URL to the \
50authenticating service'
51
52DJ_SECURITY_SHAREDSECRET_ERROR = 'No DJ_SECURITY_SHAREDSECRET parameter \
53is defined in the application settings.py file. \
54Please define it accordingly to the used LOGIN_SERVICE'
55
56AUTHENTICATION_COOKIE_MISSING = 'The expected cookie is missing. \
57Redirect to the authentication service'
58
59DJ_MIDDLEWARE_IP_ERROR = 'No DJ_MIDDLEWARE_IP parameter \
60is defined in the application settings.py file. \
61Please define it accordingly to the machine/proxy seen by the LOGIN_SERVICE'
62
63class DJ_Security_Middleware(object):
64    """
65        Validates if the actual user is authenticated agains a
66        given authentication service.
67        Actually the middleware intercepts all the requests submitted
68        to the underlying Django application and verifies if the presence
69        or not of a valid paste cookie in the request.
70    """   
71    def process_request(self, request):
72        if not getattr(settings, 'DJ_SECURITY_LOGIN_SERVICE', None):
73            raise DJMiddlewareException(LOGIN_SERVICE_ERROR) 
74        if not getattr(settings, 'DJ_SECURITY_SHAREDSECRET', None):
75            raise DJMiddlewareException(DJ_SECURITY_SHAREDSECRET_ERROR)
76       
77        custom_auth = getattr(settings, 'DJ_SECURITY_AUTH_CHECK', None)
78        if custom_auth:
79            try:
80                if custom_auth(request):
81                    return
82            #Cannot specify the Exception type as don't know the
83            # exceptions type raised by custom_auth                 
84            except Exception:
85                pass
86       
87        #if not settings.DJ_MIDDLEWARE_IP:
88        #    raise DJMiddlewareException(DJ_MIDDLEWARE_IP_ERROR)       
89         
90        try:
91            timestamp, userid, tokens, user_data = _is_authenticated(request)
92            request.authenticated_user = {'timestamp': timestamp, \
93                                             'userid': userid, \
94                                             'tokens': tokens, \
95                                             'user_data': user_data}
96        except (MissingCookieException, DJMiddlewareException):       
97            url = '%s?%s' % (settings.DJ_SECURITY_LOGIN_SERVICE, _build_ret_url(request))
98            return HttpResponseRedirect(url)
99           
100
101def _build_ret_url(request):
102    hostname = _get_hostname()
103    if request.META['SERVER_PORT'] != 80:
104        hostname = "%s:%s" % (hostname, request.META['SERVER_PORT'])
105    qs = {}
106    qs['r'] = escape('http://%s%s' % (hostname, request.path))
107    return urlencode(qs)           
108
109def _is_authenticated(request):
110    """
111        Verifies the presence and validity of a paste cookie.
112        If the cookie is not present the request is redirected
113        to the url specified in LOGIN_SERVICE
114        ** Return ** a tuple containing (timestamp, userid, tokens, user_data)
115        ** raise ** a DJ_SecurityException if the ticket is not valid
116    """
117    if 'auth_tkt' in request.COOKIES:
118        try:
119            return auth_tkt.parse_ticket(
120                    settings.DJ_SECURITY_SHAREDSECRET,
121                    getattr(request.COOKIES, 'auth_tkt', ''),
122                    _get_host_ip())
123        except BadTicket as ex:
124            raise DJMiddlewareException(ex)
125        finally:
126            request.COOKIES.pop('auth_tkt', None)
127    raise MissingCookieException(AUTHENTICATION_COOKIE_MISSING)
128
129def _get_hostname():
130    try:
131        hostname = socket.gethostname()
132        return socket.gethostbyname_ex(hostname)[0]
133    except Exception:
134        return 'localhost'   
135   
136def _get_host_ip():
137    if getattr(settings, 'DJ_MIDDLEWARE_IP', None):
138        return settings.DJ_MIDDLEWARE_IP
139       
140    remote_urls = socket.getaddrinfo(socket.gethostname(), None)
141    for remote_url in remote_urls:
142        ret = remote_url[4][0]
143        if not ret.startswith('127'):
144            logger.debug("remote_url: %s" % (ret))
145            return ret
Note: See TracBrowser for help on using the repository browser.