Changeset 8680


Ignore:
Timestamp:
14/11/12 16:24:25 (7 years ago)
Author:
mnagni
Message:

Improved the encryption of the user data inside the returned auth_ticket.
Adds a FAKE_RESPONSE for developing purpose.

Location:
mauRepo/dj_security/trunk
Files:
1 added
6 edited

Legend:

Unmodified
Added
Removed
  • mauRepo/dj_security/trunk/README

    r8678 r8680  
    33response a cookie called 'auth_tkt' generated by the paste's authentication 
    44module. 
     5The application assume that a django.User model is used, as consequence inside 
     6the auth_tkt are encoded, inside the user_data parameter, information regarding  
     7the name, email, user/group roles, etc owned by the authenticated user.  
     8'user_data' has a JSON encoding format. 
    59 
    610In its default configuration it will reply to the incoming requests at path '/login'. 
     
    1620'HOST':     'DB_HOST', 
    1721'PORT':     'DB_PORT', 
    18 3) COOKIE_DOMAIN (optional): the domain where the auth_tkt will belong  
     223) NOT_ENCODE: the names in this list will be NOT encoded in the returned cookie 
     234) COOKIE_DOMAIN (optional): the domain where the auth_tkt will belong  
    1924[default = where dj_security is deployed] 
    20 4) REDIRECT_URL (optional): the parameter used by the client application 
     255) REDIRECT_URL (optional): the parameter used by the client application 
    2126to specify where redirect the user whenever the authentication succeed 
    2227[default = 'r']  
     286) FAKE_RESPONSE (optional): if set to 'True' returns a fake authentication cookies. 
     29Only for development purposes. 
    2330   
  • mauRepo/dj_security/trunk/dj_security

    • Property svn:ignore
      •  

        old new  
        11sqlite.db 
         2 
         3dev_settings.py 
  • mauRepo/dj_security/trunk/dj_security/middleware.py

    r8678 r8680  
    4848    """             
    4949    def process_response(self, request, response): 
    50         if not request.POST.get('username', None) or request.user.id == None: 
     50        # 'auth_user' is set by the dj_security_login  
     51        # module after a succesfull authentication 
     52        if not request.POST.get('username', None) \ 
     53                or not getattr(request, 'auth_user', False): 
    5154            return response 
    5255                 
     
    5760                    getattr(settings, 'SHARED_SECRET', 'sharedsecret'),  
    5861                    username,  
    59                     remote_ip) 
    60                  
     62                    remote_ip,  
     63                    user_data = getattr(request, 'auth_user', ''))                 
    6164        logger.info("Logging %s from %s" % (username, remote_ip)) 
    6265        response.set_cookie('auth_tkt',  
  • mauRepo/dj_security/trunk/dj_security/settings.py

    r8674 r8680  
    119119    'django.contrib.auth.middleware.AuthenticationMiddleware', 
    120120    'django.contrib.messages.middleware.MessageMiddleware', 
    121     'django_authopenid.middleware.OpenIDMiddleware', 
     121    #'django_authopenid.middleware.OpenIDMiddleware', 
    122122    'dj_security.middleware.DJ_Security_Middleware', 
    123123    # Uncomment the next line for simple clickjacking protection: 
     
    146146    'registration', 
    147147    'django.contrib.humanize', 
    148     'django_authopenid', 
     148    #'django_authopenid', 
    149149    'dj_security', 
    150150    # Uncomment the next line to enable the admin: 
     
    154154) 
    155155 
     156NOT_ENCODE = ['password', 'backend'] 
    156157SHARED_SECRET = 'sharedsecret'    
    157158APPLICATION_ROOT = 'PROJECT_NAME_PAR/' 
  • mauRepo/dj_security/trunk/dj_security/views/dj_security_login.py

    r8678 r8680  
    44@author: mnagni 
    55''' 
    6 from django.contrib.auth import authenticate, login 
     6from django.contrib.auth import authenticate 
    77from django.shortcuts import render_to_response 
    88from dj_security.login_form import LoginForm 
     
    1010from django.conf import settings 
    1111import logging 
     12from json.encoder import JSONEncoder 
     13from dj_security.encoder import SecurityEncoder 
    1214 
    1315# Get an instance of a logger 
     
    2830            username = request.POST['username'] 
    2931            password = request.POST['password'] 
    30             user = authenticate(username=username, password=password)             
     32            user = authenticate(username=username, password=password)              
    3133            if user is not None: 
    32                 if user.is_active: 
    33                     login(request, user) 
    34                     redirect_parameter = getattr(settings, 'REDIRECT_URL', 'r') 
    35                     context['redirect_url'] = request.GET.get(redirect_parameter, '') 
    36                     return render_to_response('logged_in.html', context)             
     34                if user.is_active:                     
     35                    context['user'] = SecurityEncoder().encode(user) 
     36                    request.auth_user = context['user'] 
     37                    return _encodeAuthenticatedResponse(request, context)          
    3738                else: 
    3839                    # Return a 'disabled account' error message 
     
    4748            return error_handle(request, context) 
    4849    else: 
     50        if getattr(settings, "FAKE_AUTHENTICATION", False): 
     51            context['user'] = '{"username": "mnagni", ' 
     52            '"first_name": "Maurizio", "last_name": "Nagni", ' 
     53            '"is_active": true, "email": "maurizio.nagni@stfc.ac.uk", ' 
     54            '"is_superuser": false, "is_staff": true, ' 
     55            '"last_login": "2012-10-18 11:05:28.700139+00:00", ' 
     56            '"date_joined": "2012-03-22 14:20:56+00:00", "id": 29, ' 
     57            '"permissions": "auth.add_user,proginfo.add_dataproduct, ' 
     58            'proginfo.change_programme, cedainfoapp.delete_vmrequest"}' 
     59            return _encodeAuthenticatedResponse(request, context)   
     60         
    4961        # An unbound form 
    5062        form = LoginForm()  
     
    5264        context.update(csrf(request)) 
    5365        return render_to_response('login.html', context) 
     66     
     67def _encodeAuthenticatedResponse(request, context): 
     68    redirect_parameter = getattr(settings, 'REDIRECT_URL', 'r') 
     69    context['redirect_url'] = request.GET.get(redirect_parameter, '') 
     70    return render_to_response('logged_in.html', context) 
  • mauRepo/dj_security/trunk/dj_security/views/my_profile.py

    r8666 r8680  
    44@author: mnagni 
    55''' 
    6 from dj_security.views.my_view import error_handle 
    76from dj_security.models import UserProfile 
    87from django.shortcuts import render_to_response 
     
    109from paste.auth import auth_tkt 
    1110from django.conf import settings 
     11from dj_security.views.dj_security_login import error_handle 
    1212 
    1313def get_user_profile(request): 
Note: See TracChangeset for help on using the changeset viewer.