Changeset 8683


Ignore:
Timestamp:
15/11/12 10:37:06 (7 years ago)
Author:
mnagni
Message:

Fixes a blocking bug when the 'auth_tkt' is None

Location:
mauRepo/dj_security_middleware/trunk/dj_security_middleware
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • mauRepo/dj_security_middleware/trunk/dj_security_middleware

    • Property svn:ignore
      •  

        old new  
        22 
        33dist 
         4 
         5.settings 
         6 
         7.project 
         8 
         9.pydevproject 
  • mauRepo/dj_security_middleware/trunk/dj_security_middleware/README

    r8669 r8683  
    11Adds a layer to interact with a paste enabled, Django based, security service  
    22typically a dj_security app. 
    3 The dj_security_middleware.middleware.DJ_Security_Middleware checks if the  
    4 HTTP request contains a cookie called 'auth_tkt'. This cookie is set by the  
    5 authentication service using the paste module.  
    63 
    7 The configuration is quite straigthforward. In your Django app settings.py add: 
     4The dj_security_middleware.middleware.DJ_Security_Middleware checks two cases: 
     51) if the HTTP request contains a cookie called 'auth_tkt' 
     62) the underlying application defines a function returning a not None value  
     7(see DJ_SECURITY_AUTH_CHECK). 
     8If none of the previous is verified the middleware redirect the request to  
     9the DJ_SECURITY_LOGIN_SERVICE  
     10  
     11If the authentication succeeds the DJ_SECURITY_LOGIN_SERVICE sets the 'auth_tkt' cookie, 
     12which is caught by the middleware which: 
     13a) reads the informations in the cookie and copies them into the request  
     14'authenticated_user' parameter 
     15b) deletes the 'auth_tkt' cookie for security reasons. 
     16The request 'authenticated_user' parameter contains all the user information  
     17returned by the authentication service and from this moment the underlying  
     18application is responsible for them.  
     19 
     20The configuration is quite straightforward. In your Django app settings.py add: 
    821 
    9221) 'dj_security_middleware.middleware.DJ_Security_Middleware' to MIDDLEWARE_CLASSES 
     
    1326 
    14273) DJ_SECURITY_SHAREDSECRET to specify the secret key used by the authentication  
    15 service to encrypt the 'auth_tkt' coookie (say 'sharedsecret') 
     28service to encrypt the 'auth_tkt' cookie (say 'sharedsecret') 
    1629 
    17 4) DJ_MIDDLEWARE_IP (optional) to specify the client machine where the middleware is installed  
     304) DJ_SECURITY_AUTH_CHECK (optional) is a function which returns a boolean  
     31shall accept one parameter where the middleware will pass the HTTPRequest. 
     32If the function raises an exception, returns False or None the middleware forces 
     33the user to authenticate through the DJ_SECURITY_LOGIN_SERVICE. 
     34This functions may be usefull even in two further situations: 
     35a) enable/disable the middleware (an almost empty function which simply returns True/False) 
     36b) append to the HTTPRequest further, application related, parameters 
     37Example: 
     38--------------------------------  
     39DJ_SECURITY_AUTH_CHECK = my_auth 
     40 
     41def my_auth(request): 
     42        return True 
     43-------------------------------- 
     44 
     455) DJ_MIDDLEWARE_IP (optional) to specify the client machine where the middleware is installed  
    1846(say '123.456.7.8'). The reason for this is that the client machine could be behind  
    1947a proxy and in this case the authentication service uses the remote machine IP,  
  • mauRepo/dj_security_middleware/trunk/dj_security_middleware/dj_security_middleware/__init__.py

    r8675 r8683  
    1 __version__ = '0.0.3' 
     1__version__ = '0.0.4' 
  • mauRepo/dj_security_middleware/trunk/dj_security_middleware/dj_security_middleware/middleware.py

    r8675 r8683  
    3131@author: mnagni 
    3232''' 
    33 from django.http import HttpResponseRedirect 
    3433from paste.auth import auth_tkt 
    3534from paste.auth.auth_tkt import BadTicket 
     
    3938from django.utils.html import escape 
    4039from django.utils.http import urlencode 
     40from django.http import HttpResponseRedirect 
     41import socket 
    4142 
    4243import logging 
     
    6970    """     
    7071    def process_request(self, request): 
    71         if not settings.DJ_SECURITY_LOGIN_SERVICE: 
     72        if not getattr(settings, 'DJ_SECURITY_LOGIN_SERVICE', None): 
    7273            raise DJMiddlewareException(LOGIN_SERVICE_ERROR)   
    73         if not settings.DJ_SECURITY_SHAREDSECRET: 
    74             raise DJMiddlewareException(DJ_SECURITY_SHAREDSECRET_ERROR)         
     74        if not getattr(settings, 'DJ_SECURITY_SHAREDSECRET', None): 
     75            raise DJMiddlewareException(DJ_SECURITY_SHAREDSECRET_ERROR) 
     76         
     77        custom_auth = getattr(settings, 'DJ_SECURITY_AUTH_CHECK', None) 
     78        if custom_auth: 
     79            try: 
     80                if custom_auth(request): 
     81                    return 
     82            #Cannot specify the Exception type as don't know the 
     83            # exceptions type raised by custom_auth                   
     84            except Exception: 
     85                pass 
     86         
    7587        #if not settings.DJ_MIDDLEWARE_IP: 
    7688        #    raise DJMiddlewareException(DJ_MIDDLEWARE_IP_ERROR)         
     
    7890        try: 
    7991            timestamp, userid, tokens, user_data = _is_authenticated(request) 
    80         except (MissingCookieException, DJMiddlewareException):              
     92            request.authenticated_user = {'timestamp': timestamp, \ 
     93                                             'userid': userid, \ 
     94                                             'tokens': tokens, \ 
     95                                             'user_data': user_data} 
     96        except (MissingCookieException, DJMiddlewareException):         
    8197            url = '%s?%s' % (settings.DJ_SECURITY_LOGIN_SERVICE, _build_ret_url(request)) 
    82             return HttpResponseRedirect(url)         
     98            return HttpResponseRedirect(url) 
     99             
    83100 
    84101def _build_ret_url(request): 
     
    98115        ** raise ** a DJ_SecurityException if the ticket is not valid 
    99116    """ 
    100     if request.COOKIES.has_key('auth_tkt'): 
     117    if 'auth_tkt' in request.COOKIES: 
    101118        try: 
    102119            return auth_tkt.parse_ticket( 
    103120                    settings.DJ_SECURITY_SHAREDSECRET,  
    104                     request.COOKIES['auth_tkt'], _get_host_ip()) 
     121                    getattr(request.COOKIES, 'auth_tkt', ''),  
     122                    _get_host_ip()) 
    105123        except BadTicket as ex: 
    106             raise DJMiddlewareException(ex)     
     124            raise DJMiddlewareException(ex) 
     125        finally: 
     126            request.COOKIES.pop('auth_tkt', None)  
    107127    raise MissingCookieException(AUTHENTICATION_COOKIE_MISSING) 
    108128 
    109129def _get_hostname(): 
    110     import socket 
    111     ret = 'localhost' 
    112130    try: 
    113131        hostname = socket.gethostname() 
    114         ret = socket.gethostbyname_ex(hostname)[0] 
     132        return socket.gethostbyname_ex(hostname)[0] 
    115133    except Exception: 
    116         pass     
    117     return ret 
     134        return 'localhost'     
    118135     
    119136def _get_host_ip(): 
     
    121138        return settings.DJ_MIDDLEWARE_IP 
    122139         
    123     import urlparse 
    124     import socket 
    125140    remote_urls = socket.getaddrinfo(socket.gethostname(), None) 
    126141    for remote_url in remote_urls: 
Note: See TracChangeset for help on using the changeset viewer.