Changeset 8683 for mauRepo

15/11/12 10:37:06 (7 years ago)

Fixes a blocking bug when the 'auth_tkt' is None

4 edited


  • mauRepo/dj_security_middleware/trunk/dj_security_middleware

    • Property svn:ignore

        old new  
  • mauRepo/dj_security_middleware/trunk/dj_security_middleware/README

    r8669 r8683  
    11Adds a layer to interact with a paste enabled, Django based, security service  
    22typically a dj_security app. 
    3 The dj_security_middleware.middleware.DJ_Security_Middleware checks if the  
    4 HTTP request contains a cookie called 'auth_tkt'. This cookie is set by the  
    5 authentication service using the paste module.  
    7 The configuration is quite straigthforward. In your Django app add: 
     4The dj_security_middleware.middleware.DJ_Security_Middleware checks two cases: 
     51) if the HTTP request contains a cookie called 'auth_tkt' 
     62) the underlying application defines a function returning a not None value  
     8If none of the previous is verified the middleware redirect the request to  
     11If the authentication succeeds the DJ_SECURITY_LOGIN_SERVICE sets the 'auth_tkt' cookie, 
     12which is caught by the middleware which: 
     13a) reads the informations in the cookie and copies them into the request  
     14'authenticated_user' parameter 
     15b) deletes the 'auth_tkt' cookie for security reasons. 
     16The request 'authenticated_user' parameter contains all the user information  
     17returned by the authentication service and from this moment the underlying  
     18application is responsible for them.  
     20The configuration is quite straightforward. In your Django app add: 
    9221) 'dj_security_middleware.middleware.DJ_Security_Middleware' to MIDDLEWARE_CLASSES 
    14273) DJ_SECURITY_SHAREDSECRET to specify the secret key used by the authentication  
    15 service to encrypt the 'auth_tkt' coookie (say 'sharedsecret') 
     28service to encrypt the 'auth_tkt' cookie (say 'sharedsecret') 
    17 4) DJ_MIDDLEWARE_IP (optional) to specify the client machine where the middleware is installed  
     304) DJ_SECURITY_AUTH_CHECK (optional) is a function which returns a boolean  
     31shall accept one parameter where the middleware will pass the HTTPRequest. 
     32If the function raises an exception, returns False or None the middleware forces 
     33the user to authenticate through the DJ_SECURITY_LOGIN_SERVICE. 
     34This functions may be usefull even in two further situations: 
     35a) enable/disable the middleware (an almost empty function which simply returns True/False) 
     36b) append to the HTTPRequest further, application related, parameters 
     39DJ_SECURITY_AUTH_CHECK = my_auth 
     41def my_auth(request): 
     42        return True 
     455) DJ_MIDDLEWARE_IP (optional) to specify the client machine where the middleware is installed  
    1846(say '123.456.7.8'). The reason for this is that the client machine could be behind  
    1947a proxy and in this case the authentication service uses the remote machine IP,  
  • mauRepo/dj_security_middleware/trunk/dj_security_middleware/dj_security_middleware/

    r8675 r8683  
    1 __version__ = '0.0.3' 
     1__version__ = '0.0.4' 
  • mauRepo/dj_security_middleware/trunk/dj_security_middleware/dj_security_middleware/

    r8675 r8683  
    3131@author: mnagni 
    33 from django.http import HttpResponseRedirect 
    3433from paste.auth import auth_tkt 
    3534from paste.auth.auth_tkt import BadTicket 
    3938from django.utils.html import escape 
    4039from django.utils.http import urlencode 
     40from django.http import HttpResponseRedirect 
     41import socket 
    4243import logging 
    6970    """     
    7071    def process_request(self, request): 
    71         if not settings.DJ_SECURITY_LOGIN_SERVICE: 
     72        if not getattr(settings, 'DJ_SECURITY_LOGIN_SERVICE', None): 
    7273            raise DJMiddlewareException(LOGIN_SERVICE_ERROR)   
    73         if not settings.DJ_SECURITY_SHAREDSECRET: 
    74             raise DJMiddlewareException(DJ_SECURITY_SHAREDSECRET_ERROR)         
     74        if not getattr(settings, 'DJ_SECURITY_SHAREDSECRET', None): 
     75            raise DJMiddlewareException(DJ_SECURITY_SHAREDSECRET_ERROR) 
     77        custom_auth = getattr(settings, 'DJ_SECURITY_AUTH_CHECK', None) 
     78        if custom_auth: 
     79            try: 
     80                if custom_auth(request): 
     81                    return 
     82            #Cannot specify the Exception type as don't know the 
     83            # exceptions type raised by custom_auth                   
     84            except Exception: 
     85                pass 
    7587        #if not settings.DJ_MIDDLEWARE_IP: 
    7688        #    raise DJMiddlewareException(DJ_MIDDLEWARE_IP_ERROR)         
    7890        try: 
    7991            timestamp, userid, tokens, user_data = _is_authenticated(request) 
    80         except (MissingCookieException, DJMiddlewareException):              
     92            request.authenticated_user = {'timestamp': timestamp, \ 
     93                                             'userid': userid, \ 
     94                                             'tokens': tokens, \ 
     95                                             'user_data': user_data} 
     96        except (MissingCookieException, DJMiddlewareException):         
    8197            url = '%s?%s' % (settings.DJ_SECURITY_LOGIN_SERVICE, _build_ret_url(request)) 
    82             return HttpResponseRedirect(url)         
     98            return HttpResponseRedirect(url) 
    84101def _build_ret_url(request): 
    98115        ** raise ** a DJ_SecurityException if the ticket is not valid 
    99116    """ 
    100     if request.COOKIES.has_key('auth_tkt'): 
     117    if 'auth_tkt' in request.COOKIES: 
    101118        try: 
    102119            return auth_tkt.parse_ticket( 
    103120                    settings.DJ_SECURITY_SHAREDSECRET,  
    104                     request.COOKIES['auth_tkt'], _get_host_ip()) 
     121                    getattr(request.COOKIES, 'auth_tkt', ''),  
     122                    _get_host_ip()) 
    105123        except BadTicket as ex: 
    106             raise DJMiddlewareException(ex)     
     124            raise DJMiddlewareException(ex) 
     125        finally: 
     126            request.COOKIES.pop('auth_tkt', None)  
    107127    raise MissingCookieException(AUTHENTICATION_COOKIE_MISSING) 
    109129def _get_hostname(): 
    110     import socket 
    111     ret = 'localhost' 
    112130    try: 
    113131        hostname = socket.gethostname() 
    114         ret = socket.gethostbyname_ex(hostname)[0] 
     132        return socket.gethostbyname_ex(hostname)[0] 
    115133    except Exception: 
    116         pass     
    117     return ret 
     134        return 'localhost'     
    119136def _get_host_ip(): 
    121138        return settings.DJ_MIDDLEWARE_IP 
    123     import urlparse 
    124     import socket 
    125140    remote_urls = socket.getaddrinfo(socket.gethostname(), None) 
    126141    for remote_url in remote_urls: 
Note: See TracChangeset for help on using the changeset viewer.