Changeset 8736 for mauRepo


Ignore:
Timestamp:
22/03/13 15:57:16 (7 years ago)
Author:
mnagni
Message:

Complete - # 22686: [CEDA Site Python Port] Resource Registration - support for access to multiple resources
 http://team.ceda.ac.uk/trac/ceda/ticket/22686
Open - # 22698: [CEDA Site Python Port] MyCEDA Login needs to be more user-friendly
 http://team.ceda.ac.uk/trac/ceda/ticket/22686

Location:
mauRepo/dj_security/trunk
Files:
800 added
1 deleted
7 edited
1 moved

Legend:

Unmodified
Added
Removed
  • mauRepo/dj_security/trunk/dj_security/middleware.py

    r8715 r8736  
    3434from django.conf import settings 
    3535from django.db.utils import DatabaseError 
    36 from dj_security.exception import DSJOpenIDNotFoundError 
     36from dj_security.exception import DSJOpenIDNotFoundError, DJSException 
    3737 
    3838from userdb_model.models import User 
     
    4242import base64 
    4343import logging 
     44from django.contrib.auth import SESSION_KEY 
    4445 
    4546# Get an instance of a logger 
     
    5455        or not of a valid paste cookie in the request. 
    5556    """             
     57    __do_init = False 
     58     
     59    def __init_app(self): 
     60        try: 
     61            setattr(settings, 'HOSTNAME', socket.gethostname()) 
     62        except Exception: 
     63            setattr(settings, 'HOSTNAME', 'localhost') 
     64        from django.contrib.sites.models import Site  
     65        from django.db.utils import DatabaseError    
     66        try: 
     67            site = Site() 
     68            site.name = getattr(settings, 'HOSTNAME') 
     69            site.domain = getattr(settings, 'HOSTNAME') \ 
     70                + '/' + getattr(settings, 'APPLICATION_ROOT') 
     71            site.save() 
     72            #Sets the default site 
     73            setattr(settings, 'SITE_ID', site.pk) 
     74        except DatabaseError as ex: 
     75            print str(ex) 
    5676     
    5777    def process_request(self, request): 
     78        if DJS_Middleware.__do_init: 
     79            self.__init_app()  
    5880        pass 
    5981     
     
    6789        if request.GET.get('r') and getattr(request, 'session', None): 
    6890            request.session['r'] = request.GET.get('r') 
     91        else: 
     92            request.session['r'] =  _get_path_to_host(request, force_path='local_logged_in') 
    6993 
    70         if request.path.endswith('account/register/'): 
     94        if request.path.endswith('account/register/') or request.path.endswith('accounts/profile/'): 
    7195            return _encode_authenticated_response(request, response) 
    7296         
     
    93117    return addrinfo[0][-1][0] 
    94118 
    95 def get_user_byopenid(openid): 
     119def get_user_byuserkey(user_id): 
    96120    """ 
    97         Returns a tbusers row specified by `openid` 
    98     - String **userkey** 
     121        Returns a tbusers row specified by `user_id` 
     122    - String **user_id** 
    99123        a user 
    100124    """ 
    101125    try: 
    102         return User.objects.get(openid=openid) 
     126        return User.objects.get(userkey=user_id) 
    103127    except DatabaseError as ex: 
    104         logging.error("Openid: %s - Not Found" % openid) 
    105         raise DSJOpenIDNotFoundError(ex)   
     128        logging.error("Userkey: %s - Not Found" % user_id) 
     129        raise DSJOpenIDNotFoundError(ex) 
     130 
     131def _get_path_to_host(request, force_path = None): 
     132    host = request.environ.get('HTTP_HOST') 
     133    if not host: 
     134        host = ''.join([request.environ['SERVER_HOST'],  
     135                        ':' ,  
     136                        request.environ['SERVER_PORT']]) 
     137     
     138    if force_path: 
     139        return base64.b64encode(''.join(['http://',  
     140                                      host,  
     141                                      force_path])) 
     142         
     143    return base64.b64encode(''.join(['http://',  
     144                                      host,  
     145                                      request.path])) 
    106146 
    107147def _encode_authenticated_response(request, response): 
    108     remote_ip = _calculate_remote_ip(base64.b64decode( 
    109                                       request.session.get('r'))) 
    110     LOGGER.info("responding to remote_ip: %s" % (remote_ip))  
    111     username = request.session.get('openid').openid 
    112     user = get_user_byopenid(username) 
     148    def_r = _get_path_to_host(request) 
     149    remote_url = request.session.get('r', def_r) 
     150     
     151    if not remote_url: 
     152        raise DJSException('Missing url where redirect logged in user') 
     153     
     154    remote_ip = _calculate_remote_ip(base64.b64decode(remote_url)) 
     155    LOGGER.info("responding to remote_ip: %s" % (remote_ip))       
     156    user = get_user_byuserkey(request.session[SESSION_KEY]) 
     157     
     158    '''   
     159    if request.session.has_key('openid'): 
     160        username = request.session.get('openid').openid 
     161        request.user = get_user_byopenid(username) 
     162    elif hasattr(request, 'user'): 
     163    '''     
    113164     
    114165    token = AuthTicket( 
    115166                getattr(settings, 'SHARED_SECRET', 'sharedsecret'),  
    116                 username,  
     167                user.accountid,  
    117168                remote_ip,  
    118169                user_data = '{"userkey": "%s", "accountid": "%s"}'  
    119170                % (user.userkey, getattr("user", "accountid", "NotAssigned")))                
    120     LOGGER.info("Created authTicket for %s from %s" % (username, remote_ip)) 
     171    LOGGER.info("Created authTicket for %s from %s" % (user.accountid, remote_ip)) 
    121172    idomain = getattr(settings, 'COOKIE_DOMAIN', None) 
    122173    response.set_cookie('auth_tkt',  
     
    124175                        domain = idomain) 
    125176    LOGGER.debug("Set authTicket in response for %s from %s to domain %s"  
    126                  % (username, remote_ip, idomain)) 
     177                 % (user.accountid, remote_ip, idomain)) 
    127178    return response 
  • mauRepo/dj_security/trunk/dj_security/settings.py

    r8734 r8736  
    1 # Django settings for mydjango_secapp project. 
    2 import os 
    3  
    4  
    5 def decode_relative_path(rel_path): 
    6     return os.path.join(os.path.dirname(__file__), rel_path).replace('\\', '/')   
    7  
    8 DEBUG = True 
    9 TEMPLATE_DEBUG = DEBUG 
    10  
     1###################### 
     2# MEZZANINE SETTINGS # 
     3###################### 
     4 
     5# The following settings are already defined with default values in 
     6# the ``defaults.py`` module within each of Mezzanine's apps, but are 
     7# common enough to be put here, commented out, for convenient 
     8# overriding. Please consult the settings documentation for a full list 
     9# of settings Mezzanine implements: 
     10# http://mezzanine.jupo.org/docs/configuration.html#default-settings 
     11 
     12# Controls the ordering and grouping of the admin menu. 
     13# 
     14# ADMIN_MENU_ORDER = ( 
     15#     ("Content", ("pages.Page", "blog.BlogPost", 
     16#        "generic.ThreadedComment", ("Media Library", "fb_browse"),)), 
     17#     ("Site", ("sites.Site", "redirects.Redirect", "conf.Setting")), 
     18#     ("Users", ("auth.User", "auth.Group",)), 
     19# ) 
     20 
     21# A three item sequence, each containing a sequence of template tags 
     22# used to render the admin dashboard. 
     23# 
     24# DASHBOARD_TAGS = ( 
     25#     ("blog_tags.quick_blog", "mezzanine_tags.app_list"), 
     26#     ("comment_tags.recent_comments",), 
     27#     ("mezzanine_tags.recent_actions",), 
     28# ) 
     29 
     30# A sequence of templates used by the ``page_menu`` template tag. Each 
     31# item in the sequence is a three item sequence, containing a unique ID 
     32# for the template, a label for the template, and the template path. 
     33# These templates are then available for selection when editing which 
     34# menus a page should appear in. Note that if a menu template is used 
     35# that doesn't appear in this setting, all pages will appear in it. 
     36 
     37# PAGE_MENU_TEMPLATES = ( 
     38#     (1, "Top navigation bar", "pages/menus/dropdown.html"), 
     39#     (2, "Left-hand tree", "pages/menus/tree.html"), 
     40#     (3, "Footer", "pages/menus/footer.html"), 
     41# ) 
     42 
     43# A sequence of fields that will be injected into Mezzanine's (or any 
     44# library's) models. Each item in the sequence is a four item sequence. 
     45# The first two items are the dotted path to the model and its field 
     46# name to be added, and the dotted path to the field class to use for 
     47# the field. The third and fourth items are a sequence of positional 
     48# args and a dictionary of keyword args, to use when creating the 
     49# field instance. When specifying the field class, the path 
     50# ``django.models.db.`` can be omitted for regular Django model fields. 
     51# 
     52# EXTRA_MODEL_FIELDS = ( 
     53#     ( 
     54#         # Dotted path to field. 
     55#         "mezzanine.blog.models.BlogPost.image", 
     56#         # Dotted path to field class. 
     57#         "somelib.fields.ImageField", 
     58#         # Positional args for field class. 
     59#         ("Image",), 
     60#         # Keyword args for field class. 
     61#         {"blank": True, "upload_to": "blog"}, 
     62#     ), 
     63#     # Example of adding a field to *all* of Mezzanine's content types: 
     64#     ( 
     65#         "mezzanine.pages.models.Page.another_field", 
     66#         "IntegerField", # 'django.db.models.' is implied if path is omitted. 
     67#         ("Another name",), 
     68#         {"blank": True, "default": 1}, 
     69#     ), 
     70# ) 
     71 
     72# Setting to turn on featured images for blog posts. Defaults to False. 
     73# 
     74# BLOG_USE_FEATURED_IMAGE = True 
     75 
     76# If True, the south application will be automatically added to the 
     77# INSTALLED_APPS setting. 
     78USE_SOUTH = True 
     79 
     80 
     81######################## 
     82# MAIN DJANGO SETTINGS # 
     83######################## 
     84 
     85# People who get code error notifications. 
     86# In the format (('Full Name', 'email@example.com'), 
     87#                ('Full Name', 'anotheremail@example.com')) 
    1188ADMINS = ( 
    12     # ('Your Name', 'your_email@example.com'), 
     89    ('Maurizio Nagni', 'maurizio.nagni@stfc.ac.uk'), 
    1390) 
    1491MANAGERS = ADMINS 
    15 JEEVES_URL = 'http://cidev1.jc.rl.ac.uk/dj_jeeves' 
    16  
    17 """ 
    18 DATABASES = { 
    19     'default': { 
    20         'ENGINE': 'django.db.backends.sqlite3',                  
    21         'NAME': decode_relative_path('.') + '/sqlite.db', 
    22         'USER': '',                     
    23         'PASSWORD': '',                       
    24         'HOST': '',                       
    25         'PORT': '', 
    26     } 
    27 } 
    28 """ 
    29  
    30 DATABASES = { 
    31     # This parameters are usually set during  
    32     # the deployment configuration process 
    33     'default': { 
    34         # Add 'postgresql_psycopg2', 'mysql', 'sqlite3' or 'oracle'.                 
    35         'ENGINE': 'DB_ENGINE',  
    36         # Or path to database file if using sqlite3. 
    37         'NAME': 'DB_NAME', 
    38         # Not used with sqlite3.                       
    39         'USER': 'DB_USER', 
    40         # Not used with sqlite3.                       
    41         'PASSWORD': 'DB_PASSWORD', 
    42         # Set to empty string for localhost. Not used with sqlite3.         
    43         'HOST': 'DB_HOST',                       
    44         # Set to empty string for default. Not used with sqlite3.         
    45         'PORT': 'DB_PORT',                       
    46     }  
    47 } 
    48  
    49  
    50 OPENID_AX = [ 
    51     'http://axschema.org/contact/email' 
    52 ]  
    53  
    5492 
    5593# Local time zone for this installation. Choices can be found here: 
    5694# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name 
    5795# although not all choices may be available on all operating systems. 
    58 # In a Windows environment this must be set to your system time zone. 
     96# On Unix systems, a value of None will cause Django to use the same 
     97# timezone as the operating system. 
     98# If running in a Windows environment this must be set to the same as your 
     99# system time zone. 
    59100TIME_ZONE = 'Europe/London' 
     101 
     102# If you set this to True, Django will use timezone-aware datetimes. 
     103USE_TZ = True 
    60104 
    61105# Language code for this installation. All choices can be found here: 
     
    63107LANGUAGE_CODE = 'en-gb' 
    64108 
     109# A boolean that turns on/off debug mode. When set to ``True``, stack traces 
     110# are displayed for error pages. Should always be set to ``False`` in 
     111# production. Best set to ``True`` in local_settings.py 
     112DEBUG = False 
     113 
     114# Whether a user's session cookie expires when the Web browser is closed. 
     115SESSION_EXPIRE_AT_BROWSER_CLOSE = True 
     116 
    65117SITE_ID = 1 
     118 
     119SITE_PREFIX = '' 
    66120 
    67121# If you set this to False, Django will make some optimizations so as not 
    68122# to load the internationalization machinery. 
    69 USE_I18N = True 
    70  
    71 # If you set this to False, Django will not format dates, numbers and 
    72 # calendars according to the current locale. 
    73 USE_L10N = True 
    74  
    75 # If you set this to False, Django will not use timezone-aware datetimes. 
    76 USE_TZ = True 
    77  
    78 # Absolute filesystem path to the directory that will hold user-uploaded files. 
    79 # Example: "/home/media/media.lawrence.com/media/" 
    80 MEDIA_ROOT = '' 
    81  
    82 # URL that handles the media served from MEDIA_ROOT. Make sure to use a 
    83 # trailing slash. 
    84 # Examples: "http://media.lawrence.com/media/", "http://example.com/media/" 
    85 MEDIA_URL = '' 
     123USE_I18N = False 
     124 
     125# Make this unique, and don't share it with anybody. 
     126SECRET_KEY = "26192b77-eb5c-4b91-8f38-dad220fbe2c0ce26b7cb-5630-4e46-9204-d5b4484d76af72a57e13-a680-421f-89af-0df2f355e1fb" 
     127 
     128# Tuple of IP addresses, as strings, that: 
     129#   * See debug comments, when DEBUG is true 
     130#   * Receive x-headers 
     131INTERNAL_IPS = ("127.0.0.1",) 
     132 
     133# List of callables that know how to import templates from various sources. 
     134TEMPLATE_LOADERS = ( 
     135    "django.template.loaders.filesystem.Loader", 
     136    "django.template.loaders.app_directories.Loader", 
     137) 
     138 
     139AUTHENTICATION_BACKENDS = ("mezzanine.core.auth_backends.MezzanineBackend",) 
     140 
     141# List of finder classes that know how to find static files in 
     142# various locations. 
     143STATICFILES_FINDERS = ( 
     144    "django.contrib.staticfiles.finders.FileSystemFinder", 
     145    "django.contrib.staticfiles.finders.AppDirectoriesFinder", 
     146#    'django.contrib.staticfiles.finders.DefaultStorageFinder', 
     147) 
     148 
     149 
     150############# 
     151# DATABASES # 
     152############# 
     153 
     154DATABASES = { 
     155    'default': { 
     156        'ENGINE': 'django.db.backends.sqlite3', # Add 'postgresql_psycopg2', 'postgresql', 'mysql', 'sqlite3' or 'oracle'. 
     157        'NAME': '',                      # Or path to database file if using sqlite3. 
     158        'USER': '',                      # Not used with sqlite3. 
     159        'PASSWORD': '',                  # Not used with sqlite3. 
     160        'HOST': '',                      # Set to empty string for localhost. Not used with sqlite3. 
     161        'PORT': '',                      # Set to empty string for default. Not used with sqlite3. 
     162    }, 
     163} 
     164 
     165######### 
     166# PATHS # 
     167######### 
     168 
     169import os 
     170 
     171# Full filesystem path to the project. 
     172PROJECT_ROOT = os.path.dirname(os.path.abspath(__file__)) 
     173 
     174# Name of the directory for the project. 
     175PROJECT_DIRNAME = PROJECT_ROOT.split(os.sep)[-1] 
     176 
     177# Every cache key will get prefixed with this value - here we set it to 
     178# the name of the directory the project is in to try and use something 
     179# project specific. 
     180CACHE_MIDDLEWARE_KEY_PREFIX = PROJECT_DIRNAME 
     181 
     182# URL prefix for static files. 
     183# Example: "http://media.lawrence.com/static/" 
     184STATIC_URL = "/static/" 
    86185 
    87186# Absolute path to the directory static files should be collected to. 
     
    89188# in apps' "static/" subdirectories and in STATICFILES_DIRS. 
    90189# Example: "/home/media/media.lawrence.com/static/" 
    91 STATIC_ROOT = '/static' 
    92  
    93 # URL prefix for static files. 
    94 # Example: "http://media.lawrence.com/static/" 
    95 STATIC_URL = '/static/' 
    96  
    97 # Additional locations of static files 
    98 STATICFILES_DIRS = ( 
    99     # Put strings here, like "/home/html/static" or "C:/www/django/static". 
    100     # Always use forward slashes, even on Windows. 
    101     # Don't forget to use absolute paths, not relative paths. 
    102 ) 
    103  
    104 # List of finder classes that know how to find static files in 
    105 # various locations. 
    106 STATICFILES_FINDERS = ( 
    107     'django.contrib.staticfiles.finders.FileSystemFinder', 
    108     'django.contrib.staticfiles.finders.AppDirectoriesFinder', 
    109 #    'django.contrib.staticfiles.finders.DefaultStorageFinder', 
    110 ) 
    111  
    112 # Make this unique, and don't share it with anybody. 
    113 SECRET_KEY = '=+l)#o$ugq4pc14*$08q5gw(&0@nns@gm&2f=bx0_*jc1+y%w1' 
    114  
    115 # List of callables that know how to import templates from various sources. 
    116 TEMPLATE_LOADERS = ( 
    117     'django.template.loaders.filesystem.Loader', 
    118     'django.template.loaders.app_directories.Loader', 
    119 #     'django.template.loaders.eggs.Loader', 
    120 ) 
    121  
     190STATIC_ROOT = os.path.join(PROJECT_ROOT, STATIC_URL.strip("/")) 
     191 
     192# URL that handles the media served from MEDIA_ROOT. Make sure to use a 
     193# trailing slash. 
     194# Examples: "http://media.lawrence.com/media/", "http://example.com/media/" 
     195MEDIA_URL = STATIC_URL + "media/" 
     196 
     197# Absolute filesystem path to the directory that will hold user-uploaded files. 
     198# Example: "/home/media/media.lawrence.com/media/" 
     199MEDIA_ROOT = os.path.join(PROJECT_ROOT, *MEDIA_URL.strip("/").split("/")) 
     200 
     201# URL prefix for admin media -- CSS, JavaScript and images. Make sure to use a 
     202# trailing slash. 
     203# Examples: "http://foo.com/media/", "/media/". 
     204ADMIN_MEDIA_PREFIX = STATIC_URL + "grappelli/" 
     205 
     206# Package/module name to import the root urlpatterns from for the project. 
     207ROOT_URLCONF = "%s.urls" % PROJECT_DIRNAME 
     208 
     209# Put strings here, like "/home/html/django_templates" 
     210# or "C:/www/django/templates". 
     211# Always use forward slashes, even on Windows. 
     212# Don't forget to use absolute paths, not relative paths. 
     213TEMPLATE_DIRS = (os.path.join(PROJECT_ROOT, "templates"),) 
     214 
     215 
     216################ 
     217# APPLICATIONS # 
     218################ 
     219INSTALLED_APPS = ( 
     220    "cedatheme_mf54", 
     221    "django.contrib.admin", 
     222    "django.contrib.auth", 
     223    "django.contrib.contenttypes", 
     224    "django.contrib.redirects", 
     225    "django.contrib.sessions", 
     226    "django.contrib.sites", 
     227    "django.contrib.sitemaps", 
     228    "django.contrib.staticfiles", 
     229    'django.contrib.messages', 
     230    'django.contrib.humanize', 
     231    'registration',     
     232    'django_authopenid',         
     233    "mezzanine.boot", 
     234    "mezzanine.conf", 
     235    "mezzanine.core", 
     236    "mezzanine.generic", 
     237    "mezzanine.blog", 
     238    "mezzanine.forms", 
     239    "mezzanine.pages", 
     240    "mezzanine.galleries", 
     241    "mezzanine.twitter", 
     242    "dj_security", 
     243    #"mezzanine.accounts", 
     244    #"mezzanine.mobile", 
     245) 
     246 
     247# List of processors used by RequestContext to populate the context. 
     248# Each one should be a callable that takes the request object as its 
     249# only parameter and returns a dictionary to add to the context. 
     250TEMPLATE_CONTEXT_PROCESSORS = ( 
     251    "django.contrib.auth.context_processors.auth", 
     252    "django.contrib.messages.context_processors.messages", 
     253    "django.core.context_processors.debug", 
     254    "django.core.context_processors.i18n", 
     255    "django.core.context_processors.static", 
     256    "django.core.context_processors.media", 
     257    "django.core.context_processors.request", 
     258    "django.core.context_processors.tz", 
     259    'django_authopenid.context_processors.authopenid',     
     260    "mezzanine.conf.context_processors.settings",     
     261) 
     262 
     263# List of middleware classes to use. Order is important; in the request phase, 
     264# these middleware classes will be applied in the order given, and in the 
     265# response phase the middleware will be applied in reverse order. 
    122266MIDDLEWARE_CLASSES = ( 
    123     'django.middleware.common.CommonMiddleware', 
    124     'django.contrib.sessions.middleware.SessionMiddleware', 
    125     'django.middleware.csrf.CsrfViewMiddleware', 
    126     'django.contrib.auth.middleware.AuthenticationMiddleware', 
    127     'django.contrib.messages.middleware.MessageMiddleware', 
     267    "mezzanine.core.middleware.UpdateCacheMiddleware", 
     268    "django.contrib.sessions.middleware.SessionMiddleware", 
     269    "django.contrib.auth.middleware.AuthenticationMiddleware", 
     270    "django.contrib.redirects.middleware.RedirectFallbackMiddleware", 
     271    "django.middleware.common.CommonMiddleware", 
     272    "django.middleware.csrf.CsrfViewMiddleware", 
     273    "django.contrib.messages.middleware.MessageMiddleware", 
     274    "mezzanine.core.request.CurrentRequestMiddleware", 
     275    "mezzanine.core.middleware.TemplateForDeviceMiddleware", 
     276    "mezzanine.core.middleware.TemplateForHostMiddleware", 
     277    "mezzanine.core.middleware.AdminLoginInterfaceSelectorMiddleware", 
     278    "mezzanine.core.middleware.SitePermissionMiddleware", 
     279    # Uncomment the following if using any of the SSL settings: 
     280    # "mezzanine.core.middleware.SSLRedirectMiddleware", 
     281    "mezzanine.pages.middleware.PageMiddleware", 
     282    "mezzanine.core.middleware.FetchFromCacheMiddleware", 
    128283    'django_authopenid.middleware.OpenIDMiddleware', 
    129284    'dj_security.middleware.DJS_Middleware', 
    130     # Uncomment the next line for simple clickjacking protection: 
    131     # 'django.middleware.clickjacking.XFrameOptionsMiddleware', 
    132 ) 
    133  
    134 ROOT_URLCONF = 'dj_security.urls' 
    135  
    136 # Python dotted path to the WSGI application used by Django's runserver. 
    137 #WSGI_APPLICATION = 'dj_security.wsgi.application' 
    138  
    139 TEMPLATE_DIRS = ( 
    140     decode_relative_path('static/templates')  
    141     # Put strings here, like "/home/html/django_templates" or "C:/www/django/templates". 
    142     # Always use forward slashes, even on Windows. 
    143     # Don't forget to use absolute paths, not relative paths. 
    144 ) 
    145  
    146 INSTALLED_APPS = ( 
    147     'django.contrib.auth', 
    148     'django.contrib.contenttypes', 
    149     'django.contrib.sessions', 
    150     'django.contrib.sites', 
    151     'django.contrib.messages', 
    152     'django.contrib.staticfiles', 
    153     'registration', 
    154     'django.contrib.humanize', 
    155     'django_authopenid', 
    156     'dj_security', 
    157     # Uncomment the next line to enable the admin: 
    158     # 'django.contrib.admin', 
    159     # Uncomment the next line to enable admin documentation: 
    160     # 'django.contrib.admindocs', 
    161 ) 
    162  
    163 NOT_ENCODE = ['password', 'backend'] 
    164 SHARED_SECRET = 'sharedsecret'    
    165 APPLICATION_ROOT = 'PROJECT_NAME_PAR/' 
    166 if APPLICATION_ROOT.startswith('PROJECT_NAME_'): 
    167     APPLICATION_ROOT = '' 
    168 COOKIE_DOMAIN = 'COOKIE_DOMAIN_PAR' 
    169 if COOKIE_DOMAIN.startswith('COOKIE_DOMAIN_'): 
    170     COOKIE_DOMAIN = 'uk' 
    171      
    172 # One-week activation window; you may, of course, use a different value.     
    173 ACCOUNT_ACTIVATION_DAYS = 7  
    174  
    175 # Adds to the site framework the current machine  
    176 # where dj_security is deployed  
    177 import socket 
    178 try: 
    179     HOSTNAME = socket.gethostname() 
    180 except Exception: 
    181     HOSTNAME = 'localhost' 
    182 from django.contrib.sites.models import Site  
    183 from django.db.utils import DatabaseError    
    184 try: 
    185     site = Site() 
    186     site.name = HOSTNAME 
    187     site.domain = HOSTNAME + '/' + APPLICATION_ROOT 
    188     site.save() 
    189     #Sets the default site 
    190     SITE_ID = site.pk 
    191 except DatabaseError as ex: 
    192     print str(ex) 
    193  
    194  
    195  
    196 TEMPLATE_CONTEXT_PROCESSORS = ( 
    197     'django_authopenid.context_processors.authopenid', 
    198     'django.core.context_processors.i18n', 
    199 ) 
     285) 
     286 
     287# Store these package names here as they may change in the future since 
     288# at the moment we are using custom forks of them. 
     289PACKAGE_NAME_FILEBROWSER = "filebrowser_safe" 
     290PACKAGE_NAME_GRAPPELLI = "grappelli_safe" 
     291 
     292######################### 
     293# OPTIONAL APPLICATIONS # 
     294######################### 
     295 
     296# These will be added to ``INSTALLED_APPS``, only if available. 
     297OPTIONAL_APPS = ( 
     298    "debug_toolbar", 
     299    "django_extensions", 
     300    "compressor", 
     301    PACKAGE_NAME_FILEBROWSER, 
     302    PACKAGE_NAME_GRAPPELLI, 
     303) 
     304 
     305DEBUG_TOOLBAR_CONFIG = {"INTERCEPT_REDIRECTS": False} 
     306 
     307################### 
     308# DEPLOY SETTINGS # 
     309################### 
     310 
     311# These settings are used by the default fabfile.py provided. 
     312# Check fabfile.py for defaults. 
     313 
     314# FABRIC = { 
     315#     "SSH_USER": "", # SSH username 
     316#     "SSH_PASS":  "", # SSH password (consider key-based authentication) 
     317#     "SSH_KEY_PATH":  "", # Local path to SSH key file, for key-based auth 
     318#     "HOSTS": [], # List of hosts to deploy to 
     319#     "VIRTUALENV_HOME":  "", # Absolute remote path for virtualenvs 
     320#     "PROJECT_NAME": "", # Unique identifier for project 
     321#     "REQUIREMENTS_PATH": "", # Path to pip requirements, relative to project 
     322#     "GUNICORN_PORT": 8000, # Port gunicorn will listen on 
     323#     "LOCALE": "en_US.UTF-8", # Should end with ".UTF-8" 
     324#     "LIVE_HOSTNAME": "www.example.com", # Host for public site. 
     325#     "REPO_URL": "", # Git or Mercurial remote repo URL for the project 
     326#     "DB_PASS": "", # Live database password 
     327#     "ADMIN_PASS": "", # Live admin user password 
     328# } 
    200329 
    201330AUTH_PROFILE_MODULE = 'dj_security.UserProfile' 
     
    247376    } 
    248377} 
     378 
     379################## 
     380# LOCAL SETTINGS # 
     381################## 
     382 
     383# Allow any settings to be defined in local_settings.py which should be 
     384# ignored in your version control system allowing for settings to be 
     385# defined per machine. 
     386try: 
     387    from local_settings import * 
     388except ImportError: 
     389    pass 
     390 
     391 
     392#################### 
     393# DYNAMIC SETTINGS # 
     394#################### 
     395 
     396# set_dynamic_settings() will rewrite globals based on what has been 
     397# defined so far, in order to provide some better defaults where 
     398# applicable. We also allow this settings module to be imported 
     399# without Mezzanine installed, as the case may be when using the 
     400# fabfile, where setting the dynamic settings below isn't strictly 
     401# required. 
     402try: 
     403    from mezzanine.utils.conf import set_dynamic_settings 
     404except ImportError: 
     405    pass 
     406else: 
     407    set_dynamic_settings(globals()) 
  • mauRepo/dj_security/trunk/dj_security/templates/authopenid/base.html

    r8723 r8736  
    1 {% load ttags %} 
    2 {% load staticfiles %} 
    3 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> 
    4 <html xmlns="http://www.w3.org/1999/xhtml" lang="en"> 
    5  
    6 <!--  Version: Multiflex-5.4 / Overview                     --> 
    7 <!--  Type:    Design with sidebar                          --> 
    8 <!--  Date:    March 13, 2008                               --> 
    9 <!--  Design:  www.1234.info                                --> 
    10 <!--  License: Fully open source without restrictions.      --> 
    11 <!--           Please keep footer credits with the words    --> 
    12 <!--           "Design by 1234.info". Thank you!            --> 
    13  
    14     <head> 
    15         <meta http-equiv="Content-type" content="text/html; charset=utf-8" /> 
    16         <title></title> 
    17         <!--[if IE]> 
    18  
    19         <script> 
    20             // allow IE to recognize HTMl5 elements 
    21             document.createElement('section'); 
    22             document.createElement('article'); 
    23             document.createElement('aside'); 
    24             document.createElement('footer'); 
    25             document.createElement('header'); 
    26             document.createElement('nav'); 
    27             document.createElement('time'); 
    28  
    29         </script> 
    30         <![endif]--> 
    31         {% if request.is_secure %} 
    32         <meta http-equiv="X-XRDS-Location" content="https://{{ request.get_host }}{% url oid_xrdf %}" /> 
    33         {% else %} 
    34         <meta http-equiv="X-XRDS-Location" content="http://{{ request.get_host }}{% url oid_xrdf %}" />   
    35         {% endif %} 
    36  
    37                 <link rel="stylesheet" type="text/css" media="screen,projection,print" href="{% getsettings 'JEEVES_URL' %}/code/css/mf54_reset.css" /> 
    38         <link rel="stylesheet" type="text/css" media="screen,projection,print" href="{% getsettings 'JEEVES_URL' %}/code/css/mf54_grid_nosidebar.css" /> 
    39         <link rel="stylesheet" type="text/css" media="screen,projection,print" href="{% getsettings 'JEEVES_URL' %}/code/css/mf54_content_nosidebar.css" /> 
    40         {% block head %} 
    41         {% endblock %} 
    42     </head> 
    43     <body> 
    44   <div class="container" id=""> 
    45 <!-- A. HEADER -->          
    46     <div class="corner-page-top"></div>         
    47     <div class="header"> 
    48       <div class="header-top"> 
    49          
    50         <!-- A.1 SITENAME -->       
    51         <a class="sitelogo" href="http://www.ceda.ac.uk/" title="Home"></a> 
    52         <div class="sitename"> 
    53         </div> 
    54          
    55         <!-- <script type="text/javascript" src="{{ STATIC_URL }}admin/js/jquery.min.js"></script> --> 
    56  
    57         {% block extra_scripts %}{% endblock %} 
    58          
    59       </div> 
    60      </div> 
    61      <div class="corner-page-bottom"></div> 
    62       
    63      <!-- C. MAIN SECTION --> 
    64      <div class="corner-page-top"></div>            
    65      <div class="main">      
    66         <!-- C.1 CONTENT --> 
    67         <div class="content"> 
    68                 <!-- CONTENT CELL -->                                
    69                 <a id="anchor-heading-1"></a> 
    70                 <div class="corner-content-1col-top"></div>   
    71                 <div class="content-1col-nobox">                 
    72                 <h1> 
    73                                         Login 
    74                                 </h1> 
    75                                 <div class="content-1col-nobox"> 
    76                                         {% block content %}{% endblock %} 
    77                                 </div>       
    78                 </div> 
    79                 <div class="corner-content-1col-bottom"></div> 
    80                 </div>     
    81  
    82         <!-- D. FOOTER -->       
    83         <div class="footer"> 
    84           <a href="http://www.ncas.ac.uk"><img src="{% getsettings 'JEEVES_URL' %}/image/logos/ncas_logo_fullcolour.jpg" alt="NCAS logo" title="NCAS" align="left"/></a> 
    85           <a href="http://www.nceo.ac.uk"><img src="{% getsettings 'JEEVES_URL' %}/image/logos/nceo_logo.jpg" alt="NCEO logo" title="NCEO" align="right"/></a> 
    86           <p>Copyright &copy; 2011 STFC&nbsp;&nbsp;|&nbsp;&nbsp;All Rights Reserved</p> 
    87  
    88            
    89           <p class="credits">Original design by <a href="http://1234.info/" title="Designer Homepage">1234.info</a> | <a href="http://validator.w3.org/check?uri=referer" title="Validate XHTML code">XHTML 1.0</a> | <a href="http://jigsaw.w3.org/css-validator/" title="Validate CSS code">CSS 2.0</a> 
    90            | Powered by <a href="http://mezzanine.jupo.org">Mezzanine</a> | <a href="/set_device/mobile/?next=/data-centres/">View Mobile Site.</a></p> 
    91         </div> 
    92           
    93          <div class="corner-page-bottom"></div>           
    94     </div> 
    95          </div> 
    96     </body> 
    97 </html> 
     1{% extends "base_no_sidebar_basic.html" %}  
  • mauRepo/dj_security/trunk/dj_security/templates/authopenid/signin.html

    r8724 r8736  
    3131--> 
    3232<div class="login"> 
    33  
    34 <!-- 
    3533    <form id="auth_form" name="auth_form" action="{% url user_signin %}" method="post"> 
    3634    {% csrf_token %} 
     
    3836        <fieldset> 
    3937                <legend>{% trans "Sign In Using Your Account ID" %}</legend> 
    40                 <table> 
    41                         <tr> 
    42                                 <td> 
    4338                                        <div class="form-row"> 
    4439                                                <label for="id_username"> 
     
    4641                                                </label>{{ form2.username }} 
    4742                                        </div> 
    48                                 </td>                    
     43                                <!-- 
    4944                                <td> 
    5045                                        {% if form2.username.errors %}  
    5146                                                <span class="error">{{ form2.username.errors|join:", " }}</span> 
    5247                                        {% endif %}                                      
    53                                 </td>                    
    54                         </tr> 
    55                         <tr> 
    56                                 <td> 
    57                                         <div class="form-row"><label for="id_password">{% trans "Password:" %}</label>{{ form2.password }}</div> 
    5848                                </td> 
     49                                -->                      
     50                                        <div class="form-row"> 
     51                                                <label for="id_password"> 
     52                                                        {% trans "Password:" %} 
     53                                                </label> 
     54                                                {{ form2.password }} 
     55                                        </div> 
     56                                <!-- 
    5957                                <td> 
    6058                                        {% if form2.password.errors %}  
    6159                                                <span class="error">{{ form2.password.errors|join:", " }}</span> 
    6260                                        {% endif %}                              
    63                                 </td>                    
    64                         </tr> 
    65                 </table> 
     61                                </td> 
     62                                -->                      
    6663 
    6764        <div class="submit-row"><input type="submit" name="blogin" value="{% trans "Sign in" %}"> </div> 
    68                 </fieldset> 
     65        </fieldset> 
    6966        </form> 
    7067 
     
    7269<hr align="left" size="2" width="50%" color="red" noshade> 
    7370<br> 
    74 --> 
     71 
    7572<form id="openid_form" name="openid_form" action="{% url user_signin %}" method="post"> 
    7673    {% csrf_token %} 
  • mauRepo/dj_security/trunk/dj_security/urls.py

    r8712 r8736  
    11from django.conf.urls import patterns, include, url 
     2from django.contrib import admin 
     3 
     4from mezzanine.core.views import direct_to_template 
     5from django.conf import settings 
     6from dj_security.views.dj_security_login import signin, CEDAAuthenticationForm 
     7 
     8admin.autodiscover() 
    29 
    310# Uncomment the next two lines to enable the admin: 
     
    1926 
    2027urlpatterns += patterns('dj_security.views.dj_security_login', 
    21    (r'^account/register/$', 'logged_in'), 
    22    url(r'^account/', include('django_authopenid.urls')) 
     28   (r'^account/register/$', 'logged_in'),    
     29   ("^admin/", include(admin.site.urls)), 
     30    
     31      # We don't want to presume how your homepage works, so here are a 
     32    # few patterns you can use to set it up. 
     33 
     34    # HOMEPAGE AS STATIC TEMPLATE 
     35    # --------------------------- 
     36    # This pattern simply loads the index.html template. It isn't 
     37    # commented out like the others, so it's the default. You only need 
     38    # one homepage pattern, so if you use a different one, comment this 
     39    # one out. 
     40 
     41    url("^$", direct_to_template, {"template": "index.html"}, name="home"), 
     42 
     43    # HOMEPAGE AS AN EDITABLE PAGE IN THE PAGE TREE 
     44    # --------------------------------------------- 
     45    # This pattern gives us a normal ``Page`` object, so that your 
     46    # homepage can be managed via the page tree in the admin. If you 
     47    # use this pattern, you'll need to create a page in the page tree, 
     48    # and specify its URL (in the Meta Data section) as "/", which 
     49    # is the value used below in the ``{"slug": "/"}`` part. Make 
     50    # sure to uncheck all templates for the "show in menus" field 
     51    # when you create the page, since the link to the homepage is 
     52    # always hard-coded into all the page menus that display navigation 
     53    # on the site. Also note that the normal rule of adding a custom 
     54    # template per page with the template name using the page's slug 
     55    # doesn't apply here, since we can't have a template called 
     56    # "/.html" - so for this case, the template "pages/index.html" can 
     57    # be used. 
     58 
     59    # url("^$", "mezzanine.pages.views.page", {"slug": "/"}, name="home"), 
     60 
     61    # HOMEPAGE FOR A BLOG-ONLY SITE 
     62    # ----------------------------- 
     63    # This pattern points the homepage to the blog post listing page, 
     64    # and is useful for sites that are primarily blogs. If you use this 
     65    # pattern, you'll also need to set BLOG_SLUG = "" in your 
     66    # ``settings.py`` module, and delete the blog page object from the 
     67    # page tree in the admin if it was installed. 
     68 
     69    # url("^$", "mezzanine.blog.views.blog_post_list", name="home"), 
     70 
     71    # MEZZANINE'S URLS 
     72    # ---------------- 
     73    # ADD YOUR OWN URLPATTERNS *ABOVE* THE LINE BELOW. 
     74    # ``mezzanine.urls`` INCLUDES A *CATCH ALL* PATTERN 
     75    # FOR PAGES, SO URLPATTERNS ADDED BELOW ``mezzanine.urls`` 
     76    # WILL NEVER BE MATCHED! 
     77 
     78    # If you'd like more granular control over the patterns in 
     79    # ``mezzanine.urls``, go right ahead and take the parts you want 
     80    # from it, and use them directly below instead of using 
     81    # ``mezzanine.urls``. 
     82    #("^", include("mezzanine.urls")), 
     83 
     84    # MOUNTING MEZZANINE UNDER A PREFIX 
     85    # --------------------------------- 
     86    # You can also mount all of Mezzanine's urlpatterns under a 
     87    # URL prefix if desired. When doing this, you need to define the 
     88    # ``SITE_PREFIX`` setting, which will contain the prefix. Eg: 
     89    # SITE_PREFIX = "my/site/prefix" 
     90    # For convenience, and to avoid repeating the prefix, use the 
     91    # commented out pattern below (commenting out the one above of course) 
     92    # which will make use of the ``SITE_PREFIX`` setting. Make sure to 
     93    # add the import ``from django.conf import settings`` to the top 
     94    # of this file as well. 
     95    # Note that for any of the various homepage patterns above, you'll 
     96    # need to use the ``SITE_PREFIX`` setting as well. 
     97 
     98    ("^%s/" % settings.SITE_PREFIX, include("mezzanine.urls")), 
     99    url(r'^account/signin/$', signin, name='user_signin', kwargs={'auth_form':CEDAAuthenticationForm}),     
     100    (r'^accounts/profile/$', 'logged_in'), 
     101    #(r'^locally_logged_in/$', 'locally_logged_in'), 
     102    url(r'^account/', include('django_authopenid.urls')),     
     103 
    23104) 
    24105 
     106# Adds ``STATIC_URL`` to the context of error pages, so that error 
     107# pages can use JS, CSS and images. 
     108handler404 = "mezzanine.core.views.page_not_found" 
     109handler500 = "mezzanine.core.views.server_error" 
    25110#urlpatterns += patterns('dj_security.views.dj_security_login', 
    26111#    (r'^login$', 'login'), 
  • mauRepo/dj_security/trunk/dj_security/views/dj_security_login.py

    r8715 r8736  
    44@author: mnagni 
    55''' 
    6 from django.contrib.auth import authenticate 
     6from django.contrib.auth import authenticate, REDIRECT_FIELD_NAME, \ 
     7    SESSION_KEY, BACKEND_SESSION_KEY 
    78from django.shortcuts import render_to_response 
    89from django.core.context_processors import csrf 
    910from django.conf import settings 
    10  
     11from django_authopenid.views import not_authenticated, ask_openid,\ 
     12    signin_failure, _build_context 
     13from django_authopenid.forms import OpenidSigninForm 
     14from django.db.models import Q 
     15from django.contrib.auth.backends import ModelBackend 
     16from django.shortcuts import render_to_response as render 
     17 
     18from userdb_model.models import User 
     19 
     20import md5 
    1121import logging 
    1222import base64 
    13  
    14 from dj_security.login_form import LoginForm 
    15 from dj_security.encoder import SecurityEncoder 
     23from django_authopenid.utils import get_url_host 
     24from django.core.urlresolvers import reverse 
     25import urllib 
     26from django.http import HttpResponseRedirect 
     27from django.contrib.auth.forms import AuthenticationForm 
     28from django import forms 
     29from django.contrib.auth.signals import user_logged_in 
     30from django.db.utils import DatabaseError 
     31from dj_security.exception import DSJOpenIDNotFoundError 
    1632 
    1733# Get an instance of a logger 
    1834LOGGER = logging.getLogger(__name__) 
    1935 
     36OPENID = 'openid' 
     37 
    2038def error_handle(request, context): 
    21     form = LoginForm() 
     39    form = CEDAAuthenticationForm() 
    2240    context['form'] = form 
    2341    context.update(csrf(request)) 
    2442    return render_to_response('login.html', context) 
    2543 
     44class CedaUserAuthenticationBackend(ModelBackend): 
     45    """ 
     46    Extends Django's ``ModelBackend`` to allow login via username, or verification token. 
     47 
     48    Args are either ``username`` and ``password`` 
     49    and ``token``. In either case, ``is_active`` can also be given. 
     50 
     51    For login, is_active is not given, so that the login form can 
     52    raise a specific error for inactive users. 
     53    For password reset, True is given for is_active. 
     54    For signup verficiation, False is given for is_active. 
     55    """ 
     56 
     57    def authenticate(self, **kwargs): 
     58        if kwargs: 
     59            username = kwargs.pop("username", None) 
     60            if username: 
     61                username = Q(accountid=username) 
     62                password = kwargs.pop("password", None) 
     63                try: 
     64                    user = User.objects.get(username, **kwargs) 
     65                except User.DoesNotExist: 
     66                    pass 
     67                else: 
     68                    if user.md5passwd == md5.new(password).hexdigest(): 
     69                        return user 
     70       
     71''' 
    2672def login(request):        
    2773    context = {} 
    2874    if request.method == 'POST': # If the form has been submitted... 
    29         form = LoginForm(request.POST) # A form bound to the POST data 
     75        form = CEDAAuthenticationForm(request.POST) # A form bound to the POST data 
    3076        context['form'] = form 
    3177        if form.is_valid(): # All validation rules pass 
     
    67113         
    68114        # An unbound form 
    69         form = LoginForm()  
     115        form = CEDAAuthenticationForm()  
    70116        context['form'] = form 
    71117        context.update(csrf(request)) 
    72118        return render_to_response('login.html', context) 
    73  
     119''' 
     120    
     121def get_user_byopenid(user_id): 
     122    """ 
     123        Returns a tbusers row specified by `user_id` 
     124    - String **user_id** 
     125        a user 
     126    """ 
     127    try: 
     128        return User.objects.get(openid=user_id) 
     129    except DatabaseError as ex: 
     130        logging.error("Openid: %s - Not Found" % user_id) 
     131        raise DSJOpenIDNotFoundError(ex)    
     132                     
    74133def logged_in(request): 
     134    ''' 
     135        Retrieves the user after the openid provider authenticated him/her 
     136    ''' 
     137    if SESSION_KEY not in request.session: 
     138        if OPENID in request.session: 
     139            login(request, get_user_byopenid(request.session[OPENID])) 
     140             
    75141    return _encode_authenticated_response(request, context = {})     
    76142     
     
    81147    LOGGER.debug("Redirecting to %s" % (context['redirect_url']))    
    82148    return render_to_response('logged_in.html', context) 
     149 
     150class CEDAAuthenticationForm(AuthenticationForm): 
     151 
     152    def __init__(self, request=None, *args, **kwargs): 
     153        super(CEDAAuthenticationForm, self).__init__(request, *args, **kwargs) 
     154 
     155    def clean(self): 
     156        username = self.cleaned_data.get('username') 
     157        password = self.cleaned_data.get('password') 
     158 
     159        if username and password: 
     160            self.user_cache = authenticate(username=username, 
     161                                           password=password) 
     162            if self.user_cache is None: 
     163                raise forms.ValidationError( 
     164                    self.error_messages['invalid_login']) 
     165            #elif not self.user_cache.is_active: 
     166            #    raise forms.ValidationError(self.error_messages['inactive']) 
     167        self.check_for_test_cookie() 
     168        return self.cleaned_data 
     169 
     170     
     171@not_authenticated 
     172def signin(request, template_name='authopenid/signin.html',  
     173        redirect_field_name=REDIRECT_FIELD_NAME, openid_form=OpenidSigninForm, 
     174        auth_form=CedaUserAuthenticationBackend, on_failure=None, extra_context=None): 
     175    """Signin page. It manage the legacy authentification (user/password)   
     176    and authentification with openid. 
     177 
     178    :attr request: request object 
     179    :attr template_name: string, name of template to use 
     180    :attr redirect_field_name: string, field name used for redirect. by  
     181    default 'next' 
     182    :attr openid_form: form use for openid signin, by default  
     183    `OpenidSigninForm` 
     184    :attr auth_form: form object used for legacy authentification.  
     185    By default AuthentificationForm form auser auth contrib. 
     186    :attr extra_context: A dictionary of variables to add to the  
     187    template context. Any callable object in this dictionary will  
     188    be called to produce the end result which appears in the context. 
     189    """ 
     190    if on_failure is None: 
     191        on_failure = signin_failure 
     192         
     193    redirect_to = request.REQUEST.get(redirect_field_name, '') 
     194    form1 = openid_form() 
     195    form2 = auth_form() 
     196    if request.POST: 
     197        if not redirect_to or '//' in redirect_to or ' ' in redirect_to: 
     198            redirect_to = settings.LOGIN_REDIRECT_URL      
     199        if 'openid_url' in request.POST.keys(): 
     200            form1 = openid_form(data=request.POST) 
     201            if form1.is_valid(): 
     202                redirect_url = "%s%s?%s" % ( 
     203                        get_url_host(request), 
     204                        reverse('user_complete_signin'),  
     205                        urllib.urlencode({ redirect_field_name: redirect_to }) 
     206                ) 
     207                return ask_openid(request,  
     208                        form1.cleaned_data['openid_url'],  
     209                        redirect_url,  
     210                        on_failure=on_failure) 
     211        else: 
     212            # perform normal django authentification 
     213            form2 = auth_form(data=request.POST) 
     214            if form2.is_valid(): 
     215                login(request, form2.get_user()) 
     216                if request.session.test_cookie_worked(): 
     217                    request.session.delete_test_cookie() 
     218                return HttpResponseRedirect(redirect_to) 
     219    return render(template_name, { 
     220        'form1': form1, 
     221        'form2': form2, 
     222        redirect_field_name: redirect_to, 
     223        'msg':  request.GET.get('msg','') 
     224    }, context_instance=_build_context(request, extra_context=extra_context))   
     225 
     226 
     227     
     228def login(request, user): 
     229    """ 
     230    Persist a user id and a backend in the request. This way a user doesn't 
     231    have to reauthenticate on every request. Note that data set during 
     232    the anonymous session is retained when the user logs in. 
     233    Overrides the django.contrib.auth.login method 
     234    """ 
     235    if user is None: 
     236        user = request.user 
     237    # TODO: It would be nice to support different login methods, like signed cookies. 
     238    if SESSION_KEY in request.session: 
     239        if request.session[SESSION_KEY] != user.accountid: 
     240            # To avoid reusing another user's session, create a new, empty 
     241            # session if the existing session corresponds to a different 
     242            # authenticated user. 
     243            request.session.flush() 
     244            request.user = user 
     245    else: 
     246        request.session.cycle_key() 
     247    request.session[SESSION_KEY] = user.userkey 
     248    request.session[BACKEND_SESSION_KEY] = user.backend 
     249    if hasattr(request, 'user'): 
     250        request.user = user 
     251    user_logged_in.send(sender=user.__class__, request=request, user=user) 
  • mauRepo/dj_security/trunk/setup.py

    r8707 r8736  
    2424    zip_safe=False, 
    2525 
    26     # Adds dependencies     
    27     install_requires = ['Django==1.4.2', 
     26    # Adds dependencies 
     27    # !!!! BEWARE !!!! 
     28    ## Do not change Django version to a newer one because the django.http  
     29    # will miss the str_to_unicode used by the django-authopenid module!!! 
     30    # !!!! BEWARE !!!! 
     31    install_requires = ['psycopg2', 
     32                        'Django==1.4.5',                         
     33                        'mezzanine', 
    2834                        'Paste==1.7.5.1', 
     35                        'cedatheme_mf54', 
    2936                        'django-authopenid==1.0.1', 
    30                         'django-registration==0.8', 
    31                         'python-openid==2.2.5', 
    3237                        'userdb_model'], 
    3338) 
Note: See TracChangeset for help on using the changeset viewer.