diff options
Diffstat (limited to 'lib/python2.7/site-packages/django/contrib/auth/middleware.py')
| -rw-r--r-- | lib/python2.7/site-packages/django/contrib/auth/middleware.py | 91 |
1 files changed, 91 insertions, 0 deletions
diff --git a/lib/python2.7/site-packages/django/contrib/auth/middleware.py b/lib/python2.7/site-packages/django/contrib/auth/middleware.py new file mode 100644 index 0000000..f38efdd --- /dev/null +++ b/lib/python2.7/site-packages/django/contrib/auth/middleware.py @@ -0,0 +1,91 @@ +from django.contrib import auth +from django.contrib.auth import load_backend +from django.contrib.auth.backends import RemoteUserBackend +from django.core.exceptions import ImproperlyConfigured +from django.utils.functional import SimpleLazyObject + + +def get_user(request): + if not hasattr(request, '_cached_user'): + request._cached_user = auth.get_user(request) + return request._cached_user + + +class AuthenticationMiddleware(object): + def process_request(self, request): + assert hasattr(request, 'session'), "The Django authentication middleware requires session middleware to be installed. Edit your MIDDLEWARE_CLASSES setting to insert 'django.contrib.sessions.middleware.SessionMiddleware'." + + request.user = SimpleLazyObject(lambda: get_user(request)) + + +class RemoteUserMiddleware(object): + """ + Middleware for utilizing Web-server-provided authentication. + + If request.user is not authenticated, then this middleware attempts to + authenticate the username passed in the ``REMOTE_USER`` request header. + If authentication is successful, the user is automatically logged in to + persist the user in the session. + + The header used is configurable and defaults to ``REMOTE_USER``. Subclass + this class and change the ``header`` attribute if you need to use a + different header. + """ + + # Name of request header to grab username from. This will be the key as + # used in the request.META dictionary, i.e. the normalization of headers to + # all uppercase and the addition of "HTTP_" prefix apply. + header = "REMOTE_USER" + + def process_request(self, request): + # AuthenticationMiddleware is required so that request.user exists. + if not hasattr(request, 'user'): + raise ImproperlyConfigured( + "The Django remote user auth middleware requires the" + " authentication middleware to be installed. Edit your" + " MIDDLEWARE_CLASSES setting to insert" + " 'django.contrib.auth.middleware.AuthenticationMiddleware'" + " before the RemoteUserMiddleware class.") + try: + username = request.META[self.header] + except KeyError: + # If specified header doesn't exist then remove any existing + # authenticated remote-user, or return (leaving request.user set to + # AnonymousUser by the AuthenticationMiddleware). + if request.user.is_authenticated(): + try: + stored_backend = load_backend(request.session.get( + auth.BACKEND_SESSION_KEY, '')) + if isinstance(stored_backend, RemoteUserBackend): + auth.logout(request) + except ImproperlyConfigured as e: + # backend failed to load + auth.logout(request) + return + # If the user is already authenticated and that user is the user we are + # getting passed in the headers, then the correct user is already + # persisted in the session and we don't need to continue. + if request.user.is_authenticated(): + if request.user.get_username() == self.clean_username(username, request): + return + # We are seeing this user for the first time in this session, attempt + # to authenticate the user. + user = auth.authenticate(remote_user=username) + if user: + # User is valid. Set request.user and persist user in the session + # by logging the user in. + request.user = user + auth.login(request, user) + + def clean_username(self, username, request): + """ + Allows the backend to clean the username, if the backend defines a + clean_username method. + """ + backend_str = request.session[auth.BACKEND_SESSION_KEY] + backend = auth.load_backend(backend_str) + try: + username = backend.clean_username(username) + except AttributeError: # Backend has no clean_username method. + pass + return username |