1 # Copyright 2011 GRNET S.A. All rights reserved.
3 # Redistribution and use in source and binary forms, with or
4 # without modification, are permitted provided that the following
7 # 1. Redistributions of source code must retain the above
8 # copyright notice, this list of conditions and the following
11 # 2. Redistributions in binary form must reproduce the above
12 # copyright notice, this list of conditions and the following
13 # disclaimer in the documentation and/or other materials
14 # provided with the distribution.
16 # THIS SOFTWARE IS PROVIDED BY GRNET S.A. ``AS IS'' AND ANY EXPRESS
17 # OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18 # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
19 # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GRNET S.A OR
20 # CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
21 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
22 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
23 # USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
24 # AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
26 # ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27 # POSSIBILITY OF SUCH DAMAGE.
29 # The views and conclusions contained in the software and
30 # documentation are those of the authors and should not be
31 # interpreted as representing official policies, either expressed
32 # or implied, of GRNET S.A.
34 from time import time, mktime
35 from urllib import quote, unquote
37 from astakos.im.models import User
40 def get_user_from_token(token):
42 return User.objects.get(auth_token=token)
43 except User.DoesNotExist:
47 class AuthMiddleware(object):
48 def process_request(self, request):
50 request.user_uniq = None
52 # Try to find token in a parameter, in a request header, or in a cookie.
53 user = get_user_from_token(request.GET.get('X-Auth-Token'))
55 user = get_user_from_token(request.META.get('HTTP_X_AUTH_TOKEN'))
57 # Back from an im login target.
58 if request.GET.get('user', None):
59 token = request.GET.get('token', None)
61 request.set_auth_cookie = True
62 user = get_user_from_token(token)
64 cookie_value = unquote(request.COOKIES.get('_pithos2_a', ''))
65 if cookie_value and '|' in cookie_value:
66 token = cookie_value.split('|', 1)[1]
67 user = get_user_from_token(token)
71 # Check if the is active.
72 if user.state != 'ACTIVE':
75 # Check if the token has expired.
76 if (time() - mktime(user.auth_token_expires.timetuple())) > 0:
80 request.user_uniq = user.uniq
82 def process_response(self, request, response):
83 if getattr(request, 'user', None) and getattr(request, 'set_auth_cookie', False):
84 expire_fmt = request.user.auth_token_expires.strftime('%a, %d-%b-%Y %H:%M:%S %Z')
85 cookie_value = quote(request.user.uniq + '|' + request.user.auth_token)
86 response.set_cookie('_pithos2_a', value=cookie_value, expires=expire_fmt, path='/')