1 # Copyright 2011 GRNET S.A. All rights reserved.
3 # Redistribution and use in source and binary forms, with or
4 # without modification, are permitted provided that the following
7 # 1. Redistributions of source code must retain the above
8 # copyright notice, this list of conditions and the following
11 # 2. Redistributions in binary form must reproduce the above
12 # copyright notice, this list of conditions and the following
13 # disclaimer in the documentation and/or other materials
14 # provided with the distribution.
16 # THIS SOFTWARE IS PROVIDED BY GRNET S.A. ``AS IS'' AND ANY EXPRESS
17 # OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18 # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
19 # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GRNET S.A OR
20 # CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
21 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
22 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
23 # USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
24 # AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
26 # ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27 # POSSIBILITY OF SUCH DAMAGE.
29 # The views and conclusions contained in the software and
30 # documentation are those of the authors and should not be
31 # interpreted as representing official policies, either expressed
32 # or implied, of GRNET S.A.
34 from time import time, mktime
36 from pithos.im.models import User
39 def get_user_from_token(token):
41 return User.objects.get(auth_token=token)
42 except User.DoesNotExist:
46 class AuthMiddleware(object):
47 def process_request(self, request):
49 request.user_uniq = None
51 # Try to find token in a parameter, in a request header, or in a cookie.
52 user = get_user_from_token(request.GET.get('X-Auth-Token'))
54 user = get_user_from_token(request.META.get('HTTP_X_AUTH_TOKEN'))
56 # Back from an im login target.
57 if request.GET.get('user', None):
58 token = request.GET.get('token', None)
60 request.set_auth_cookie = True
61 user = get_user_from_token(token)
63 cookie_value = request.COOKIES.get('_pithos2_a')
64 if cookie_value and '|' in cookie_value:
65 token = cookie_value.split('|', 1)[1]
66 user = get_user_from_token(token)
70 # Check if the is active.
71 if user.state != 'ACTIVE':
74 # Check if the token has expired.
75 if (time() - mktime(user.auth_token_expires.timetuple())) > 0:
79 request.user_uniq = user.uniq
81 def process_response(self, request, response):
82 if getattr(request, 'user', None) and getattr(request, 'set_auth_cookie', False):
83 expire_fmt = request.user.auth_token_expires.strftime('%a, %d-%b-%Y %H:%M:%S %Z')
84 cookie_value = request.user.uniq + '|' + request.user.auth_token
85 response.set_cookie('_pithos2_a', value=cookie_value, expires=expire_fmt, path='/')