Fix dummy login target.

[pithos] / pithos / middleware / auth.py

diff --git a/pithos/middleware/auth.py b/pithos/middleware/auth.py
index 20eb393..16afee7 100644 (file)
--- a/pithos/middleware/auth.py
+++ b/pithos/middleware/auth.py
@@ -32,35 +32,56 @@
 # or implied, of GRNET S.A.
 
 from time import time, mktime
+from urllib import quote, unquote
 
-from django.conf import settings
+from pithos.im.models import User
 
-from pithos.aai.models import PithosUser
+
+def get_user_from_token(token):
+    try:
+        return User.objects.get(auth_token=token)
+    except User.DoesNotExist:
+        return None
 
 
 class AuthMiddleware(object):
     def process_request(self, request):
         request.user = None
+        request.user_uniq = None
         
         # Try to find token in a parameter, in a request header, or in a cookie.
-        token = request.GET.get('X-Auth-Token', None)
-        if not token:
-            token = request.META.get('HTTP_X_AUTH_TOKEN', None)
-        if not token:
-            token = request.COOKIES.get('X-Auth-Token', None)
-        if not token:
+        user = get_user_from_token(request.GET.get('X-Auth-Token'))
+        if not user:
+            user = get_user_from_token(request.META.get('HTTP_X_AUTH_TOKEN'))
+        if not user:
+            # Back from an im login target.
+            if request.GET.get('user', None):
+                token = request.GET.get('token', None)
+                if token:
+                    request.set_auth_cookie = True
+                user = get_user_from_token(token)
+            if not user:
+                cookie_value = unquote(request.COOKIES.get('_pithos2_a', ''))
+                if cookie_value and '|' in cookie_value:
+                    token = cookie_value.split('|', 1)[1]
+                    user = get_user_from_token(token)
+        if not user:
             return
         
-        # Token was found, retrieve user from backing store.
-        try:
-            user = PithosUser.objects.get(auth_token=token)
-        except:
+        # Check if the is active.
+        if user.state != 'ACTIVE':
             return
         
         # Check if the token has expired.
         if (time() - mktime(user.auth_token_expires.timetuple())) > 0:
             return
         
-        request.user_obj = user
-        request.user = user.uniq
-        request.quota = user.quota
+        request.user = user
+        request.user_uniq = user.uniq
+    
+    def process_response(self, request, response):
+        if getattr(request, 'user', None) and getattr(request, 'set_auth_cookie', False):
+            expire_fmt = request.user.auth_token_expires.strftime('%a, %d-%b-%Y %H:%M:%S %Z')
+            cookie_value = quote(request.user.uniq + '|' + request.user.auth_token)
+            response.set_cookie('_pithos2_a', value=cookie_value, expires=expire_fmt, path='/')
+        return response