# or implied, of GRNET S.A.
from time import time, mktime
+from urllib import quote, unquote
-from django.conf import settings
+from pithos.im.models import User
-from pithos.aai.models import PithosUser
+
+def get_user_from_token(token):
+ try:
+ return User.objects.get(auth_token=token)
+ except User.DoesNotExist:
+ return None
class AuthMiddleware(object):
def process_request(self, request):
request.user = None
+ request.user_uniq = None
# Try to find token in a parameter, in a request header, or in a cookie.
- token = request.GET.get('X-Auth-Token', None)
- if not token:
- token = request.META.get('HTTP_X_AUTH_TOKEN', None)
- if not token:
- token = request.COOKIES.get('X-Auth-Token', None)
- if not token:
+ user = get_user_from_token(request.GET.get('X-Auth-Token'))
+ if not user:
+ user = get_user_from_token(request.META.get('HTTP_X_AUTH_TOKEN'))
+ if not user:
+ # Back from an im login target.
+ if request.GET.get('user', None):
+ token = request.GET.get('token', None)
+ if token:
+ request.set_auth_cookie = True
+ user = get_user_from_token(token)
+ if not user:
+ cookie_value = unquote(request.COOKIES.get('_pithos2_a', ''))
+ if cookie_value and '|' in cookie_value:
+ token = cookie_value.split('|', 1)[1]
+ user = get_user_from_token(token)
+ if not user:
return
- # Token was found, retrieve user from backing store.
- try:
- user = PithosUser.objects.get(auth_token=token)
- except:
+ # Check if the is active.
+ if user.state != 'ACTIVE':
return
# Check if the token has expired.
if (time() - mktime(user.auth_token_expires.timetuple())) > 0:
return
- request.user_obj = user
- request.user = user.uniq
- request.quota = user.quota
+ request.user = user
+ request.user_uniq = user.uniq
+
+ def process_response(self, request, response):
+ if getattr(request, 'user', None) and getattr(request, 'set_auth_cookie', False):
+ expire_fmt = request.user.auth_token_expires.strftime('%a, %d-%b-%Y %H:%M:%S %Z')
+ cookie_value = quote(request.user.uniq + '|' + request.user.auth_token)
+ response.set_cookie('_pithos2_a', value=cookie_value, expires=expire_fmt, path='/')
+ return response