root / api / middleware.py @ 44193110
History | View | Annotate | Download (1.4 kB)
| 1 | ef39e7ee | Georgios Gousios | from django.conf import settings |
|---|---|---|---|
| 2 | ef39e7ee | Georgios Gousios | from django.http import HttpResponse, HttpResponseRedirect |
| 3 | 89f86fd3 | Georgios Gousios | from synnefo.api.errors import Unauthorized |
| 4 | 89f86fd3 | Georgios Gousios | from synnefo.db.models import SynnefoUser |
| 5 | 89f86fd3 | Georgios Gousios | |
| 6 | 89f86fd3 | Georgios Gousios | class SynnefoAuthMiddleware(object): |
| 7 | 89f86fd3 | Georgios Gousios | |
| 8 | 89f86fd3 | Georgios Gousios | auth_token = "X-Auth-Token"
|
| 9 | 89f86fd3 | Georgios Gousios | auth_user = "X-Auth-User"
|
| 10 | 89f86fd3 | Georgios Gousios | auth_key = "X-Auth-Key"
|
| 11 | 89f86fd3 | Georgios Gousios | |
| 12 | 89f86fd3 | Georgios Gousios | def process_request(self, request): |
| 13 | ef39e7ee | Georgios Gousios | |
| 14 | 89f86fd3 | Georgios Gousios | if self.auth_token in request.META: |
| 15 | ef39e7ee | Georgios Gousios | #Retrieve user from DB or other caching mechanism
|
| 16 | ef39e7ee | Georgios Gousios | user = SynnefoUser.objects.filter(auth_token = request.META[self.auth_token])
|
| 17 | 89f86fd3 | Georgios Gousios | if user is None : |
| 18 | 44193110 | Georgios Gousios | return HttpResponseRedirect(content='Athentication Required') |
| 19 | 89f86fd3 | Georgios Gousios | request.user = user |
| 20 | ef39e7ee | Georgios Gousios | return
|
| 21 | 89f86fd3 | Georgios Gousios | |
| 22 | 89f86fd3 | Georgios Gousios | #An authentication request
|
| 23 | 89f86fd3 | Georgios Gousios | if self.auth_user in request.META and 'X-Auth-Key' in request.META \ |
| 24 | 89f86fd3 | Georgios Gousios | and '/v1.0' == request.path and 'GET' == request.method: |
| 25 | ef39e7ee | Georgios Gousios | # This is here merely for compatibility with the Openstack API.
|
| 26 | ef39e7ee | Georgios Gousios | # All normal users should authenticate through Sibbolleth. Admin
|
| 27 | ef39e7ee | Georgios Gousios | # users or other selected users could use this as a bypass
|
| 28 | ef39e7ee | Georgios Gousios | # mechanism
|
| 29 | ef39e7ee | Georgios Gousios | user = SynnefoUser.objects.filter(username = request.META[self.auth_user])
|
| 30 | ef39e7ee | Georgios Gousios | |
| 31 | ef39e7ee | Georgios Gousios | return HttpResponseRedirect(content= settings.SIBBOLLETH_HOST)
|
| 32 | ef39e7ee | Georgios Gousios | |
| 33 | 44193110 | Georgios Gousios | return HttpResponseRedirect(content='Athentication Required') |
| 34 | 89f86fd3 | Georgios Gousios | |
| 35 | ef39e7ee | Georgios Gousios | #class HttpResponseAuthenticationRequired(HttpResponse):
|
| 36 | ef39e7ee | Georgios Gousios | # status_code = 401 |