Statistics
| Branch: | Tag: | Revision:

root / aai / middleware.py @ 93677203

History | View | Annotate | Download (4 kB)

1 ef39e7ee Georgios Gousios
from django.conf import settings
2 ef39e7ee Georgios Gousios
from django.http import HttpResponse, HttpResponseRedirect
3 89f86fd3 Georgios Gousios
from synnefo.db.models import SynnefoUser
4 8f377cd6 Georgios Gousios
from synnefo.aai.shibboleth import Tokens, register_shibboleth_user
5 faa26af8 Georgios Gousios
import time
6 89f86fd3 Georgios Gousios
7 89f86fd3 Georgios Gousios
class SynnefoAuthMiddleware(object):
8 89f86fd3 Georgios Gousios
9 89f86fd3 Georgios Gousios
    auth_token = "X-Auth-Token"
10 89f86fd3 Georgios Gousios
    auth_user  = "X-Auth-User"
11 89f86fd3 Georgios Gousios
    auth_key   = "X-Auth-Key"
12 89f86fd3 Georgios Gousios
13 89f86fd3 Georgios Gousios
    def process_request(self, request):
14 22aee0fb Georgios Gousios
        if request.path.startswith('/api/') :
15 d994d118 Markos Gogoulos
            return
16 c06de383 Georgios Gousios
17 def2c5c1 Georgios Gousios
        if request.path.startswith('/invitations/login') :
18 def2c5c1 Georgios Gousios
            return
19 def2c5c1 Georgios Gousios
20 89b6b240 Georgios Gousios
        # Special case for testing purposes, delivers the cookie for the
21 89b6b240 Georgios Gousios
        # test user on first access
22 6ff84e93 Georgios Gousios
        if settings.BYPASS_AUTHENTICATION and \
23 6ff84e93 Georgios Gousios
           request.GET.get('test') is not None:
24 6ff84e93 Georgios Gousios
            u = SynnefoUser.objects.get(
25 6ff84e93 Georgios Gousios
                auth_token='46e427d657b20defe352804f0eb6f8a2')
26 c9fdfa27 Georgios Gousios
            return self._redirect_shib_auth_user(user = u)
27 89b6b240 Georgios Gousios
28 c06de383 Georgios Gousios
        token = None
29 c06de383 Georgios Gousios
        #Try to find token in a cookie
30 c06de383 Georgios Gousios
        try:
31 c06de383 Georgios Gousios
            token = request.COOKIES['X-Auth-Token']
32 c06de383 Georgios Gousios
        except Exception:
33 c06de383 Georgios Gousios
            pass
34 c06de383 Georgios Gousios
35 c06de383 Georgios Gousios
        #Try to find token in request header
36 c06de383 Georgios Gousios
        if not token:
37 c06de383 Georgios Gousios
            token = request.META.get('HTTP_X_AUTH_TOKEN', None)
38 c06de383 Georgios Gousios
39 40777cc8 Giorgos Verigakis
        if token:
40 faa26af8 Georgios Gousios
            user = None
41 ef39e7ee Georgios Gousios
            #Retrieve user from DB or other caching mechanism
42 faa26af8 Georgios Gousios
            try:
43 40777cc8 Giorgos Verigakis
                user = SynnefoUser.objects.get(auth_token=token)
44 faa26af8 Georgios Gousios
            except SynnefoUser.DoesNotExist:
45 63efc637 Georgios Gousios
                return HttpResponseRedirect(settings.APP_INSTALL_URL + settings.LOGIN_PATH)
46 faa26af8 Georgios Gousios
47 faa26af8 Georgios Gousios
            #Check user's auth token
48 faa26af8 Georgios Gousios
            if (time.time() -
49 c9fdfa27 Georgios Gousios
                time.mktime(user.auth_token_expires.timetuple())) > 0:
50 faa26af8 Georgios Gousios
                #The user's token has expired, re-login
51 63efc637 Georgios Gousios
                return HttpResponseRedirect(settings.APP_INSTALL_URL + settings.LOGIN_PATH)
52 faa26af8 Georgios Gousios
53 89f86fd3 Georgios Gousios
            request.user = user
54 ef39e7ee Georgios Gousios
            return
55 89f86fd3 Georgios Gousios
56 faa26af8 Georgios Gousios
        #A user authenticated by Shibboleth, must include a uniq id
57 ac3c3a4b Georgios Gousios
        if Tokens.SIB_EPPN in request.META and Tokens.SIB_SESSION_ID in request.META:
58 1896d262 Georgios Gousios
            user = None
59 1896d262 Georgios Gousios
            try:
60 1896d262 Georgios Gousios
                user = SynnefoUser.objects.get(
61 63efc637 Georgios Gousios
                    uniq = request.META[Tokens.SIB_EPPN])
62 1896d262 Georgios Gousios
            except SynnefoUser.DoesNotExist:
63 1896d262 Georgios Gousios
                pass
64 dbf97ed2 Georgios Gousios
65 dbf97ed2 Georgios Gousios
            #No user with this id could be found in the database
66 dbf97ed2 Georgios Gousios
            if user is None:
67 57e59589 Georgios Gousios
                #Attempt to register the incoming user
68 dbf97ed2 Georgios Gousios
                if register_shibboleth_user(request.META):
69 57e59589 Georgios Gousios
                    user = SynnefoUser.objects.get(
70 63efc637 Georgios Gousios
                        uniq = request.META[Tokens.SIB_EPPN])
71 ac3c3a4b Georgios Gousios
                    return self._redirect_shib_auth_user(user)
72 57e59589 Georgios Gousios
                else:
73 63efc637 Georgios Gousios
                    return HttpResponseRedirect(settings.APP_INSTALL_URL + settings.LOGIN_PATH)
74 dbf97ed2 Georgios Gousios
75 dbf97ed2 Georgios Gousios
            #User and authentication token valid, user allowed to proceed
76 ac3c3a4b Georgios Gousios
            return self._redirect_shib_auth_user(user)
77 25380811 Georgios Gousios
78 ea2bea47 Georgios Gousios
        if settings.TEST:
79 8f377cd6 Georgios Gousios
            if 'TEST-AAI' in request.META:
80 63efc637 Georgios Gousios
                return HttpResponseRedirect(settings.APP_INSTALL_URL + settings.LOGIN_PATH)
81 8f377cd6 Georgios Gousios
        else:
82 60de282a Georgios Gousios
            #Avoid redirect loops
83 63efc637 Georgios Gousios
            if request.path.endswith(settings.LOGIN_PATH): 
84 ac3c3a4b Georgios Gousios
                return
85 60de282a Georgios Gousios
            else :
86 60de282a Georgios Gousios
                #No authentication info found in headers, redirect to Shibboleth
87 63efc637 Georgios Gousios
                return HttpResponseRedirect(settings.APP_INSTALL_URL + settings.LOGIN_PATH)
88 dd53338a Georgios Gousios
89 dd53338a Georgios Gousios
    def process_response(self, request, response):
90 dbf97ed2 Georgios Gousios
        #Tell proxies and other interested parties that the
91 dbf97ed2 Georgios Gousios
        #request varies based on the auth token, to avoid
92 dbf97ed2 Georgios Gousios
        #caching of results
93 57e59589 Georgios Gousios
        response['Vary'] = self.auth_token
94 dd53338a Georgios Gousios
        return response
95 63efc637 Georgios Gousios
96 ac3c3a4b Georgios Gousios
    def _redirect_shib_auth_user(self, user):
97 c9fdfa27 Georgios Gousios
        expire_fmt = user.auth_token_expires.strftime('%a, %d-%b-%Y %H:%M:%S %Z')
98 c06de383 Georgios Gousios
99 ac3c3a4b Georgios Gousios
        response = HttpResponse()
100 c06de383 Georgios Gousios
101 1c9bb7a5 Georgios Gousios
        response.set_cookie('X-Auth-Token', value=user.auth_token, expires = expire_fmt, path='/')
102 ac3c3a4b Georgios Gousios
        response[self.auth_token] = user.auth_token
103 ac3c3a4b Georgios Gousios
        response['Location'] = settings.APP_INSTALL_URL
104 ac3c3a4b Georgios Gousios
        response.status_code = 302
105 ac3c3a4b Georgios Gousios
        return response