Revision ac3c3a4b aai/middleware.py

b/aai/middleware.py
31 31 
            return
32 32 

  		





  33
  33
  
    
        #A user authenticated by Shibboleth, must include a uniq id


  		





  34
  
  
    
        if Tokens.SIB_EPPN in request.META:


  		





  35
  
  
    
            #We must somehow make sure that we only process


  		





  36
  
  
    
            #SIB headers when coming from a URL whitelist,


  		





  37
  
  
    
            #or a similar form of restriction


  		





  38
  
  
    
            #if request.get_host() not in settings.SHIBBOLETH_WHITELIST.keys():


  		





  39
  
  
    
            #    return HttpResponseRedirect(settings.APP_INSTALL_URL + settings.LOGIN_PATH)


  		





  40
  
  
    

  		





  
  34
  
    
        if Tokens.SIB_EPPN in request.META and Tokens.SIB_SESSION_ID in request.META:


  		





  41
  35
  
    
            user = None


  		





  42
  36
  
    
            try:


  		





  43
  37
  
    
                user = SynnefoUser.objects.get(


  		





  ......




  51
  45
  
    
                if register_shibboleth_user(request.META):


  		





  52
  46
  
    
                    user = SynnefoUser.objects.get(


  		





  53
  47
  
    
                        uniq = request.META[Tokens.SIB_EPPN])


  		





  54
  
  
    
                    response = HttpResponse()


  		





  55
  
  
    
                    response[self.auth_token] = user.auth_token


  		





  56
  
  
    
                    response['Location'] = settings.APP_INSTALL_URL 


  		





  57
  
  
    
                    response.status_code = 302


  		





  58
  
  
    
                    return response


  		





  
  48
  
    
                    return self._redirect_shib_auth_user(user)


  		





  59
  49
  
    
                else:


  		





  60
  50
  
    
                    return HttpResponseRedirect(settings.APP_INSTALL_URL + settings.LOGIN_PATH)


  		





  61
  51
  
    

  		





  62
  52
  
    
            #User and authentication token valid, user allowed to proceed


  		





  63
  
  
    
            return


  		





  
  53
  
    
            return self._redirect_shib_auth_user(user)


  		





  64
  54
  
    

  		





  65
  55
  
    
        #An API authentication request


  		





  66
  56
  
    
        if self.auth_user in request.META and self.auth_key in request.META and 'GET' == request.method:


  		





  ......




  90
  80
  
    
        else:


  		





  91
  81
  
    
            #Avoid redirect loops


  		





  92
  82
  
    
            if request.path.endswith(settings.LOGIN_PATH): 


  		





  93
  
  
    
                return 


  		





  
  83
  
    
                return


  		





  94
  84
  
    
            else :


  		





  95
  85
  
    
                #No authentication info found in headers, redirect to Shibboleth


  		





  96
  86
  
    
                return HttpResponseRedirect(settings.APP_INSTALL_URL + settings.LOGIN_PATH)


  		





  ......




  102
  92
  
    
        response['Vary'] = self.auth_token


  		





  103
  93
  
    
        return response


  		





  104
  94
  
    

  		





  
  95
  
    

  		





  
  96
  
    
    def _redirect_shib_auth_user(self, user):


  		





  
  97
  
    
        response = HttpResponse()


  		





  
  98
  
    
        response[self.auth_token] = user.auth_token


  		





  
  99
  
    
        response['Location'] = settings.APP_INSTALL_URL


  		





  
  100
  
    
        response.status_code = 302


  		





  
  101
  
    
        return response


  		












Also available in:
  Unified diff