Revision ac3c3a4b aai/middleware.py
b/aai/middleware.py | ||
---|---|---|
31 | 31 |
return |
32 | 32 |
|
33 | 33 |
#A user authenticated by Shibboleth, must include a uniq id |
34 |
if Tokens.SIB_EPPN in request.META: |
|
35 |
#We must somehow make sure that we only process |
|
36 |
#SIB headers when coming from a URL whitelist, |
|
37 |
#or a similar form of restriction |
|
38 |
#if request.get_host() not in settings.SHIBBOLETH_WHITELIST.keys(): |
|
39 |
# return HttpResponseRedirect(settings.APP_INSTALL_URL + settings.LOGIN_PATH) |
|
40 |
|
|
34 |
if Tokens.SIB_EPPN in request.META and Tokens.SIB_SESSION_ID in request.META: |
|
41 | 35 |
user = None |
42 | 36 |
try: |
43 | 37 |
user = SynnefoUser.objects.get( |
... | ... | |
51 | 45 |
if register_shibboleth_user(request.META): |
52 | 46 |
user = SynnefoUser.objects.get( |
53 | 47 |
uniq = request.META[Tokens.SIB_EPPN]) |
54 |
response = HttpResponse() |
|
55 |
response[self.auth_token] = user.auth_token |
|
56 |
response['Location'] = settings.APP_INSTALL_URL |
|
57 |
response.status_code = 302 |
|
58 |
return response |
|
48 |
return self._redirect_shib_auth_user(user) |
|
59 | 49 |
else: |
60 | 50 |
return HttpResponseRedirect(settings.APP_INSTALL_URL + settings.LOGIN_PATH) |
61 | 51 |
|
62 | 52 |
#User and authentication token valid, user allowed to proceed |
63 |
return |
|
53 |
return self._redirect_shib_auth_user(user)
|
|
64 | 54 |
|
65 | 55 |
#An API authentication request |
66 | 56 |
if self.auth_user in request.META and self.auth_key in request.META and 'GET' == request.method: |
... | ... | |
90 | 80 |
else: |
91 | 81 |
#Avoid redirect loops |
92 | 82 |
if request.path.endswith(settings.LOGIN_PATH): |
93 |
return
|
|
83 |
return |
|
94 | 84 |
else : |
95 | 85 |
#No authentication info found in headers, redirect to Shibboleth |
96 | 86 |
return HttpResponseRedirect(settings.APP_INSTALL_URL + settings.LOGIN_PATH) |
... | ... | |
102 | 92 |
response['Vary'] = self.auth_token |
103 | 93 |
return response |
104 | 94 |
|
95 |
|
|
96 |
def _redirect_shib_auth_user(self, user): |
|
97 |
response = HttpResponse() |
|
98 |
response[self.auth_token] = user.auth_token |
|
99 |
response['Location'] = settings.APP_INSTALL_URL |
|
100 |
response.status_code = 302 |
|
101 |
return response |
Also available in: Unified diff