Revision c06de383

b/aai/middleware.py
4 4
from synnefo.db.models import SynnefoUser
5 5
from synnefo.aai.shibboleth import Tokens, register_shibboleth_user
6 6
import time
7
import datetime
7 8

  
8 9
class SynnefoAuthMiddleware(object):
9 10

  
......
16 17
            #print time.strftime("[%d/%b/%Y %H:%M:%S]"), " Path", \
17 18
            #  request.path , ": Not authenticated"
18 19
            return
19
        token = request.META.get('HTTP_X_AUTH_TOKEN', None)        
20

  
21
        token = None
22
        #Try to find token in a cookie
23
        try:
24
            token = request.COOKIES['X-Auth-Token']
25
        except Exception:
26
            pass
27

  
28
        #Try to find token in request header
29
        if not token:
30
            token = request.META.get('HTTP_X_AUTH_TOKEN', None)
31

  
20 32
        if token:
21 33
            user = None
22 34
            #Retrieve user from DB or other caching mechanism
......
97 109
        response['Vary'] = self.auth_token
98 110
        return response
99 111

  
100

  
101 112
    def _redirect_shib_auth_user(self, user):
113
        expire = user.auth_token_created + datetime.timedelta(hours=settings.AUTH_TOKEN_DURATION)
114
        expire_fmt = expire.strftime('%a, %d-%b-%Y %H:%M:%S %Z')
115

  
102 116
        response = HttpResponse()
117

  
118
        response.set_cookie('X-Auth-Token', value=user.auth_token, expires = expire_fmt, path='/api')
103 119
        response[self.auth_token] = user.auth_token
104 120
        response['Location'] = settings.APP_INSTALL_URL
105 121
        response.status_code = 302
b/aai/tests.py
5 5
#
6 6
# Copyright 2011 Greek Research and Technology Network
7 7
#
8
from Cookie import Cookie
8 9

  
9 10
from django.test import TestCase
10 11
from django.test.client import Client
......
41 42
        self.assertEquals(response['Location'], settings.APP_INSTALL_URL)
42 43
        self.assertTrue('X-Auth-Token' in response)
43 44
        self.assertEquals(response['X-Auth-Token'], user.auth_token)
45
        #self.assertNotEquals(response.cookies['X-Auth-Token'].find(user.auth_token), -1)
44 46

  
45 47
        response = self.client.get(self.apibase + '/servers', {},
46 48
                                   **{Tokens.SIB_NAME: 'Jimmy',
......
58 60
        self.assertEquals(user1.auth_token , user.auth_token)
59 61
        self.assertTrue(response['Location'].endswith, '/servers')
60 62

  
63
    def test_auth_cookie(self):
64
        user = SynnefoUser.objects.get(uniq = "test@synnefo.gr")
65
        self.client.cookies['X-Auth-Token'] = user.auth_token
66
        response = self.client.get(self.apibase + '/servers', {},
67
                                   **{'X-Auth-Token': user.auth_token,
68
                                      'TEST-AAI' : 'true'})
69
        self.assertTrue(response.status_code, 200)
70
        self.assertTrue('Vary' in response)
71
        self.assertTrue('X-Auth-Token' in response['Vary'])
72

  
61 73
    def test_shibboleth_no_uniq_request(self):
62 74
        """test a request with no unique field
63 75
        """

Also available in: Unified diff