/aai/middleware.py - Annotate - Synnefo - Greek Research and Technology Network's projects

| Branch: | Tag: | Revision:

root / aai / middleware.py @ d01e6404

History | View | Annotate | Download (3.5 kB)

1	ef39e7ee	Georgios Gousios	from django.conf import settings
2	ef39e7ee	Georgios Gousios	from django.http import HttpResponse, HttpResponseRedirect
3	89f86fd3	Georgios Gousios	from synnefo.db.models import SynnefoUser
4	8f377cd6	Georgios Gousios	from synnefo.aai.shibboleth import Tokens, register_shibboleth_user
5	faa26af8	Georgios Gousios	import time
6	89f86fd3	Georgios Gousios
7	89f86fd3	Georgios Gousios	class SynnefoAuthMiddleware(object):
8	89f86fd3	Georgios Gousios	def process_request(self, request):
9	22aee0fb	Georgios Gousios	if request.path.startswith('/api/') :
10	d994d118	Markos Gogoulos	return
11	c06de383	Georgios Gousios
12	def2c5c1	Georgios Gousios	if request.path.startswith('/invitations/login') :
13	def2c5c1	Georgios Gousios	return
14	def2c5c1	Georgios Gousios
15	89b6b240	Georgios Gousios	# Special case for testing purposes, delivers the cookie for the
16	89b6b240	Georgios Gousios	# test user on first access
17	6ff84e93	Georgios Gousios	if settings.BYPASS_AUTHENTICATION and \
18	6ff84e93	Georgios Gousios	request.GET.get('test') is not None:
19	6ff84e93	Georgios Gousios	u = SynnefoUser.objects.get(
20	6ff84e93	Georgios Gousios	auth_token='46e427d657b20defe352804f0eb6f8a2')
21	c9fdfa27	Georgios Gousios	return self._redirect_shib_auth_user(user = u)
22	89b6b240	Georgios Gousios
23	c06de383	Georgios Gousios	token = None
24	c06de383	Georgios Gousios
25	d01e6404	Faidon Liambotis	# Try to find token in a cookie
26	d01e6404	Faidon Liambotis	token = request.COOKIES.get('X-Auth-Token', None)
27	d01e6404	Faidon Liambotis
28	d01e6404	Faidon Liambotis	# Try to find token in request header
29	c06de383	Georgios Gousios	if not token:
30	c06de383	Georgios Gousios	token = request.META.get('HTTP_X_AUTH_TOKEN', None)
31	c06de383	Georgios Gousios
32	40777cc8	Giorgos Verigakis	if token:
33	d01e6404	Faidon Liambotis	# token was found, retrieve user from backing store
34	faa26af8	Georgios Gousios	try:
35	40777cc8	Giorgos Verigakis	user = SynnefoUser.objects.get(auth_token=token)
36	faa26af8	Georgios Gousios	except SynnefoUser.DoesNotExist:
37	63efc637	Georgios Gousios	return HttpResponseRedirect(settings.APP_INSTALL_URL + settings.LOGIN_PATH)
38	faa26af8	Georgios Gousios
39	d01e6404	Faidon Liambotis	# check user's auth token validity
40	faa26af8	Georgios Gousios	if (time.time() -
41	c9fdfa27	Georgios Gousios	time.mktime(user.auth_token_expires.timetuple())) > 0:
42	d01e6404	Faidon Liambotis	# the user's token has expired, prompt to re-login
43	63efc637	Georgios Gousios	return HttpResponseRedirect(settings.APP_INSTALL_URL + settings.LOGIN_PATH)
44	faa26af8	Georgios Gousios
45	89f86fd3	Georgios Gousios	request.user = user
46	ef39e7ee	Georgios Gousios	return
47	89f86fd3	Georgios Gousios
48	d01e6404	Faidon Liambotis	# token was not found but user authenticated by Shibboleth
49	d01e6404	Faidon Liambotis	if Tokens.SHIB_EPPN in request.META and \
50	d01e6404	Faidon Liambotis	Tokens.SHIB_SESSION_ID in request.META:
51	1896d262	Georgios Gousios	try:
52	d01e6404	Faidon Liambotis	user = SynnefoUser.objects.get(uniq=request.META[Tokens.SHIB_EPPN])
53	d01e6404	Faidon Liambotis	return self._redirect_shib_auth_user(user)
54	1896d262	Georgios Gousios	except SynnefoUser.DoesNotExist:
55	d01e6404	Faidon Liambotis	# attempt to create a new user object
56	dbf97ed2	Georgios Gousios	if register_shibboleth_user(request.META):
57	d01e6404	Faidon Liambotis	user = SynnefoUser.objects.get(uniq=request.META[Tokens.SHIB_EPPN])
58	ac3c3a4b	Georgios Gousios	return self._redirect_shib_auth_user(user)
59	57e59589	Georgios Gousios	else:
60	63efc637	Georgios Gousios	return HttpResponseRedirect(settings.APP_INSTALL_URL + settings.LOGIN_PATH)
61	dbf97ed2	Georgios Gousios
62	d01e6404	Faidon Liambotis	if settings.TEST and 'TEST-AAI' in request.META:
63	d01e6404	Faidon Liambotis	return HttpResponseRedirect(settings.APP_INSTALL_URL + settings.LOGIN_PATH)
64	25380811	Georgios Gousios
65	d01e6404	Faidon Liambotis	if request.path.endswith(settings.LOGIN_PATH):
66	d01e6404	Faidon Liambotis	# avoid redirect loops
67	d01e6404	Faidon Liambotis	return
68	8f377cd6	Georgios Gousios	else:
69	d01e6404	Faidon Liambotis	# no authentication info found in headers, redirect back
70	d01e6404	Faidon Liambotis	return HttpResponseRedirect(settings.APP_INSTALL_URL + settings.LOGIN_PATH)
71	dd53338a	Georgios Gousios
72	dd53338a	Georgios Gousios	def process_response(self, request, response):
73	d01e6404	Faidon Liambotis	# Tell proxies and other interested parties that the request varies
74	d01e6404	Faidon Liambotis	# based on X-Auth-Token, to avoid caching of results
75	d01e6404	Faidon Liambotis	response['Vary'] = 'X-Auth-Token'
76	dd53338a	Georgios Gousios	return response
77	63efc637	Georgios Gousios
78	ac3c3a4b	Georgios Gousios	def _redirect_shib_auth_user(self, user):
79	c9fdfa27	Georgios Gousios	expire_fmt = user.auth_token_expires.strftime('%a, %d-%b-%Y %H:%M:%S %Z')
80	c06de383	Georgios Gousios
81	ac3c3a4b	Georgios Gousios	response = HttpResponse()
82	d01e6404	Faidon Liambotis	response.set_cookie('X-Auth-Token', value=user.auth_token, expires=expire_fmt, path='/')
83	d01e6404	Faidon Liambotis	response['X-Auth-Token'] = user.auth_token
84	ac3c3a4b	Georgios Gousios	response['Location'] = settings.APP_INSTALL_URL
85	ac3c3a4b	Georgios Gousios	response.status_code = 302
86	ac3c3a4b	Georgios Gousios	return response