Revision d01e6404

b/aai/middleware.py
5 5
import time
6 6

  
7 7
class SynnefoAuthMiddleware(object):
8

  
9
    auth_token = "X-Auth-Token"
10
    auth_user  = "X-Auth-User"
11
    auth_key   = "X-Auth-Key"
12

  
13 8
    def process_request(self, request):
14 9
        if request.path.startswith('/api/') :
15 10
            return
......
26 21
            return self._redirect_shib_auth_user(user = u)
27 22

  
28 23
        token = None
29
        #Try to find token in a cookie
30
        try:
31
            token = request.COOKIES['X-Auth-Token']
32
        except Exception:
33
            pass
34 24

  
35
        #Try to find token in request header
25
        # Try to find token in a cookie
26
        token = request.COOKIES.get('X-Auth-Token', None)
27

  
28
        # Try to find token in request header
36 29
        if not token:
37 30
            token = request.META.get('HTTP_X_AUTH_TOKEN', None)
38 31

  
39 32
        if token:
40
            user = None
41
            #Retrieve user from DB or other caching mechanism
33
            # token was found, retrieve user from backing store
42 34
            try:
43 35
                user = SynnefoUser.objects.get(auth_token=token)
44 36
            except SynnefoUser.DoesNotExist:
45 37
                return HttpResponseRedirect(settings.APP_INSTALL_URL + settings.LOGIN_PATH)
46 38

  
47
            #Check user's auth token
39
            # check user's auth token validity
48 40
            if (time.time() -
49 41
                time.mktime(user.auth_token_expires.timetuple())) > 0:
50
                #The user's token has expired, re-login
42
                # the user's token has expired, prompt to re-login
51 43
                return HttpResponseRedirect(settings.APP_INSTALL_URL + settings.LOGIN_PATH)
52 44

  
53 45
            request.user = user
54 46
            return
55 47

  
56
        #A user authenticated by Shibboleth, must include a uniq id
57
        if Tokens.SHIB_EPPN in request.META and Tokens.SHIB_SESSION_ID in request.META:
58
            user = None
48
        # token was not found but user authenticated by Shibboleth
49
        if Tokens.SHIB_EPPN in request.META and \
50
           Tokens.SHIB_SESSION_ID in request.META:
59 51
            try:
60
                user = SynnefoUser.objects.get(
61
                    uniq = request.META[Tokens.SHIB_EPPN])
52
                user = SynnefoUser.objects.get(uniq=request.META[Tokens.SHIB_EPPN])
53
                return self._redirect_shib_auth_user(user)
62 54
            except SynnefoUser.DoesNotExist:
63
                pass
64

  
65
            #No user with this id could be found in the database
66
            if user is None:
67
                #Attempt to register the incoming user
55
                # attempt to create a new user object
68 56
                if register_shibboleth_user(request.META):
69
                    user = SynnefoUser.objects.get(
70
                        uniq = request.META[Tokens.SHIB_EPPN])
57
                    user = SynnefoUser.objects.get(uniq=request.META[Tokens.SHIB_EPPN])
71 58
                    return self._redirect_shib_auth_user(user)
72 59
                else:
73 60
                    return HttpResponseRedirect(settings.APP_INSTALL_URL + settings.LOGIN_PATH)
74 61

  
75
            #User and authentication token valid, user allowed to proceed
76
            return self._redirect_shib_auth_user(user)
62
        if settings.TEST and 'TEST-AAI' in request.META:
63
            return HttpResponseRedirect(settings.APP_INSTALL_URL + settings.LOGIN_PATH)
77 64

  
78
        if settings.TEST:
79
            if 'TEST-AAI' in request.META:
80
                return HttpResponseRedirect(settings.APP_INSTALL_URL + settings.LOGIN_PATH)
65
        if request.path.endswith(settings.LOGIN_PATH):
66
            # avoid redirect loops
67
            return
81 68
        else:
82
            #Avoid redirect loops
83
            if request.path.endswith(settings.LOGIN_PATH): 
84
                return
85
            else :
86
                #No authentication info found in headers, redirect to Shibboleth
87
                return HttpResponseRedirect(settings.APP_INSTALL_URL + settings.LOGIN_PATH)
69
            # no authentication info found in headers, redirect back
70
            return HttpResponseRedirect(settings.APP_INSTALL_URL + settings.LOGIN_PATH)
88 71

  
89 72
    def process_response(self, request, response):
90
        #Tell proxies and other interested parties that the
91
        #request varies based on the auth token, to avoid
92
        #caching of results
93
        response['Vary'] = self.auth_token
73
        # Tell proxies and other interested parties that the request varies
74
        # based on X-Auth-Token, to avoid caching of results
75
        response['Vary'] = 'X-Auth-Token'
94 76
        return response
95 77

  
96 78
    def _redirect_shib_auth_user(self, user):
97 79
        expire_fmt = user.auth_token_expires.strftime('%a, %d-%b-%Y %H:%M:%S %Z')
98 80

  
99 81
        response = HttpResponse()
100

  
101
        response.set_cookie('X-Auth-Token', value=user.auth_token, expires = expire_fmt, path='/')
102
        response[self.auth_token] = user.auth_token
82
        response.set_cookie('X-Auth-Token', value=user.auth_token, expires=expire_fmt, path='/')
83
        response['X-Auth-Token'] = user.auth_token
103 84
        response['Location'] = settings.APP_INSTALL_URL
104 85
        response.status_code = 302
105 86
        return response

Also available in: Unified diff