Revision faa26af8 api/middleware.py

b/api/middleware.py
3 3
from django.http import HttpResponse, HttpResponseRedirect
4 4
from synnefo.db.models import SynnefoUser
5 5
from synnefo.logic.shibboleth import Tokens, register_shibboleth_user
6
import time
6 7

  
7 8
class SynnefoAuthMiddleware(object):
8 9

  
......
13 14
    def process_request(self, request):
14 15

  
15 16
        if self.auth_token in request.META:
17
            user = None
16 18
            #Retrieve user from DB or other caching mechanism
17
            user = SynnefoUser.objects.filter(auth_token = request.META[self.auth_token])
18
            if user is None :
19
            try:
20
                user = SynnefoUser.objects.get(auth_token = request.META[self.auth_token])
21
            except SynnefoUser.DoesNotExist:
22
                return HttpResponseRedirect(settings.SHIBBOLETH_HOST)
23

  
24
            #Check user's auth token
25
            if (time.time() -
26
                time.mktime(user.auth_token_created.timetuple()) +
27
                settings.AUTH_TOKEN_DURATION * 3600) > 0:
28
                #The user's token has expired, re-login
19 29
                return HttpResponseRedirect(settings.SHIBBOLETH_HOST)
30

  
20 31
            request.user = user
21 32
            return
22 33

  
23
        #A user authenticated by Shibboleth
34
        #A user authenticated by Shibboleth, must include a uniq id
24 35
        if Tokens.SIB_EDU_PERSON_PRINCIPAL_NAME in request.META:
25 36
            #TODO: We must somehow make sure that we only process
26 37
            #      SIB headers when coming from a URL whitelist,
27
            #      or a similar for of restriction
38
            #      or a similar form of restriction
28 39
            if request.get_host() not in settings.SHIBBOLETH_WHITELIST.keys():
29 40
                return HttpResponseRedirect(settings.SHIBBOLETH_HOST)
30 41

  
......
44 55
                #Registration failed, redirect to Shibboleth
45 56
                return HttpResponseRedirect(settings.SHIBBOLETH_HOST)
46 57

  
47
            #At this point, the user has been identified in our database
48
            #Check user's auth token
49
            if time() - user.auth_token_created > settings.AUTH_TOKEN_DURATION * 3600:
50
                #The user's token has expired, re-login
51
                return HttpResponseRedirect(settings.SHIBBOLETH_HOST)
52

  
53 58
            #User and authentication token valid, user allowed to proceed
54 59
            return
55 60
            
......
73 78
        #caching of results
74 79
        response['Vary'] = self.auth_key
75 80
        return response
76

  
77
#class HttpResponseAuthenticationRequired(HttpResponse):
78
#    status_code = 401

Also available in: Unified diff