mygpo/userfeeds/auth.py

   1 from functools import wraps
   2
   3 from django.http import HttpResponse, HttpResponseBadRequest, Http404
   4 from django.shortcuts import get_object_or_404
   5 from django.contrib.auth import get_user_model
   6
   7
   8 #############################################################################
   9 #
  10 def view_or_basicauth(view, request, username, token_name, realm = "", *args, **kwargs):
  11
  12     User = get_user_model()
  13     user = get_object_or_404(User, username=username)
  14
  15     token = getattr(user, token_name, '')
  16
  17     # check if a token is required at all
  18     if token == '':
  19         return view(request, username, *args, **kwargs)
  20
  21     # this header format is used when passing auth-headers
  22     # from Aapache to fcgi
  23     if 'AUTHORIZATION' in request.META:
  24         auth = request.META['AUTHORIZATION']
  25
  26     elif 'HTTP_AUTHORIZATION' in request.META:
  27         auth = request.META['HTTP_AUTHORIZATION']
  28
  29     else:
  30         return auth_request()
  31
  32
  33     auth = auth.split(None, 1)
  34
  35     if len(auth) == 2:
  36         auth_type, credentials = auth
  37
  38         # NOTE: We are only support basic authentication for now.
  39         if auth_type.lower() == 'basic':
  40             credentials = credentials.decode('base64').split(':', 1)
  41             if len(credentials) == 2:
  42
  43                 uname, passwd = credentials
  44
  45                 if uname != username:
  46                     return auth_request()
  47
  48                 if token == passwd:
  49                     return view(request, uname, *args, **kwargs)
  50
  51     return auth_request()
  52
  53
  54 def auth_request(realm=''):
  55     # Either they did not provide an authorization header or
  56     # something in the authorization attempt failed. Send a 401
  57     # back to them to ask them to authenticate.
  58     response = HttpResponse()
  59     response.status_code = 401
  60     response['WWW-Authenticate'] = 'Basic realm="%s"' % realm
  61     return response
  62
  63
  64 #############################################################################
  65 #
  66 def require_token_auth(token_name):
  67     def wrapper(protected_view):
  68
  69         @wraps(protected_view)
  70         def tmp(request, username, *args, **kwargs):
  71             return view_or_basicauth(protected_view, \
  72                                      request, \
  73                                      username, \
  74                                      token_name, \
  75                                      '', \
  76                                      *args, \
  77                                      **kwargs)
  78         return tmp
  79     return wrapper