-
Notifications
You must be signed in to change notification settings - Fork 31
Expand file tree
/
Copy pathmiddleware.py
More file actions
63 lines (51 loc) · 2.03 KB
/
Copy pathmiddleware.py
File metadata and controls
63 lines (51 loc) · 2.03 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
import base64
import logging
from django.contrib.auth import get_user_model, SESSION_KEY, BACKEND_SESSION_KEY
# TODO: Update this to use django-oauth-toolkit; needed for the region service
# from provider.oauth2.models import Client
from remote_client_user.models import ClientPermissions
from rest_framework.authentication import get_authorization_header
logger = logging.getLogger('remote_client_user')
# TODO: Update this to use django-oauth-toolkit
def get_authed_user(request):
# Get the HTTP Authorization header value
auth_header = get_authorization_header(request).split()
if not auth_header:
return None
if auth_header[0].lower() != 'remote':
return None
# Decode the base64-encoded header data
encoded_auth_data = auth_header[1]
auth_data = base64.decodestring(encoded_auth_data)
# Parse out the client and user information
try:
client_id, client_secret, username, email = auth_data.split(';')
except ValueError:
return None
# Get the client
try:
client = Client.objects.select_related('permissions').get(client_id=client_id, client_secret=client_secret)
except Client.DoesNotExist:
return None
# Get or create the user if the client allows
try:
if not client.permissions.allow_remote_signin:
return None
except ClientPermissions.DoesNotExist:
return None
User = get_user_model()
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
if not client.permissions.allow_remote_signup:
return None
user = User.objects.create_user(username=username, email=email)
return user
class RemoteClientMiddleware:
def process_request(self, request):
user = get_authed_user(request)
# Set the current user ID and the appropriate authentication backend
# on the session.
if user:
request.session[SESSION_KEY] = user.id
request.session[BACKEND_SESSION_KEY] = 'sa_api_v2.auth_backends.CachedModelBackend'