mirror of
				https://github.com/django/django.git
				synced 2025-10-24 22:26:08 +00:00 
			
		
		
		
	Backport of r14069 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@14072 bcc190cf-cafb-0310-a4f2-bffc1f526a37
		
			
				
	
	
		
			82 lines
		
	
	
		
			3.5 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
			
		
		
	
	
			82 lines
		
	
	
		
			3.5 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
| from django.contrib import auth
 | |
| from django.core.exceptions import ImproperlyConfigured
 | |
| 
 | |
| 
 | |
| class LazyUser(object):
 | |
|     def __get__(self, request, obj_type=None):
 | |
|         if not hasattr(request, '_cached_user'):
 | |
|             from django.contrib.auth import get_user
 | |
|             request._cached_user = get_user(request)
 | |
|         return request._cached_user
 | |
| 
 | |
| 
 | |
| class AuthenticationMiddleware(object):
 | |
|     def process_request(self, request):
 | |
|         assert hasattr(request, 'session'), "The Django authentication middleware requires session middleware to be installed. Edit your MIDDLEWARE_CLASSES setting to insert 'django.contrib.sessions.middleware.SessionMiddleware'."
 | |
|         request.__class__.user = LazyUser()
 | |
|         return None
 | |
| 
 | |
| 
 | |
| class RemoteUserMiddleware(object):
 | |
|     """
 | |
|     Middleware for utilizing Web-server-provided authentication.
 | |
| 
 | |
|     If request.user is not authenticated, then this middleware attempts to
 | |
|     authenticate the username passed in the ``REMOTE_USER`` request header.
 | |
|     If authentication is successful, the user is automatically logged in to
 | |
|     persist the user in the session.
 | |
| 
 | |
|     The header used is configurable and defaults to ``REMOTE_USER``.  Subclass
 | |
|     this class and change the ``header`` attribute if you need to use a
 | |
|     different header.
 | |
|     """
 | |
| 
 | |
|     # Name of request header to grab username from.  This will be the key as
 | |
|     # used in the request.META dictionary, i.e. the normalization of headers to
 | |
|     # all uppercase and the addition of "HTTP_" prefix apply.
 | |
|     header = "REMOTE_USER"
 | |
| 
 | |
|     def process_request(self, request):
 | |
|         # AuthenticationMiddleware is required so that request.user exists.
 | |
|         if not hasattr(request, 'user'):
 | |
|             raise ImproperlyConfigured(
 | |
|                 "The Django remote user auth middleware requires the"
 | |
|                 " authentication middleware to be installed.  Edit your"
 | |
|                 " MIDDLEWARE_CLASSES setting to insert"
 | |
|                 " 'django.contrib.auth.middleware.AuthenticationMiddleware'"
 | |
|                 " before the RemoteUserMiddleware class.")
 | |
|         try:
 | |
|             username = request.META[self.header]
 | |
|         except KeyError:
 | |
|             # If specified header doesn't exist then return (leaving
 | |
|             # request.user set to AnonymousUser by the
 | |
|             # AuthenticationMiddleware).
 | |
|             return
 | |
|         # If the user is already authenticated and that user is the user we are
 | |
|         # getting passed in the headers, then the correct user is already
 | |
|         # persisted in the session and we don't need to continue.
 | |
|         if request.user.is_authenticated():
 | |
|             if request.user.username == self.clean_username(username, request):
 | |
|                 return
 | |
|         # We are seeing this user for the first time in this session, attempt
 | |
|         # to authenticate the user.
 | |
|         user = auth.authenticate(remote_user=username)
 | |
|         if user:
 | |
|             # User is valid.  Set request.user and persist user in the session
 | |
|             # by logging the user in.
 | |
|             request.user = user
 | |
|             auth.login(request, user)
 | |
| 
 | |
|     def clean_username(self, username, request):
 | |
|         """
 | |
|         Allows the backend to clean the username, if the backend defines a
 | |
|         clean_username method.
 | |
|         """
 | |
|         backend_str = request.session[auth.BACKEND_SESSION_KEY]
 | |
|         backend = auth.load_backend(backend_str)
 | |
|         try:
 | |
|             username = backend.clean_username(username)
 | |
|         except AttributeError: # Backend has no clean_username method.
 | |
|             pass
 | |
|         return username
 |