blob: 8971f431a352be35e195cf1dcedfc34c76f76eba [file] [log] [blame]
from django.contrib.auth.models import User, Group, check_password
from django.contrib.auth import backends
from django.contrib import auth
from django import http
from autotest_lib.client.cros import constants
from autotest_lib.frontend import thread_local
from autotest_lib.frontend.afe import models, management
from autotest_lib.server import utils
DEBUG_USER = 'debug_user'
class SimpleAuthBackend(backends.ModelBackend):
Automatically allows any login. This backend is for use when Apache is
doing the real authentication. Also ensures logged-in user exists in
frontend.afe.models.User database.
def authenticate(self, username=None, password=None):
user = User.objects.get(username=username)
except User.DoesNotExist:
# password is meaningless
user = User(username=username,
password='apache authentication')
user.is_staff = True # need to save before adding groups
return user
def check_afe_user(username):
user, created = models.User.objects.get_or_create(login=username)
if created:
def get_user(self, user_id):
return User.objects.get(pk=user_id)
except User.DoesNotExist:
return None
class GetApacheUserMiddleware(object):
Middleware for use when Apache is doing authentication. Looks for
REMOTE_USER in headers and passed the username found to
thread_local.set_user(). If no such header is found, looks for
HTTP_AUTHORIZATION header with username (this allows CLI to authenticate).
If neither of those are found, DEBUG_USER is used.
def process_request(self, request):
# look for a username from Apache
user = request.META.get('REMOTE_USER')
if user is None:
# look for a user in headers. This is insecure but
# it's our temporarily solution for CLI auth.
user = request.META.get('HTTP_AUTHORIZATION')
if user is None:
# no user info - assume we're in development mode
user = constants.MOBLAB_USER if utils.is_moblab() else DEBUG_USER
class ApacheAuthMiddleware(GetApacheUserMiddleware):
Like GetApacheUserMiddleware, but also logs the user into Django's auth
system, and replaces the username in thread_local with the actual User model
def process_request(self, request):
super(ApacheAuthMiddleware, self).process_request(request)
username = thread_local.get_user()
user_object = auth.authenticate(username=username,
auth.login(request, user_object)