source: asadb/mit/__init__.py @ 51b384a

space-accessstablestage
Last change on this file since 51b384a was 51b384a, checked in by Alex Dehnert <adehnert@…>, 13 years ago

Validate constitution_url (ASA-#76)
  • Property mode set to 100644
File size: 4.2 KB
Line 
1import subprocess
2import ldap
3import ldap.filter
4
5from django.contrib.auth.middleware import RemoteUserMiddleware
6from django.contrib.auth.backends import RemoteUserBackend
7from django.contrib.auth.views import login
8from django.contrib.auth import REDIRECT_FIELD_NAME
9from django.http import HttpResponseRedirect
10from django.contrib import auth
11from django.core.exceptions import ObjectDoesNotExist
12from django.core.validators import URLValidator, ValidationError
13
14import settings
15
16def zephyr(msg, clas='message', instance='log', rcpt='nobody',):
17    proc = subprocess.Popen(
18        ['zwrite', '-d', '-n', '-c', clas, '-i', instance, rcpt, ],
19        stdin=subprocess.PIPE, stdout=subprocess.PIPE
20    )
21    proc.communicate(msg)
22
23def UrlOrAfsValidator(value):
24    if value.startswith('/mit/') or value.startswith('/afs/'):
25        return
26    else:
27        try:
28            URLValidator()(value)
29        except ValidationError:
30            raise ValidationError('Provide a valid URL or AFS path')
31
32class ScriptsRemoteUserMiddleware(RemoteUserMiddleware):
33    header = 'SSL_CLIENT_S_DN_Email'
34
35class ScriptsRemoteUserBackend(RemoteUserBackend):
36    def clean_username(self, username, ):
37        if '@' in username:
38            name, domain = username.split('@')
39            assert domain.upper() == 'MIT.EDU'
40            return name
41        else:
42            return username
43    def configure_user(self, user, ):
44        username = user.username
45        user.password = "ScriptsSSLAuth"
46        con = ldap.open('ldap-too.mit.edu')
47        con.simple_bind_s("", "")
48        dn = "dc=mit,dc=edu"
49        fields = ['cn', 'sn', 'givenName', 'mail', ]
50        userfilter = ldap.filter.filter_format('uid=%s', [username])
51        result = con.search_s('dc=mit,dc=edu', ldap.SCOPE_SUBTREE, userfilter, fields)
52        if len(result) == 1:
53            user.first_name = result[0][1]['givenName'][0]
54            user.last_name = result[0][1]['sn'][0]
55            try:
56                user.email = result[0][1]['mail'][0]
57            except KeyError:
58                user.email = username + '@mit.edu'
59            try:
60                user.groups.add(auth.models.Group.objects.get(name='mit'))
61            except ObjectDoesNotExist:
62                print "Failed to retrieve mit group"
63        else:
64            raise ValueError, ("Could not find user with username '%s' (filter '%s')"%(username, userfilter))
65        try:
66            user.groups.add(auth.models.Group.objects.get(name='autocreated'))
67        except ObjectDoesNotExist:
68            print "Failed to retrieve autocreated group"
69        user.save()
70        return user
71
72def get_or_create_mit_user(username, ):
73    """
74    Given an MIT username, return a Django user object for them.
75    If necessary, create (and save) the Django user for them.
76    If the MIT user doesn't exist, raises ValueError.
77    """
78    user, created = auth.models.User.objects.get_or_create(username=username, )
79    if created:
80        backend = ScriptsRemoteUserBackend()
81        # Raises ValueError if the user doesn't exist
82        try:
83            return backend.configure_user(user), created
84        except ValueError:
85            user.delete()
86            raise
87    else:
88        return user, created
89
90def scripts_login(request, **kwargs):
91    host = request.META['HTTP_HOST'].split(':')[0]
92    if host == 'localhost':
93        return login(request, **kwargs)
94    elif request.META['SERVER_PORT'] == '444':
95        if request.user.is_authenticated():
96            # They're already authenticated --- go ahead and redirect
97            if 'redirect_field_name' in kwargs:
98                redirect_field_name = kwargs['redirect_field_names']
99            else:
100                from django.contrib.auth import REDIRECT_FIELD_NAME
101                redirect_field_name = REDIRECT_FIELD_NAME
102            redirect_to = request.REQUEST.get(redirect_field_name, '')
103            if not redirect_to or '//' in redirect_to or ' ' in redirect_to:
104                redirect_to = settings.LOGIN_REDIRECT_URL
105            return HttpResponseRedirect(redirect_to)
106        else:
107            return login(request, **kwargs)
108    else:
109        # Move to port 444
110        redirect_to = "https://%s:444%s" % (host, request.META['REQUEST_URI'], )
111        return HttpResponseRedirect(redirect_to)
Note: See TracBrowser for help on using the repository browser.