Context Navigation

source: asadb/mit/init.py @ 68c93e8

space-accessstablestage

Last change on this file since 68c93e8 was 7045dd8, checked in by Alex Dehnert <adehnert@…>, 14 years ago
Django MIT plugin: Don't crash on users with hidden emails (ASA Trac: #63)
Property mode set to `100644`
File size: 3.9 KB

Line
1	import subprocess
2	import ldap
3	import ldap.filter
4
5	from django.contrib.auth.middleware import RemoteUserMiddleware
6	from django.contrib.auth.backends import RemoteUserBackend
7	from django.contrib.auth.views import login
8	from django.contrib.auth import REDIRECT_FIELD_NAME
9	from django.http import HttpResponseRedirect
10	from django.contrib import auth
11	from django.core.exceptions import ObjectDoesNotExist
12	import settings
13
14	def zephyr(msg, clas='message', instance='log', rcpt='nobody',):
15	proc = subprocess.Popen(
16	['zwrite', '-d', '-n', '-c', clas, '-i', instance, rcpt, ],
17	stdin=subprocess.PIPE, stdout=subprocess.PIPE
18	)
19	proc.communicate(msg)
20
21	class ScriptsRemoteUserMiddleware(RemoteUserMiddleware):
22	header = 'SSL_CLIENT_S_DN_Email'
23
24	class ScriptsRemoteUserBackend(RemoteUserBackend):
25	def clean_username(self, username, ):
26	if '@' in username:
27	name, domain = username.split('@')
28	assert domain.upper() == 'MIT.EDU'
29	return name
30	else:
31	return username
32	def configure_user(self, user, ):
33	username = user.username
34	user.password = "ScriptsSSLAuth"
35	con = ldap.open('ldap-too.mit.edu')
36	con.simple_bind_s("", "")
37	dn = "dc=mit,dc=edu"
38	fields = ['cn', 'sn', 'givenName', 'mail', ]
39	userfilter = ldap.filter.filter_format('uid=%s', [username])
40	result = con.search_s('dc=mit,dc=edu', ldap.SCOPE_SUBTREE, userfilter, fields)
41	if len(result) == 1:
42	user.first_name = result[0][1]['givenName'][0]
43	user.last_name = result[0][1]['sn'][0]
44	try:
45	user.email = result[0][1]['mail'][0]
46	except KeyError:
47	user.email = username + '@mit.edu'
48	try:
49	user.groups.add(auth.models.Group.objects.get(name='mit'))
50	except ObjectDoesNotExist:
51	print "Failed to retrieve mit group"
52	else:
53	raise ValueError, ("Could not find user with username '%s' (filter '%s')"%(username, userfilter))
54	try:
55	user.groups.add(auth.models.Group.objects.get(name='autocreated'))
56	except ObjectDoesNotExist:
57	print "Failed to retrieve autocreated group"
58	user.save()
59	return user
60
61	def get_or_create_mit_user(username, ):
62	"""
63	Given an MIT username, return a Django user object for them.
64	If necessary, create (and save) the Django user for them.
65	If the MIT user doesn't exist, raises ValueError.
66	"""
67	user, created = auth.models.User.objects.get_or_create(username=username, )
68	if created:
69	backend = ScriptsRemoteUserBackend()
70	# Raises ValueError if the user doesn't exist
71	try:
72	return backend.configure_user(user), created
73	except ValueError:
74	user.delete()
75	raise
76	else:
77	return user, created
78
79	def scripts_login(request, **kwargs):
80	host = request.META['HTTP_HOST'].split(':')[0]
81	if host == 'localhost':
82	return login(request, **kwargs)
83	elif request.META['SERVER_PORT'] == '444':
84	if request.user.is_authenticated():
85	# They're already authenticated --- go ahead and redirect
86	if 'redirect_field_name' in kwargs:
87	redirect_field_name = kwargs['redirect_field_names']
88	else:
89	from django.contrib.auth import REDIRECT_FIELD_NAME
90	redirect_field_name = REDIRECT_FIELD_NAME
91	redirect_to = request.REQUEST.get(redirect_field_name, '')
92	if not redirect_to or '//' in redirect_to or ' ' in redirect_to:
93	redirect_to = settings.LOGIN_REDIRECT_URL
94	return HttpResponseRedirect(redirect_to)
95	else:
96	return login(request, **kwargs)
97	else:
98	# Move to port 444
99	redirect_to = "https://%s:444%s" % (host, request.META['REQUEST_URI'], )
100	return HttpResponseRedirect(redirect_to)

Note: See TracBrowser for help on using the repository browser.

Download in other formats: