2005-11-30 09:14:23 +08:00
|
|
|
from mod_python import apache
|
|
|
|
import os
|
|
|
|
|
|
|
|
def authenhandler(req, **kwargs):
|
|
|
|
"""
|
|
|
|
Authentication handler that checks against Django's auth database.
|
|
|
|
"""
|
|
|
|
|
|
|
|
# mod_python fakes the environ, and thus doesn't process SetEnv. This fixes
|
|
|
|
# that so that the following import works
|
|
|
|
os.environ.update(req.subprocess_env)
|
|
|
|
|
2007-09-16 02:36:31 +08:00
|
|
|
# apache 2.2 requires a call to req.get_basic_auth_pw() before
|
|
|
|
# req.user and friends are available.
|
|
|
|
req.get_basic_auth_pw()
|
|
|
|
|
2005-11-30 09:14:23 +08:00
|
|
|
# check for PythonOptions
|
2006-01-08 13:10:51 +08:00
|
|
|
_str_to_bool = lambda s: s.lower() in ('1', 'true', 'on', 'yes')
|
2005-11-30 09:14:23 +08:00
|
|
|
|
|
|
|
options = req.get_options()
|
|
|
|
permission_name = options.get('DjangoPermissionName', None)
|
|
|
|
staff_only = _str_to_bool(options.get('DjangoRequireStaffStatus', "on"))
|
|
|
|
superuser_only = _str_to_bool(options.get('DjangoRequireSuperuserStatus', "off"))
|
2006-05-31 10:09:07 +08:00
|
|
|
settings_module = options.get('DJANGO_SETTINGS_MODULE', None)
|
|
|
|
if settings_module:
|
|
|
|
os.environ['DJANGO_SETTINGS_MODULE'] = settings_module
|
|
|
|
|
|
|
|
from django.contrib.auth.models import User
|
2006-09-22 20:01:15 +08:00
|
|
|
from django import db
|
|
|
|
db.reset_queries()
|
2005-11-30 09:14:23 +08:00
|
|
|
|
|
|
|
# check that the username is valid
|
2006-05-02 09:31:56 +08:00
|
|
|
kwargs = {'username': req.user, 'is_active': True}
|
2005-11-30 09:14:23 +08:00
|
|
|
if staff_only:
|
2006-05-02 09:31:56 +08:00
|
|
|
kwargs['is_staff'] = True
|
2005-11-30 09:14:23 +08:00
|
|
|
if superuser_only:
|
2006-05-02 09:31:56 +08:00
|
|
|
kwargs['is_superuser'] = True
|
2005-11-30 09:14:23 +08:00
|
|
|
try:
|
2006-09-22 20:01:15 +08:00
|
|
|
try:
|
|
|
|
user = User.objects.get(**kwargs)
|
|
|
|
except User.DoesNotExist:
|
|
|
|
return apache.HTTP_UNAUTHORIZED
|
|
|
|
|
|
|
|
# check the password and any permission given
|
|
|
|
if user.check_password(req.get_basic_auth_pw()):
|
|
|
|
if permission_name:
|
|
|
|
if user.has_perm(permission_name):
|
|
|
|
return apache.OK
|
|
|
|
else:
|
|
|
|
return apache.HTTP_UNAUTHORIZED
|
2005-11-30 09:14:23 +08:00
|
|
|
else:
|
2006-09-22 20:01:15 +08:00
|
|
|
return apache.OK
|
2005-11-30 09:14:23 +08:00
|
|
|
else:
|
2006-09-22 20:01:15 +08:00
|
|
|
return apache.HTTP_UNAUTHORIZED
|
|
|
|
finally:
|
|
|
|
db.connection.close()
|