2007-04-25 17:44:06 +08:00
|
|
|
import datetime
|
2009-12-10 09:05:35 +08:00
|
|
|
from warnings import warn
|
2006-06-29 00:37:02 +08:00
|
|
|
from django.core.exceptions import ImproperlyConfigured
|
2009-03-19 00:55:59 +08:00
|
|
|
from django.utils.importlib import import_module
|
2010-11-26 21:33:27 +08:00
|
|
|
from django.contrib.auth.signals import user_logged_in, user_logged_out
|
2006-06-29 00:37:02 +08:00
|
|
|
|
|
|
|
SESSION_KEY = '_auth_user_id'
|
|
|
|
BACKEND_SESSION_KEY = '_auth_user_backend'
|
2006-05-02 09:31:56 +08:00
|
|
|
REDIRECT_FIELD_NAME = 'next'
|
2006-06-29 00:37:02 +08:00
|
|
|
|
|
|
|
def load_backend(path):
|
|
|
|
i = path.rfind('.')
|
|
|
|
module, attr = path[:i], path[i+1:]
|
|
|
|
try:
|
2009-03-19 00:55:59 +08:00
|
|
|
mod = import_module(module)
|
2006-06-29 00:37:02 +08:00
|
|
|
except ImportError, e:
|
2010-01-11 02:36:20 +08:00
|
|
|
raise ImproperlyConfigured('Error importing authentication backend %s: "%s"' % (module, e))
|
2007-07-13 13:03:33 +08:00
|
|
|
except ValueError, e:
|
2010-01-11 02:36:20 +08:00
|
|
|
raise ImproperlyConfigured('Error importing authentication backends. Is AUTHENTICATION_BACKENDS a correctly defined list or tuple?')
|
2006-06-29 00:37:02 +08:00
|
|
|
try:
|
|
|
|
cls = getattr(mod, attr)
|
|
|
|
except AttributeError:
|
2010-01-11 02:36:20 +08:00
|
|
|
raise ImproperlyConfigured('Module "%s" does not define a "%s" authentication backend' % (module, attr))
|
2010-09-27 05:36:22 +08:00
|
|
|
if not hasattr(cls, "supports_object_permissions"):
|
2009-12-10 09:05:35 +08:00
|
|
|
warn("Authentication backends without a `supports_object_permissions` attribute are deprecated. Please define it in %s." % cls,
|
2010-10-11 20:20:07 +08:00
|
|
|
DeprecationWarning)
|
2009-12-10 09:05:35 +08:00
|
|
|
cls.supports_object_permissions = False
|
2010-09-27 05:36:22 +08:00
|
|
|
|
|
|
|
if not hasattr(cls, 'supports_anonymous_user'):
|
2010-01-28 09:47:23 +08:00
|
|
|
warn("Authentication backends without a `supports_anonymous_user` attribute are deprecated. Please define it in %s." % cls,
|
2010-10-11 20:20:07 +08:00
|
|
|
DeprecationWarning)
|
2010-01-28 09:47:23 +08:00
|
|
|
cls.supports_anonymous_user = False
|
2010-12-22 03:18:12 +08:00
|
|
|
|
|
|
|
if not hasattr(cls, 'supports_inactive_user'):
|
|
|
|
warn("Authentication backends without a `supports_inactive_user` attribute are deprecated. Please define it in %s." % cls,
|
|
|
|
DeprecationWarning)
|
|
|
|
cls.supports_inactive_user = False
|
2006-06-29 00:37:02 +08:00
|
|
|
return cls()
|
|
|
|
|
|
|
|
def get_backends():
|
|
|
|
from django.conf import settings
|
|
|
|
backends = []
|
|
|
|
for backend_path in settings.AUTHENTICATION_BACKENDS:
|
|
|
|
backends.append(load_backend(backend_path))
|
2010-12-04 12:47:59 +08:00
|
|
|
if not backends:
|
|
|
|
raise ImproperlyConfigured('No authentication backends have been defined. Does AUTHENTICATION_BACKENDS contain anything?')
|
2006-06-29 00:37:02 +08:00
|
|
|
return backends
|
|
|
|
|
|
|
|
def authenticate(**credentials):
|
|
|
|
"""
|
2006-07-03 10:12:59 +08:00
|
|
|
If the given credentials are valid, return a User object.
|
2006-06-29 00:37:02 +08:00
|
|
|
"""
|
|
|
|
for backend in get_backends():
|
|
|
|
try:
|
|
|
|
user = backend.authenticate(**credentials)
|
|
|
|
except TypeError:
|
2006-07-03 10:12:59 +08:00
|
|
|
# This backend doesn't accept these credentials as arguments. Try the next one.
|
2006-06-29 00:37:02 +08:00
|
|
|
continue
|
|
|
|
if user is None:
|
|
|
|
continue
|
2006-07-03 10:12:59 +08:00
|
|
|
# Annotate the user object with the path of the backend.
|
2006-07-14 11:09:02 +08:00
|
|
|
user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)
|
2006-06-29 00:37:02 +08:00
|
|
|
return user
|
|
|
|
|
|
|
|
def login(request, user):
|
|
|
|
"""
|
|
|
|
Persist a user id and a backend in the request. This way a user doesn't
|
|
|
|
have to reauthenticate on every request.
|
|
|
|
"""
|
|
|
|
if user is None:
|
|
|
|
user = request.user
|
|
|
|
# TODO: It would be nice to support different login methods, like signed cookies.
|
2010-11-26 21:33:27 +08:00
|
|
|
user_logged_in.send(sender=user.__class__, request=request, user=user)
|
2008-08-21 21:54:53 +08:00
|
|
|
|
|
|
|
if SESSION_KEY in request.session:
|
|
|
|
if request.session[SESSION_KEY] != user.id:
|
|
|
|
# To avoid reusing another user's session, create a new, empty
|
|
|
|
# session if the existing session corresponds to a different
|
|
|
|
# authenticated user.
|
|
|
|
request.session.flush()
|
|
|
|
else:
|
|
|
|
request.session.cycle_key()
|
2006-06-29 00:37:02 +08:00
|
|
|
request.session[SESSION_KEY] = user.id
|
|
|
|
request.session[BACKEND_SESSION_KEY] = user.backend
|
2007-06-15 09:53:40 +08:00
|
|
|
if hasattr(request, 'user'):
|
|
|
|
request.user = user
|
2006-06-29 00:37:02 +08:00
|
|
|
|
|
|
|
def logout(request):
|
|
|
|
"""
|
2008-08-14 11:58:00 +08:00
|
|
|
Removes the authenticated user's ID from the request and flushes their
|
|
|
|
session data.
|
2006-06-29 00:37:02 +08:00
|
|
|
"""
|
2010-11-26 21:33:27 +08:00
|
|
|
# Dispatch the signal before the user is logged out so the receivers have a
|
|
|
|
# chance to find out *who* logged out.
|
|
|
|
user = getattr(request, 'user', None)
|
|
|
|
if hasattr(user, 'is_authenticated') and not user.is_authenticated():
|
|
|
|
user = None
|
|
|
|
user_logged_out.send(sender=user.__class__, request=request, user=user)
|
|
|
|
|
2008-08-14 11:58:00 +08:00
|
|
|
request.session.flush()
|
2007-06-15 09:53:40 +08:00
|
|
|
if hasattr(request, 'user'):
|
|
|
|
from django.contrib.auth.models import AnonymousUser
|
|
|
|
request.user = AnonymousUser()
|
2006-06-29 00:37:02 +08:00
|
|
|
|
|
|
|
def get_user(request):
|
|
|
|
from django.contrib.auth.models import AnonymousUser
|
|
|
|
try:
|
|
|
|
user_id = request.session[SESSION_KEY]
|
|
|
|
backend_path = request.session[BACKEND_SESSION_KEY]
|
|
|
|
backend = load_backend(backend_path)
|
|
|
|
user = backend.get_user(user_id) or AnonymousUser()
|
|
|
|
except KeyError:
|
|
|
|
user = AnonymousUser()
|
|
|
|
return user
|