Moved Apache auth handler to django/contrib/auth/handlers/modpython.py
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1500 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
5066fe528c
commit
3cb20c45c7
|
@ -0,0 +1,44 @@
|
|||
from mod_python import apache
|
||||
import os
|
||||
|
||||
def authenhandler(req, **kwargs):
|
||||
"""
|
||||
Authentication handler that checks against Django's auth database.
|
||||
"""
|
||||
|
||||
# mod_python fakes the environ, and thus doesn't process SetEnv. This fixes
|
||||
# that so that the following import works
|
||||
os.environ.update(req.subprocess_env)
|
||||
|
||||
from django.models.auth import users
|
||||
|
||||
# check for PythonOptions
|
||||
_str_to_bool = lambda s: s.lower() in '1', 'true', 'on', 'yes'
|
||||
|
||||
options = req.get_options()
|
||||
permission_name = options.get('DjangoPermissionName', None)
|
||||
staff_only = _str_to_bool(options.get('DjangoRequireStaffStatus', "on"))
|
||||
superuser_only = _str_to_bool(options.get('DjangoRequireSuperuserStatus', "off"))
|
||||
|
||||
# check that the username is valid
|
||||
kwargs = {'username__exact': req.user, 'is_active__exact': True}
|
||||
if staff_only:
|
||||
kwargs['is_staff__exact'] = True
|
||||
if superuser_only:
|
||||
kwargs['is_superuser__exact'] = True
|
||||
try:
|
||||
user = users.get_object(**kwargs)
|
||||
except users.UserDoesNotExist:
|
||||
return apache.HTTP_UNAUTHORIZED
|
||||
|
||||
# check the password and any permission given
|
||||
if user.check_password(req.get_basic_auth_pw()):
|
||||
if permission_name:
|
||||
if user.has_perm(permission_name):
|
||||
return apache.OK
|
||||
else:
|
||||
return apache.HTTP_UNAUTHORIZED
|
||||
else:
|
||||
return apache.OK
|
||||
else:
|
||||
return apache.HTTP_UNAUTHORIZED
|
|
@ -163,46 +163,3 @@ def populate_apache_request(http_response, mod_python_req):
|
|||
def handler(req):
|
||||
# mod_python hooks into this function.
|
||||
return ModPythonHandler()(req)
|
||||
|
||||
def authenhandler(req, **kwargs):
|
||||
"""
|
||||
Authentication handler that checks against Django's auth database.
|
||||
"""
|
||||
from mod_python import apache
|
||||
|
||||
# mod_python fakes the environ, and thus doesn't process SetEnv. This fixes
|
||||
# that so that the following import works
|
||||
os.environ.update(req.subprocess_env)
|
||||
from django.models.auth import users
|
||||
|
||||
# check for PythonOptions
|
||||
_str_to_bool = lambda s: s.lower() in '1', 'true', 'on', 'yes'
|
||||
|
||||
options = req.get_options()
|
||||
permission_name = options.get('DjangoPermissionName', None)
|
||||
staff_only = _str_to_bool(options.get('DjangoRequireStaffStatus', "on"))
|
||||
superuser_only = _str_to_bool(options.get('DjangoRequireSuperuserStatus', "off"))
|
||||
|
||||
# check that the username is valid
|
||||
kwargs = {'username__exact': req.user, 'is_active__exact': True}
|
||||
if staff_only:
|
||||
kwargs['is_staff__exact'] = True
|
||||
if superuser_only:
|
||||
kwargs['is_superuser__exact'] = True
|
||||
try:
|
||||
user = users.get_object(**kwargs)
|
||||
except users.UserDoesNotExist:
|
||||
return apache.HTTP_UNAUTHORIZED
|
||||
|
||||
# check the password and any permission given
|
||||
if user.check_password(req.get_basic_auth_pw()):
|
||||
if permission_name:
|
||||
if user.has_perm(permission_name):
|
||||
return apache.OK
|
||||
else:
|
||||
return apache.HTTP_UNAUTHORIZED
|
||||
else:
|
||||
return apache.OK
|
||||
else:
|
||||
return apache.HTTP_UNAUTHORIZED
|
||||
|
|
@ -26,7 +26,7 @@ with the standard ``Auth*`` and ``Require`` directives::
|
|||
Require valid-user
|
||||
|
||||
SetEnv DJANGO_SETTINGS_MODULE mysite.settings
|
||||
PythonAuthenHandler django.core.handlers.modpython
|
||||
PythonAuthenHandler django.contrib.auth.handlers.modpython
|
||||
</Location>
|
||||
|
||||
By default, the authentication handler will limit access to the ``/example/``
|
||||
|
@ -49,7 +49,7 @@ location to users marked as staff members. You can use a set of
|
|||
Defaults to ``off``.
|
||||
|
||||
``DjangoPermissionName`` The name of a permission to require for
|
||||
access. See `custom permissions`_ for
|
||||
access. See `custom permissions`_ for
|
||||
more information.
|
||||
|
||||
By default no specific permission will be
|
||||
|
|
Loading…
Reference in New Issue