Commit 2e70518f authored by Tanner Prestegard's avatar Tanner Prestegard Committed by GraceDB

changes to work with gunicorn

parent e737cf70
import os, time, socket, logging
import os, time, logging
from os.path import abspath, dirname, join
from datetime import datetime, timedelta
from cloghandler import ConcurrentRotatingFileHandler
......@@ -43,7 +43,7 @@ USE_TZ = True
# hostname.ligo.org. Security measure for preventing cache poisoning and
# stopping requests submitted with a fake HTTP Host header.
ALLOWED_HOSTS = ['localhost', '127.0.0.1', SERVER_FQDN,
'{0}.ligo.org'.format(socket.gethostname())]
'{0}.ligo.org'.format(SERVER_HOSTNAME)]
# LVAlert and LVAlert Overseer settings ---------------------------------------
# Switches which control whether alerts are sent out
......
# Settings for a test GraceDB instance.
# Starts with base.py settings and overrides or adds to them.
from .base import *
import socket
CONFIG_NAME = "TEST"
......@@ -12,8 +13,9 @@ DEBUG = True
EMBB_MAIL_ADDRESS = 'gracedb@{fqdn}'.format(fqdn=SERVER_FQDN)
# Add middleware
debug_middleware = 'debug_toolbar.middleware.DebugToolbarMiddleware'
MIDDLEWARE += [
'debug_toolbar.middleware.DebugToolbarMiddleware',
debug_middleware,
#'core.middleware.profiling.ProfileMiddleware',
]
......@@ -23,10 +25,19 @@ INSTALLED_APPS += [
'django_extensions',
]
# Tuple of IPs which are marked as internal, useful for debugging
# Changed to a list in Django 1.9+
# Add XForwardedFor middleware directly before debug_toolbar middleware
# if debug_toolbar is enabled and DEBUG is True.
if DEBUG and debug_middleware in MIDDLEWARE:
MIDDLEWARE.insert(MIDDLEWARE.index(debug_middleware),
'middleware.proxy.XForwardedForMiddleware')
# Tuple of IPs which are marked as internal, useful for debugging.
# Tanner (5 Dec. 2017): DON'T CHANGE THIS! Django Debug Toolbar exposes
# some headers which we want to keep hidden. So to be safe, we only allow
# it to be used through this server. You need to configure a SOCKS proxy
# on your local machine to use DJDT (see admin docs).
INTERNAL_IPS = [
'129.89.57.200',
socket.gethostbyname(socket.gethostname()),
]
# Aliases for django-extensions shell_plus
......
from django.utils.deprecation import MiddlewareMixin
from django.conf import settings
from django.http import HttpResponse
class XForwardedForMiddleware(MiddlewareMixin):
def process_request(self, request):
if ('HTTP_X_FORWARDED_FOR' in request.META and settings.DEBUG and
'debug_toolbar' in settings.INSTALLED_APPS):
# If we're in debugging mode and the debug toolbar is on AND there
# is a forwarded IP address, then set REMOTE_ADDR to be the value
# of the HTTP_X_FORWARDED_FOR header. This allows the debug toolbar
# to work as expected. As of now, there is only one other place in
# the server code where REMOTE_ADDR is used, and it's handled
# properly, so this won't affect it.
request.META['REMOTE_ADDR'] = \
request.META['HTTP_X_FORWARDED_FOR'].split(",")[0].strip()
from django.contrib.auth.models import Group
def LigoAuthContext(request):
#return { 'ligouser' : request.ligouser, 'user' : request.user }
internal_groups = Group.objects.filter(name__in=['Communities:LSCVirgoLIGOGroupMembers', 'executives'])
......@@ -11,4 +10,3 @@ def LigoAuthContext(request):
user_is_internal = True
return { 'user' : request.user, 'user_is_internal' : user_is_internal }
return { 'ligouser' : request.user, 'user' : request.user }
......@@ -43,8 +43,13 @@ def get_client_ip(request):
def cert_dn_from_request(request):
"""Take a request, rummage through SSL_* headers, return the DN for the user."""
certdn = request.META.get('SSL_CLIENT_S_DN')
issuer = request.META.get('SSL_CLIENT_I_DN')
if request.META.get('HTTP_X_FORWARDED_FOR'):
certdn = request.META.get('HTTP_SSL_CLIENT_S_DN')
issuer = request.META.get('HTTP_SSL_CLIENT_I_DN')
else:
certdn = request.META.get('SSL_CLIENT_S_DN')
issuer = request.META.get('SSL_CLIENT_I_DN')
if not certdn:
try:
......@@ -70,10 +75,10 @@ def cert_dn_from_request(request):
def create_user_from_request(request):
user_dict = {
'username': request.META.get('REMOTE_USER'),
'email': request.META.get('mail', ''),
'first_name': request.META.get('givenName', ''),
'last_name': request.META.get('sn', ''),
'username': request.META.get('HTTP_REMOTE_USER'),
'email': request.META.get('HTTP_MAIL', ''),
'first_name': request.META.get('HTTP_GIVENNAME', ''),
'last_name': request.META.get('HTTP_SN', ''),
'password': 'X',
}
return User.objects.create(**user_dict)
......@@ -88,8 +93,7 @@ class LigoAuthMiddleware(MiddlewareMixin):
user = None
# An authenticated LIGO user will have one of these set.
remote_user = request.META.get('REMOTE_USER')
remote_user = request.META.get('HTTP_REMOTE_USER')
message = remote_user
dn = cert_dn_from_request(request)
......@@ -116,7 +120,7 @@ class LigoAuthMiddleware(MiddlewareMixin):
pass
# Update user groups
isMemberOf = request.META.get('isMemberOf',None)
isMemberOf = request.META.get('HTTP_ISMEMBEROF',None)
user_group_names = []
if isMemberOf:
user_group_names = isMemberOf.split(';')
......@@ -208,7 +212,8 @@ class LigoAuthMiddleware(MiddlewareMixin):
response = HttpResponse(json.dumps({'error': msg}), status=401)
response['WWW-Authenticate'] = 'Basic realm="/apibasic/"'
return response
return render('forbidden.html', {'error': message}, status=403)
return render(request, 'forbidden.html', status=403,
context={'error': message})
def process_response(self, request, response):
# If the user is connecting from one of the control rooms, remove him/her from
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment