From 28284d79a266e190912800a98769f1bd0cf8c733 Mon Sep 17 00:00:00 2001
From: Branson Stephens <stephenb@uwm.edu>
Date: Fri, 16 Nov 2012 10:17:54 -0600
Subject: [PATCH] Reverted to Kerberos auth and wiped out local changes to
django.wsgi.
---
django.wsgi | 8 ++---
gracedb/middleware/auth.py | 64 ++++++++++++++++++--------------------
settings/default.py | 18 +++--------
3 files changed, 37 insertions(+), 53 deletions(-)
diff --git a/django.wsgi b/django.wsgi
index 284114891..4adfa98a0 100644
--- a/django.wsgi
+++ b/django.wsgi
@@ -6,11 +6,9 @@ os.environ['DJANGO_SETTINGS_MODULE'] = 'settings'
# Sandbox libs here, if required.
#
-#sys.path.append('/home/lars/wsgi-sandbox/lib/python2.6')
-#sys.path.append('/home/lars/wsgi-sandbox/lib/python2.6/site-packages')
-sys.path.append('/home/branson/sandbox/lib/python2.6')
-sys.path.append('/home/branson/sandbox/lib/python2.6/site-packages')
-sys.path.append('/home/branson/gracedbdev')
+sys.path.append('/home/lars/wsgi-sandbox/lib/python2.6')
+sys.path.append('/home/lars/wsgi-sandbox/lib/python2.6/site-packages')
+sys.path.append('/home/gracedb/graceproj')
import django.core.handlers.wsgi
application = django.core.handlers.wsgi.WSGIHandler()
diff --git a/gracedb/middleware/auth.py b/gracedb/middleware/auth.py
index 9e83a85f5..0e2fb2d41 100644
--- a/gracedb/middleware/auth.py
+++ b/gracedb/middleware/auth.py
@@ -19,42 +19,38 @@ class LigoAuthMiddleware:
ligouser = None
user = None
+ principal = request.META.get('REMOTE_USER')
+ certdn = request.META.get('SSL_CLIENT_S_DN')
+ issuer = request.META.get('SSL_CLIENT_I_DN')
+
+ if not certdn:
+ try:
+ # mod_python is a little off...
+ # SSL info is in request._req
+ # Need to try/except because _req is
+ # not defined in WSGI request.
+ certdn = request._req.ssl_var_lookup ('SSL_CLIENT_S_DN')
+ issuer = request._req.ssl_var_lookup ('SSL_CLIENT_I_DN')
+ pass
+ except:
+ pass
+
queryResult = []
- if not request.user.is_anonymous():
- # Scott's middleware has set the user aready using shib.
- # Let's add some more attributes.
- principal = request.user.username
- request.user.name = nameFromPrincipal(principal)
+ if principal:
+ # Kerberos.
queryResult = User.objects.filter(principal=principal)
- else:
- # authenticate with certs
- certdn = request.META.get('SSL_CLIENT_S_DN')
- issuer = request.META.get('SSL_CLIENT_I_DN')
-
- if not certdn:
- try:
- # mod_python is a little off...
- # SSL info is in request._req
- # Need to try/except because _req is
- # not defined in WSGI request.
- certdn = request._req.ssl_var_lookup ('SSL_CLIENT_S_DN')
- issuer = request._req.ssl_var_lookup ('SSL_CLIENT_I_DN')
- pass
- except:
- pass
-
- if certdn and certdn.startswith(issuer):
- # proxy.
- # Proxies can be signed by proxies.
- # Each level of "proxification" causes the subject
- # to have a '/CN=[0-9]+ appended to the signers subject.
- # These must be removed to discover the original identity's
- # subject DN.
- issuer = proxyPattern.match(issuer).group(1)
- queryResult = User.objects.filter(dn=issuer)
- elif certdn:
- # cert in browser.
- queryResult = User.objects.filter(dn=certdn)
+ elif certdn and certdn.startswith(issuer):
+ # proxy.
+ # Proxies can be signed by proxies.
+ # Each level of "proxification" causes the subject
+ # to have a '/CN=[0-9]+ appended to the signers subject.
+ # These must be removed to discover the original identity's
+ # subject DN.
+ issuer = proxyPattern.match(issuer).group(1)
+ queryResult = User.objects.filter(dn=issuer)
+ elif certdn:
+ # cert in browser.
+ queryResult = User.objects.filter(dn=certdn)
if queryResult:
ligouser = queryResult[0]
diff --git a/settings/default.py b/settings/default.py
index acc9a0829..3a93f89bb 100644
--- a/settings/default.py
+++ b/settings/default.py
@@ -54,9 +54,8 @@ SKYALERT_DESCRIPTION = "LIGO / Virgo trigger"
SKYALERT_SUBMITTERS = ['Patrick Brady', 'Brian Moe']
-#GRACEDB_DATA_DIR = "/mnt/gracedb-web/data"
+GRACEDB_DATA_DIR = "/mnt/gracedb-web/data"
#GRACEDB_DATA_DIR = "/mnt/gracedb-web-temp/data"
-GRACEDB_DATA_DIR = "/home/branson/fake_data"
# Latency histograms. Where they go and max latency to bin.
LATENCY_REPORT_DEST_DIR = "/home/gracedb/data/latency"
@@ -142,8 +141,7 @@ TEMPLATE_LOADERS = (
#'django.template.loaders.filesystem.load_template_source',
# replaced by...
'django.template.loaders.filesystem.Loader',
-# 'django.template.loaders.app_directories.load_template_source',
- 'django.template.loaders.app_directories.Loader',
+ 'django.template.loaders.app_directories.load_template_source',
# 'django.template.loaders.eggs.load_template_source',
)
@@ -160,23 +158,15 @@ TEMPLATE_CONTEXT_PROCESSORS = (
'middleware.debug.LigoDebugContext',
)
-AUTHENTICATION_BACKENDS = (
- 'gracedb.middleware.auth.LigoAuthBackend',
- 'ligodjangoauth.LigoShibbolethAuthBackend',
- 'django.contrib.auth.backends.ModelBackend',
-)
-
-SHIB_AUTHENTICATION_SESSION_INITIATOR = 'https://moe.phys.uwm.edu/Shibboleth.sso/Login'
+AUTHENTICATION_BACKENDS = ('gracedb.middleware.auth.LigoAuthBackend',)
MIDDLEWARE_CLASSES = [
'middleware.accept.AcceptMiddleware',
+ 'gracedb.middleware.auth.LigoAuthMiddleware',
'middleware.cli.CliExceptionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
- 'django.contrib.messages.middleware.MessageMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
- 'ligodjangoauth.LigoShibbolethMiddleware',
- 'gracedb.middleware.auth.LigoAuthMiddleware',
]
ROOT_URLCONF = 'urls'
--
GitLab