Reverted to Kerberos auth and wiped out local changes to django.wsgi.

28284d79 · Branson Stephens · 9c187847 · 28284d79 · 28284d79 · 28284d79
Commit 28284d79 authored 12 years ago by Branson Stephens
--- a/django.wsgi
+++ b/django.wsgi
@@ -6,11 +6,9 @@ os.environ['DJANGO_SETTINGS_MODULE'] = 'settings'
 # Sandbox libs here, if required.
 #

-#sys.path.append('/home/lars/wsgi-sandbox/lib/python2.6')
-#sys.path.append('/home/lars/wsgi-sandbox/lib/python2.6/site-packages')
-sys.path.append('/home/branson/sandbox/lib/python2.6')
-sys.path.append('/home/branson/sandbox/lib/python2.6/site-packages')
-sys.path.append('/home/branson/gracedbdev')
+sys.path.append('/home/lars/wsgi-sandbox/lib/python2.6')
+sys.path.append('/home/lars/wsgi-sandbox/lib/python2.6/site-packages')
+sys.path.append('/home/gracedb/graceproj')

 import django.core.handlers.wsgi
 application = django.core.handlers.wsgi.WSGIHandler()

--- a/gracedb/middleware/auth.py
+++ b/gracedb/middleware/auth.py
@@ -19,42 +19,38 @@ class LigoAuthMiddleware:
        ligouser = None
        user = None

+        principal = request.META.get('REMOTE_USER')
+        certdn = request.META.get('SSL_CLIENT_S_DN')
+        issuer = request.META.get('SSL_CLIENT_I_DN')
+
+        if not certdn:
+            try:
+                # mod_python is a little off...
+                # SSL info is in request._req
+                # Need to try/except because _req is
+                # not defined in WSGI request.
+                certdn = request._req.ssl_var_lookup ('SSL_CLIENT_S_DN')
+                issuer = request._req.ssl_var_lookup ('SSL_CLIENT_I_DN')
+                pass
+            except:
+                pass
+
        queryResult = []
-        if not request.user.is_anonymous():
-            # Scott's middleware has set the user aready using shib.
-            # Let's add some more attributes.
-            principal = request.user.username
-            request.user.name = nameFromPrincipal(principal)
+        if principal:
+            # Kerberos.
            queryResult = User.objects.filter(principal=principal)
-        else:
-            # authenticate with certs
-            certdn = request.META.get('SSL_CLIENT_S_DN')
-            issuer = request.META.get('SSL_CLIENT_I_DN')
-
-            if not certdn:
-                try:
-                    # mod_python is a little off...
-                    # SSL info is in request._req
-                    # Need to try/except because _req is
-                    # not defined in WSGI request.
-                    certdn = request._req.ssl_var_lookup ('SSL_CLIENT_S_DN')
-                    issuer = request._req.ssl_var_lookup ('SSL_CLIENT_I_DN')
-                    pass
-                except:
-                    pass
-
-            if certdn and certdn.startswith(issuer):
-                # proxy.
-                # Proxies can be signed by proxies.
-                # Each level of "proxification" causes the subject
-                # to have a '/CN=[0-9]+ appended to the signers subject.
-                # These must be removed to discover the original identity's
-                # subject DN.
-                issuer = proxyPattern.match(issuer).group(1)
-                queryResult = User.objects.filter(dn=issuer)
-            elif certdn:
-                # cert in browser.
-                queryResult = User.objects.filter(dn=certdn)
+        elif certdn and certdn.startswith(issuer):
+            # proxy.
+            # Proxies can be signed by proxies.
+            # Each level of "proxification" causes the subject
+            # to have a '/CN=[0-9]+ appended to the signers subject.
+            # These must be removed to discover the original identity's
+            # subject DN.
+            issuer = proxyPattern.match(issuer).group(1)
+            queryResult = User.objects.filter(dn=issuer)
+        elif certdn:
+            # cert in browser.
+            queryResult = User.objects.filter(dn=certdn)

        if queryResult:
            ligouser = queryResult[0]

--- a/settings/default.py
+++ b/settings/default.py
@@ -54,9 +54,8 @@ SKYALERT_DESCRIPTION   = "LIGO / Virgo trigger"
 SKYALERT_SUBMITTERS = ['Patrick Brady', 'Brian Moe']


-#GRACEDB_DATA_DIR = "/mnt/gracedb-web/data"
+GRACEDB_DATA_DIR = "/mnt/gracedb-web/data"
 #GRACEDB_DATA_DIR = "/mnt/gracedb-web-temp/data"
-GRACEDB_DATA_DIR = "/home/branson/fake_data"

 # Latency histograms.  Where they go and max latency to bin.
 LATENCY_REPORT_DEST_DIR = "/home/gracedb/data/latency"
@@ -142,8 +141,7 @@ TEMPLATE_LOADERS = (
    #'django.template.loaders.filesystem.load_template_source',
    # replaced by...
    'django.template.loaders.filesystem.Loader',
-#    'django.template.loaders.app_directories.load_template_source',
-    'django.template.loaders.app_directories.Loader',
+    'django.template.loaders.app_directories.load_template_source',
 #     'django.template.loaders.eggs.load_template_source',
 )

@@ -160,23 +158,15 @@ TEMPLATE_CONTEXT_PROCESSORS = (
    'middleware.debug.LigoDebugContext',
 )

-AUTHENTICATION_BACKENDS = (
-    'gracedb.middleware.auth.LigoAuthBackend',
-    'ligodjangoauth.LigoShibbolethAuthBackend',
-    'django.contrib.auth.backends.ModelBackend',
-)
-
-SHIB_AUTHENTICATION_SESSION_INITIATOR = 'https://moe.phys.uwm.edu/Shibboleth.sso/Login'
+AUTHENTICATION_BACKENDS = ('gracedb.middleware.auth.LigoAuthBackend',)

 MIDDLEWARE_CLASSES = [
    'middleware.accept.AcceptMiddleware',
+    'gracedb.middleware.auth.LigoAuthMiddleware',
    'middleware.cli.CliExceptionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
-    'django.contrib.messages.middleware.MessageMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
-    'ligodjangoauth.LigoShibbolethMiddleware',
-    'gracedb.middleware.auth.LigoAuthMiddleware',
 ]

 ROOT_URLCONF = 'urls'