Skip to content
Snippets Groups Projects
Commit 2af4a52e authored by Branson Stephens's avatar Branson Stephens
Browse files

Added a second call to the django auth middleware after the gracedb LigoAuthMiddleware

parent 16d5d6f1
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
gracedb/middleware/auth.py
+ 34
30
View file @ 2af4a52e
......@@ -19,38 +19,42 @@ class LigoAuthMiddleware:
ligouser = None
user = None
principal = request.META.get('REMOTE_USER')
certdn = request.META.get('SSL_CLIENT_S_DN')
issuer = request.META.get('SSL_CLIENT_I_DN')
if not certdn:
try:
# mod_python is a little off...
# SSL info is in request._req
# Need to try/except because _req is
# not defined in WSGI request.
certdn = request._req.ssl_var_lookup ('SSL_CLIENT_S_DN')
issuer = request._req.ssl_var_lookup ('SSL_CLIENT_I_DN')
pass
except:
pass
queryResult = []
if principal:
# Kerberos.
if (request.user):
# Scott's middleware has set the user aready using shib.
# Let's add some more attributes.
principal = request.user.username
request.user.name = nameFromPrincipal(principal)
queryResult = User.objects.filter(principal=principal)
elif certdn and certdn.startswith(issuer):
# proxy.
# Proxies can be signed by proxies.
# Each level of "proxification" causes the subject
# to have a '/CN=[0-9]+ appended to the signers subject.
# These must be removed to discover the original identity's
# subject DN.
issuer = proxyPattern.match(issuer).group(1)
queryResult = User.objects.filter(dn=issuer)
elif certdn:
# cert in browser.
queryResult = User.objects.filter(dn=certdn)
else:
# authenticate with certs
certdn = request.META.get('SSL_CLIENT_S_DN')
issuer = request.META.get('SSL_CLIENT_I_DN')
if not certdn:
try:
# mod_python is a little off...
# SSL info is in request._req
# Need to try/except because _req is
# not defined in WSGI request.
certdn = request._req.ssl_var_lookup ('SSL_CLIENT_S_DN')
issuer = request._req.ssl_var_lookup ('SSL_CLIENT_I_DN')
pass
except:
pass
if certdn and certdn.startswith(issuer):
# proxy.
# Proxies can be signed by proxies.
# Each level of "proxification" causes the subject
# to have a '/CN=[0-9]+ appended to the signers subject.
# These must be removed to discover the original identity's
# subject DN.
issuer = proxyPattern.match(issuer).group(1)
queryResult = User.objects.filter(dn=issuer)
elif certdn:
# cert in browser.
queryResult = User.objects.filter(dn=certdn)
if queryResult:
ligouser = queryResult[0]
......
settings/default.py
+ 8
3
View file @ 2af4a52e
......@@ -161,18 +161,23 @@ TEMPLATE_CONTEXT_PROCESSORS = (
)
AUTHENTICATION_BACKENDS = (
'django.contrib.auth.backends.ModelBackend',
'gracedb.middleware.auth.LigoAuthBackend',
'ligodjangoauth.LigoShibbolethAuthBackend',
'django.contrib.auth.backends.ModelBackend',
)
SHIB_AUTHENTICATION_SESSION_INITIATOR = 'https://moe.phys.uwm.edu/Shibboleth.sso/Login'
MIDDLEWARE_CLASSES = [
'middleware.accept.AcceptMiddleware',
'gracedb.middleware.auth.LigoAuthMiddleware',
'middleware.cli.CliExceptionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'ligodjangoauth.LigoShibbolethMiddleware',
'gracedb.middleware.auth.LigoAuthMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
]
ROOT_URLCONF = 'urls'
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment