mirror of
				https://github.com/django/django.git
				synced 2025-10-24 14:16:09 +00:00 
			
		
		
		
	Moved Apache auth handler to django/contrib/auth/handlers/modpython.py
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1500 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
		
							
								
								
									
										0
									
								
								django/contrib/auth/handlers/__init__.py
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										0
									
								
								django/contrib/auth/handlers/__init__.py
									
									
									
									
									
										Normal file
									
								
							
							
								
								
									
										44
									
								
								django/contrib/auth/handlers/modpython.py
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										44
									
								
								django/contrib/auth/handlers/modpython.py
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,44 @@ | |||||||
|  | from mod_python import apache | ||||||
|  | import os | ||||||
|  |  | ||||||
|  | def authenhandler(req, **kwargs): | ||||||
|  |     """ | ||||||
|  |     Authentication handler that checks against Django's auth database. | ||||||
|  |     """ | ||||||
|  |  | ||||||
|  |     # mod_python fakes the environ, and thus doesn't process SetEnv.  This fixes | ||||||
|  |     # that so that the following import works | ||||||
|  |     os.environ.update(req.subprocess_env) | ||||||
|  |  | ||||||
|  |     from django.models.auth import users | ||||||
|  |  | ||||||
|  |     # check for PythonOptions | ||||||
|  |     _str_to_bool = lambda s: s.lower() in '1', 'true', 'on', 'yes' | ||||||
|  |  | ||||||
|  |     options = req.get_options() | ||||||
|  |     permission_name = options.get('DjangoPermissionName', None) | ||||||
|  |     staff_only = _str_to_bool(options.get('DjangoRequireStaffStatus', "on")) | ||||||
|  |     superuser_only = _str_to_bool(options.get('DjangoRequireSuperuserStatus', "off")) | ||||||
|  |  | ||||||
|  |     # check that the username is valid | ||||||
|  |     kwargs = {'username__exact': req.user, 'is_active__exact': True} | ||||||
|  |     if staff_only: | ||||||
|  |         kwargs['is_staff__exact'] = True | ||||||
|  |     if superuser_only: | ||||||
|  |         kwargs['is_superuser__exact'] = True | ||||||
|  |     try: | ||||||
|  |         user = users.get_object(**kwargs) | ||||||
|  |     except users.UserDoesNotExist: | ||||||
|  |         return apache.HTTP_UNAUTHORIZED | ||||||
|  |  | ||||||
|  |     # check the password and any permission given | ||||||
|  |     if user.check_password(req.get_basic_auth_pw()): | ||||||
|  |         if permission_name: | ||||||
|  |             if user.has_perm(permission_name): | ||||||
|  |                 return apache.OK | ||||||
|  |             else: | ||||||
|  |                 return apache.HTTP_UNAUTHORIZED | ||||||
|  |         else: | ||||||
|  |             return apache.OK | ||||||
|  |     else: | ||||||
|  |         return apache.HTTP_UNAUTHORIZED | ||||||
| @@ -163,46 +163,3 @@ def populate_apache_request(http_response, mod_python_req): | |||||||
| def handler(req): | def handler(req): | ||||||
|     # mod_python hooks into this function. |     # mod_python hooks into this function. | ||||||
|     return ModPythonHandler()(req) |     return ModPythonHandler()(req) | ||||||
|  |  | ||||||
| def authenhandler(req, **kwargs): |  | ||||||
|     """ |  | ||||||
|     Authentication handler that checks against Django's auth database. |  | ||||||
|     """ |  | ||||||
|     from mod_python import apache |  | ||||||
|      |  | ||||||
|     # mod_python fakes the environ, and thus doesn't process SetEnv.  This fixes  |  | ||||||
|     # that so that the following import works |  | ||||||
|     os.environ.update(req.subprocess_env) |  | ||||||
|     from django.models.auth import users |  | ||||||
|      |  | ||||||
|     # check for PythonOptions |  | ||||||
|     _str_to_bool = lambda s: s.lower() in '1', 'true', 'on', 'yes' |  | ||||||
|      |  | ||||||
|     options = req.get_options() |  | ||||||
|     permission_name = options.get('DjangoPermissionName', None) |  | ||||||
|     staff_only = _str_to_bool(options.get('DjangoRequireStaffStatus', "on")) |  | ||||||
|     superuser_only = _str_to_bool(options.get('DjangoRequireSuperuserStatus', "off")) |  | ||||||
|      |  | ||||||
|     # check that the username is valid |  | ||||||
|     kwargs = {'username__exact': req.user, 'is_active__exact': True} |  | ||||||
|     if staff_only: |  | ||||||
|         kwargs['is_staff__exact'] = True |  | ||||||
|     if superuser_only: |  | ||||||
|         kwargs['is_superuser__exact'] = True |  | ||||||
|     try: |  | ||||||
|         user = users.get_object(**kwargs) |  | ||||||
|     except users.UserDoesNotExist: |  | ||||||
|         return apache.HTTP_UNAUTHORIZED |  | ||||||
|          |  | ||||||
|     # check the password and any permission given |  | ||||||
|     if user.check_password(req.get_basic_auth_pw()): |  | ||||||
|         if permission_name: |  | ||||||
|             if user.has_perm(permission_name): |  | ||||||
|                 return apache.OK |  | ||||||
|             else: |  | ||||||
|                 return apache.HTTP_UNAUTHORIZED |  | ||||||
|         else: |  | ||||||
|             return apache.OK |  | ||||||
|     else: |  | ||||||
|         return apache.HTTP_UNAUTHORIZED |  | ||||||
|      |  | ||||||
| @@ -7,12 +7,12 @@ dealing with Apache, you can configuring Apache to authenticate against Django's | |||||||
| `authentication system`_ directly.  For example, you could: | `authentication system`_ directly.  For example, you could: | ||||||
|  |  | ||||||
|     * Serve media files directly from Apache only to authenticated users. |     * Serve media files directly from Apache only to authenticated users. | ||||||
|      |  | ||||||
|     * Authenticate access to a Subversion_ repository against Django users with |     * Authenticate access to a Subversion_ repository against Django users with | ||||||
|       a certain permission. |       a certain permission. | ||||||
|        |  | ||||||
|     * Allow certain users to connect to a WebDAV share created with mod_dav_. |     * Allow certain users to connect to a WebDAV share created with mod_dav_. | ||||||
|          |  | ||||||
| Configuring Apache | Configuring Apache | ||||||
| ================== | ================== | ||||||
|  |  | ||||||
| @@ -24,9 +24,9 @@ with the standard ``Auth*`` and ``Require`` directives:: | |||||||
|         AuthType basic |         AuthType basic | ||||||
|         AuthName "example.com" |         AuthName "example.com" | ||||||
|         Require valid-user |         Require valid-user | ||||||
|          |  | ||||||
|         SetEnv DJANGO_SETTINGS_MODULE mysite.settings |         SetEnv DJANGO_SETTINGS_MODULE mysite.settings | ||||||
|         PythonAuthenHandler django.core.handlers.modpython |         PythonAuthenHandler django.contrib.auth.handlers.modpython | ||||||
|     </Location> |     </Location> | ||||||
|  |  | ||||||
| By default, the authentication handler will limit access to the ``/example/`` | By default, the authentication handler will limit access to the ``/example/`` | ||||||
| @@ -37,26 +37,26 @@ location to users marked as staff members.  You can use a set of | |||||||
|     ``PythonOption``                  Explanation |     ``PythonOption``                  Explanation | ||||||
|     ================================  ========================================= |     ================================  ========================================= | ||||||
|     ``DjangoRequireStaffStatus``      If set to ``on`` only "staff" users (i.e. |     ``DjangoRequireStaffStatus``      If set to ``on`` only "staff" users (i.e. | ||||||
|                                       those with the ``is_staff`` flag set)  |                                       those with the ``is_staff`` flag set) | ||||||
|                                       will be allowed. |                                       will be allowed. | ||||||
|                                        |  | ||||||
|                                       Defaults to ``on``. |                                       Defaults to ``on``. | ||||||
|  |  | ||||||
|     ``DjangoRequireSuperuserStatus``  If set to ``on`` only superusers (i.e. |     ``DjangoRequireSuperuserStatus``  If set to ``on`` only superusers (i.e. | ||||||
|                                       those with the ``is_superuser`` flag set) |                                       those with the ``is_superuser`` flag set) | ||||||
|                                       will be allowed. |                                       will be allowed. | ||||||
|                                        |  | ||||||
|                                       Defaults to ``off``. |                                       Defaults to ``off``. | ||||||
|      |  | ||||||
|     ``DjangoPermissionName``          The name of a permission to require for |     ``DjangoPermissionName``          The name of a permission to require for | ||||||
|                                       access.  See `custom permissions`_ for |                                       access. See `custom permissions`_ for | ||||||
|                                       more information. |                                       more information. | ||||||
|                                        |  | ||||||
|                                       By default no specific permission will be |                                       By default no specific permission will be | ||||||
|                                       required. |                                       required. | ||||||
|     ================================  ========================================= |     ================================  ========================================= | ||||||
|      |  | ||||||
| .. _authentication system: http://www.djangoproject.com/documentation/authentication/ | .. _authentication system: http://www.djangoproject.com/documentation/authentication/ | ||||||
| .. _Subversion: http://subversion.tigris.org/ | .. _Subversion: http://subversion.tigris.org/ | ||||||
| .. _mod_dav: http://httpd.apache.org/docs/2.0/mod/mod_dav.html | .. _mod_dav: http://httpd.apache.org/docs/2.0/mod/mod_dav.html | ||||||
| .. _custom permissions: http://www.djangoproject.com/documentation/authentication/#custom-permissions | .. _custom permissions: http://www.djangoproject.com/documentation/authentication/#custom-permissions | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user