def test_authenticate_fail(self):
self.moxx.StubOutWithMock(ModelBackend, 'get_user')
ModelBackend.get_user(self.user.pk).AndReturn(None)
self.moxx.ReplayAll()
user = utils.authenticate_without_password(self.user)
self.moxx.VerifyAll()
self.assertEqual(user, None)
class ElectionAuthBackend(object):
"""
Authenticate against django.contrib.auth.backends.ModelBackend AND ipauth.backend.RangeBackend
Users must pass both sets of authentication to use the system
"""
supports_anonymous_user = False
ipauth_backend = None
model_backend = None
def __init__(self):
self.ipauth_backend = RangeBackend()
self.model_backend = ModelBackend()
def authenticate(self, username=None, password=None, ip=None):
"""
Authenticate against multiple backends AND'd together
TODO: Election admin
"""
model_user = self.model_backend.authenticate(username=username, password=password)
ip_user = self.ipauth_backend.authenticate(ip=ip)
#print 'model_user', repr(model_user)
#print 'model_user groups', repr(model_user.groups.all())
#print 'ip_user', repr(ip_user)
admin_group = Group.objects.filter(name='ADMIN').all()
if admin_group.count() > 0:
admin_group = admin_group[0]
else:
admin_group = None
if not model_user:
return None
if model_user.is_superuser or model_user.is_staff: # Super admin
return model_user
if model_user.groups.count() > 0 and admin_group in model_user.groups.all(): # Election admin
return model_user
#if ip_user is None:
#print 'Your IP=%s is not in the IPAuth' % (ip, )
#return None
return model_user
def get_group_permissions(self, user_obj):
"""
Returns a set of permission strings that this user has through his/her
groups.
"""
return self.model_backend.get_group_permissions(user_obj)
def get_all_permissions(self, user_obj):
return self.model_backend.get_all_permissions(user_obj)
def has_perm(self, user_obj, perm):
return self.model_backend.has_perm(user_obj, perm)
def has_module_perms(self, user_obj, app_label):
return self.model_backend.has_module_perms(user_obj, app_label)
def get_user(self, user_id):
return self.model_backend.get_user(user_id)
def get_session(self, sid, authenticated=False):
self.env.log.debug('Retrieving session for ID %r', sid)
#db = self.env.get_db_cnx()
#cursor = db.cursor()
ss = DjangoSessionStore(session_key=sid)
if not ss.exists(sid):
ss.load()
ss.save()
sid = ss.session_key
self.env.log.warning('create new django session')
self.sid = sid
self.authenticated = authenticated
try:
ds = DjangoSession.objects.get(pk=sid)
if not ds:
return
session_data = ds.get_decoded()
if session_data.has_key('_auth_user_id'):
mb = DjangoModelBackend()
self.django_user_data = mb.get_user(session_data['_auth_user_id'])
self.authenticated = self.django_user_data.is_authenticated()
self.last_visit = int(mktime(self.django_user_data.last_login.timetuple()))
self.env.log.debug('authenticated as %s',self.django_user_data.username)
else:
self.django_user_data = DjangoAnonymousUser()
self.last_visit = int(mktime(gmtime()))
self.env.log.debug('anonymous request')
except DjangoSession.objects.model.DoesNotExist:
self.env.log.error('session does not exist')
self._new = False
def get_user(self, user_id):
auth_method = ModelBackend()
user = auth_method.get_user(user_id)
#TODO: Add merkabah security hooks Check ban status, ipbans, etc
return user
