def atmo_login(request, *args, **kwargs):
if not request:
logger.debug("[NOREQUEST] User is being logged out because request" " is empty")
logger.debug("%s\n%s\n%s\n%s" % (request, args, kwargs, func))
return HttpResponseRedirect(settings.SERVER_URL + "/logout/")
if not request.session:
logger.debug("[NOSESSION] User is being logged out because session" " object does not exist in request")
logger.debug("%s\n%s\n%s\n%s" % (request, args, kwargs, func))
return HttpResponseRedirect(settings.SERVER_URL + "/logout/")
if not request.session.get("username"):
logger.debug("[NOUSER] User is being logged out because session" " did not include a username")
logger.debug("%s\n%s\n%s\n%s" % (request, args, kwargs, func))
return HttpResponseRedirect(settings.SERVER_URL + "/logout/")
# logger.info('atmo_login_required session info: %s'
# % request.session.__dict__)
logger.info(
"atmo_login_required authentication: %s" % request.session.get("username", "<Username not in session>")
)
username = request.session.get("username", None)
token = request.session.get("token", None)
redirect = kwargs.get("redirect", request.get_full_path())
emulator = request.session.get("emulated_by", None)
if emulator:
logger.info("Test emulator %s instead of %s" % (emulator, username))
logger.debug(request.session.__dict__)
# Authenticate the user (Force a CAS test)
user = authenticate(username=emulator, password="", auth_token=token, request=request)
# AUTHORIZED STAFF ONLY
if not user or not user.is_staff:
return HttpResponseRedirect(settings.SERVER_URL + "/logout/")
logger.info("Emulate success - Logging in %s" % user.username)
django_login(request, user)
return func(request, *args, **kwargs)
user = authenticate(username=username, password="", auth_token=token, request=request)
if not user:
logger.info("Could not authenticate user %s" % username)
return cas_loginRedirect(request, redirect)
django_login(request, user)
return func(request, *args, **kwargs)
def token_auth(request):
"""
VERSION 2 AUTH
Authentication is based on the POST parameters:
* Username (Required)
* Password (Not Required if CAS authenticated previously)
NOTE: This authentication is SEPARATE from
django model authentication
Use this to give out tokens to access the API
"""
token = request.POST.get("token", None)
username = request.POST.get("username", None)
# CAS authenticated user already has session data
# without passing any parameters
if not username:
username = request.session.get("username", None)
password = request.POST.get("password", None)
# LDAP Authenticate if password provided.
if username and password:
if ldap_validate(username, password):
token = create_token(username, issuer="API")
expireTime = token.issuedTime + auth_settings.TOKEN_EXPIRY_TIME
auth_json = {
"token": token.key,
"username": token.user.username,
"expires": expireTime.strftime("%b %d, %Y %H:%M:%S"),
}
return HttpResponse(content=json.dumps(auth_json), status=201, content_type="application/json")
else:
logger.debug("[LDAP] Failed to validate %s" % username)
return HttpResponse("LDAP login failed", status=401)
# logger.info("User %s already authenticated, renewing token"
# % username)
# ASSERT: Token exists here
if token:
expireTime = token.issuedTime + auth_settings.TOKEN_EXPIRY_TIME
auth_json = {
"token": token.key,
"username": token.user.username,
"expires": expireTime.strftime("%b %d, %Y %H:%M:%S"),
}
return HttpResponse(content=json.dumps(auth_json), content_type="application/json")
if not username and not password:
# The user and password were not found
# force user to login via CAS
return cas_loginRedirect(request, "/auth/")
if cas_validateUser(username):
logger.info("CAS User %s validated. Creating auth token" % username)
token = createAuthToken(username)
expireTime = token.issuedTime + auth_settings.TOKEN_EXPIRY_TIME
auth_json = {
"token": token.key,
"username": token.user.username,
"expires": expireTime.strftime("%b %d, %Y %H:%M:%S"),
}
return HttpResponse(content=json.dumps(auth_json), content_type="application/json")
else:
logger.debug("[CAS] Failed to validate - %s" % username)
return HttpResponse("CAS Login Failure", status=401)
