def authenticate(self, username=None, password=None): try: myproxy_logon(settings.ESGF_HOST, username, password, os.path.join(settings.PROXY_CERT_DIR, username + '.pem').encode("UTF-8"), lifetime=43200, port=settings.ESGF_PORT ) except GetException as e: # myproxy_logon failed, so return None instead of a User # # TODO: When Django 1.6 comes out, this should be changed to: # # raise PermissionDenied # # This will prevent the possibility of someone listing multiple # authentication backends in their settings.py, thus allowing an # attacker to authenticate as any user simply by using the default # password assigned to all users created by this auth backend. return None # if we make it here, the username and password were good # (myproxy_logon throws GetException if login fails) try: user = User.objects.get(username=username) except User.DoesNotExist: # Create a new user. Note that we can set password # to anything, because unless another authentication backend is # listed in settings.py's AUTHENTICATION_BACKENDS, this password # will never be seen. user = User(username=username, password='******') user.is_staff = False user.is_superuser = False user.save() return user
def authenticate(self, username=None, password=None, peernode=None): print "AUTHENTICATE NOW" try: cert_path=os.path.join(settings.PROXY_CERT_DIR,username) if not os.path.exists(cert_path): try: os.makedirs(cert_path) except: pass myproxy_logon(peernode, username, password, os.path.join(cert_path,username + '.pem').encode("UTF-8"), lifetime=43200, port=settings.ESGF_PORT ) print cert_path,username except GetException as e: print e # myproxy_logon failed, so return None instead of a User # # TODO: When Django 1.6 comes out, this should be changed to: # # raise PermissionDenied # # This will prevent the possibility of someone listing multiple # authentication backends in their settings.py, thus allowing an # attacker to authenticate as any user simply by using the default # password assigned to all users created by this auth backend. return None # if we make it here, the username and password were good # output .httprc file if .httprc is not found try: #cdms2.setHttprcDirectory(cert_path) homepath=os.environ['HOME'] filepath=os.path.join(homepath,".daprc") print filepath if not os.path.exists(filepath): dodsrc_cache_root=os.path.join(cert_path,".dods_cache") dodsrc_curl_ssl_certificate=os.path.join(cert_path,"%s.pem"%username) dodsrc_curl_ssl_key=os.path.join(cert_path,"%s.pem"%username) dodsrc_curl_ssl_capath=os.path.join(os.environ["HOME"],".esg","certificates") daprc_text="" daprc_text+="USE_CACHE=0\n" daprc_text+="MAX_CACHE_SIZE=20\n" daprc_text+="MAX_CACHED_OBJ=5\n" daprc_text+="IGNORE_EXPIRES=0\n" daprc_text+="CACHE_ROOT=%s/\n"%dodsrc_cache_root daprc_text+="DEFAULT_EXPIRES=86400\n" daprc_text+="ALWAYS_VALIDATE=0\n" daprc_text+="DEFLATE=0\n" daprc_text+="VALIDATE_SSL=1\n" daprc_text+="CURL.COOKIEJAR=.dods_cookies\n" daprc_text+="CURL.SSL.VALIDATE=1\n" daprc_text+="CURL.SSL.CERTIFICATE=%s\n"%dodsrc_curl_ssl_certificate daprc_text+="CURL.SSL.KEY=%s\n"%dodsrc_curl_ssl_key daprc_text+="CURL.SSL.CAPATH=%s\n"%dodsrc_curl_ssl_capath outfile=open(filepath, 'w') flock(outfile, LOCK_EX) outfile.write(daprc_text) flock(outfile, LOCK_UN) outfile.close() except Exception as e: print e print "Unable to locate .daprc\n" return None # if we make it here, the username and password were good # (myproxy_logon throws GetException if login fails) try: user = User.objects.get(username=username) except User.DoesNotExist: # Create a new user. Note that we can set password # to anything, because unless another authentication backend is # listed in settings.py's AUTHENTICATION_BACKENDS, this password # will never be seen. user = User(username=username, password='******') user.is_staff = False user.is_superuser = False user.save() return user