def authenticate(self, username=None, password=None, request=None):
"""
Return user if validated by LDAP.
Return None otherwise.
"""
#First argument, username, should hold the OAuth Token, no password.
# if 'username' in username, the authentication is meant for CAS
# if username and password, the authentication is meant for LDAP
logger.debug("[OAUTH] Authentication Test")
if not request:
logger.debug("[OAUTH] Authentication skipped - No Request.")
return None
auth = request.META.get('HTTP_AUTHORIZATION', '').split()
if len(auth) == 2 and auth[0].lower() == "Bearer":
oauth_token = auth[1]
logger.debug("[OAUTH] OAuth Token - %s " % oauth_token)
valid_user, _ = get_user_for_token(oauth_token)
if not valid_user:
logger.debug("[OAUTH] Token %s invalid, no user found."
% oauth_token)
return None
logger.debug("[OAUTH] Authorized user %s" % valid_user)
oauth_attrs = oauth_lookupUser(valid_user)
attributes = oauth_formatAttrs(oauth_attrs)
logger.debug("[OAUTH] Authentication Success - " + valid_user)
return get_or_create_user(valid_user, attributes)
def validate_oauth_token(token, request=None):
"""
Validates the token attached to the request (SessionStorage, GET/POST)
On every request, ask OAuth to authorize the token
"""
#Authorization test
username, expires = get_user_for_token(token)
if not username:
return False
auth_token = createOAuthToken(username, token, expires)
logger.info("AuthToken for %s:%s" % (username, auth_token))
if not auth_token:
return False
return True
def validate_oauth_token(token, request=None):
"""
Validates the token attached to the request (SessionStorage, GET/POST)
On every request, ask OAuth to authorize the token
"""
#Authorization test
username, expires = get_user_for_token(token)
if not username:
return False
auth_token = createOAuthToken(username, token, expires)
logger.info("AuthToken for %s:%s" % (username,auth_token))
if not auth_token:
return False
return True
