def perm_grant(request):
g_id = request.GET.get('g_id', '')
u_id = request.GET.get('u_id', '')
mypermissions = MyPermission.objects.filter(parent__isnull=True).order_by('order_id')
if g_id:
obj = Group.objects.get(id=g_id)
perms = obj.permissions.values_list('content_type__app_label', 'codename').order_by()
perms = set("%s.%s" % (ct, name) for ct, name in perms)
if u_id:
obj = MyUser.objects.get(id=u_id)
perms = ModelBackend().get_all_permissions(obj)
if request.method == "POST":
ids = request.POST.get('ids', '').split(',')
ids = filter(lambda s: s.isdigit(), ids)
permissions = []
for p in MyPermission.objects.filter(id__in=ids):
permissions.append(p.permission)
if g_id:
obj.permissions.clear()
obj.permissions = permissions
else:
obj.user_permissions.clear()
obj.user_permissions = permissions
messages.add_message(request, messages.SUCCESS, u'信息修改成功')
# return HttpResponseRedirect(reverse('user_list'))
return HttpResponseRedirect(request.get_full_path())
return render(request, "perm/perm_grant.html", {
'mypermissions': mypermissions,
'myperms': perms,
'obj': obj,
})
def authenticate(self, **kwargs):
log.info("Authenticating: %(username)s" % kwargs)
try:
user = RemoteDrupalBackend().authenticate(**kwargs)
if user is None:
log.info(
"Remote Auth Rejected, trying local user list: %(username)s"
% kwargs)
# Then... Remote failed, try local model
#return super(DualAuthBackend, self).authenticate(self,
# **kwargs)
return ModelBackend().authenticate(**kwargs)
else:
# Remote succeeded, but we're still cautious and refuse
# this one password out of abundance of prudence
log.info(" " * 5 +
"Remote Auth Accepted: %(username)s" % kwargs)
return user
except PermissionDenied:
log.warn(" " * 5 +
"Full Abort after remote Auth for user: %(username)s" %
kwargs)
raise # abort abort abort!
except:
raise
log.warn(" " * 5 +
"Other error in remote Auth for user: %(username)s" %
kwargs)
return None
def test_anonymous_has_no_permissions(self):
"""
#17903 -- Anonymous users shouldn't have permissions in
ModelBackend.get_(all|user|group)_permissions().
"""
backend = ModelBackend()
user = self.UserModel._default_manager.get(pk=self.user.pk)
content_type = ContentType.objects.get_for_model(Group)
user_perm = Permission.objects.create(name='test', content_type=content_type, codename='test_user')
group_perm = Permission.objects.create(name='test2', content_type=content_type, codename='test_group')
user.user_permissions.add(user_perm)
group = Group.objects.create(name='test_group')
user.groups.add(group)
group.permissions.add(group_perm)
self.assertEqual(backend.get_all_permissions(user), {'auth.test_user', 'auth.test_group'})
self.assertEqual(backend.get_user_permissions(user), {'auth.test_user'})
self.assertEqual(backend.get_group_permissions(user), {'auth.test_group'})
with mock.patch.object(self.UserModel, 'is_anonymous', True):
self.assertEqual(backend.get_all_permissions(user), set())
self.assertEqual(backend.get_user_permissions(user), set())
self.assertEqual(backend.get_group_permissions(user), set())
def favhtml(request):
"""点赞"""
userid = request.session.get('_auth_user_id', None)
cacheuserdic = cache.get(userid, None)
if not cacheuserdic:
return False
if not cacheuserdic['is_login']:
weiboresponeobj = weiborespone.is_favor(nid='',
status=False,
message="登录超时,请重新登录")
return HttpResponse(json.dumps(weiboresponeobj.dic()))
if request.method == 'GET':
favid = request.GET.get('id', None)
userobj = ModelBackend().get_user(user_id=userid)
weibocontenobj = models_server.WeiboContent()
ret = weibocontenobj.is_favor(favid, userobj)
if not ret:
weiboresponeobj = weiborespone.is_favor(nid='',
status=False,
message="已经点过赞了亲")
else:
weiboresponeobj = weiborespone.is_favor(nid='',
status=True,
message="")
return HttpResponse(json.dumps(weiboresponeobj.dic()))
elif request.method == 'POST':
pass
def picture_video(request):
"""图片视频上传视图"""
userid = request.session.get('_auth_user_id', None)
userobj = ModelBackend().get_user(user_id=userid)
fileobj = user_file.userfile(user_obj=userobj)
filepath = fileobj.filepath
if userobj:
if request.method == 'GET':
if os.path.isdir(filepath):
shutil.rmtree((filepath))
os.makedirs(filepath)
else:
os.makedirs(filepath)
return HttpResponse('ok')
elif request.method == 'POST':
try:
obj = request.FILES.get('PVFile')
fileabspath = os.path.join(
filepath, '%s%s%s' %
(encryption(obj.name), '.', str(obj.name).split('.')[-1]))
f = open(fileabspath, 'wb')
for chunk in obj.chunks():
f.write(chunk)
f.close()
pvfileresponeobj = weiborespone.PVFile(
status=True,
message='上传成功',
filepath=str(fileabspath).split('user')[-1])
except Exception as e:
pvfileresponeobj = weiborespone.PVFile(status=False,
message='上传失败',
filepath=str(e))
return HttpResponse(json.dumps(pvfileresponeobj.dic()))
class RestrictiveBackend(object):
""" Allows restricting permissions on per-object basis.
For objects, checks object permissions first. If none found checks model
permissions. Works pretty much as usual for model permissions.
NOTE: Make sure this is the only authentication backend providing
permissions or it won't work, since Django will ask all backends and just
needs one backend to return True in order to grant the permission.
If no permissions are found at all, returns the value of the
USERS_LOGGED_IN_HAS_PERM setting, or False if it's not set. Set this to
True if you want to allow everything that is not restricted on a per-object
level, as long as the user is logged in. Remember, you can control
anonymous user permissions separately. See the ANONYMOUS_USER_ID setting
(from django-guardian) and the USERS_ANONYMOUS_GROUP setting.
Supports ban list through the optional USERS_BANNED_GROUP setting. Note
that users in this group will not have ANY permissions, regardless of
what the group's permissions are set to. It is only a way to indicate which
users are banned and does not behave like a regular group when it comes
to permissions.
Uses django-guardian internally to check object permissions and the default
django.contrib.auth.backends.ModelBackend for model permissions.
"""
supports_object_permissions = True
supports_anonymous_user = True
supports_inactive_user = True
_object_backend = ObjectPermissionBackend()
_model_backend = ModelBackend()
def authenticate(self, username=None, password=None):
return None
def is_banned(self, user_obj):
return (BANNED_GROUP
and user_obj.groups.filter(name=BANNED_GROUP).exists())
def has_perm(self, user_obj, perm, obj=None):
default_has_perm = False
if user_obj.is_authenticated():
default_has_perm = LOGGED_IN_HAS_PERM
else:
user_obj = User.objects.get(pk=ANONYMOUS_USER_ID)
if not user_obj.is_active:
return False
if user_obj.is_superuser:
return True
if self.is_banned(user_obj):
return False
if obj and self.object_has_perms(obj):
return self._object_backend.has_perm(user_obj, perm, obj)
has_model_perm = self._model_backend.has_perm(user_obj, perm)
return has_model_perm or default_has_perm
def object_has_perms(self, obj):
return (
GroupObjectPermission.objects.filter(object_pk=obj.pk).exists()
or UserObjectPermission.objects.filter(object_pk=obj.pk).exists())
def test_non_browserid_user(self):
# If the current user was not authenticated via
# django-browserid, userEmail should be empty.
user = auth.models.User.objects.create_user('asdf', '*****@*****.**')
response = self.info(user, ModelBackend())
response_data = json.loads(smart_text(response.content))
eq_(response_data['userEmail'], '')
def test_inactive_has_no_permissions(self):
"""
#17903 -- Inactive users shouldn't have permissions in
ModelBackend.get_(all|user|group)_permissions().
"""
backend = ModelBackend()
user = self.UserModel._default_manager.get(pk=self.user.pk)
content_type = ContentType.objects.get_for_model(Group)
user_perm = Permission.objects.create(name='test',
content_type=content_type,
codename='test_user')
group_perm = Permission.objects.create(name='test2',
content_type=content_type,
codename='test_group')
user.user_permissions.add(user_perm)
group = Group.objects.create(name='test_group')
user.groups.add(group)
group.permissions.add(group_perm)
self.assertEqual(backend.get_all_permissions(user),
{'auth.test_user', 'auth.test_group'})
self.assertEqual(backend.get_user_permissions(user),
{'auth.test_user', 'auth.test_group'})
self.assertEqual(backend.get_group_permissions(user),
{'auth.test_group'})
user.is_active = False
user.save()
self.assertEqual(backend.get_all_permissions(user), set())
self.assertEqual(backend.get_user_permissions(user), set())
self.assertEqual(backend.get_group_permissions(user), set())
def identify_operatorfinger(request):
obj_template = request.REQUEST.get("template10", "")
mathpro = windll.LoadLibrary("match.dll")
if obj_template:
from ctypes import create_string_buffer
obj_template = create_string_buffer(obj_template)
tmps = OperatorTemplate.objects.filter(fpversion=10) #比对时只取10.0
if tmps:
for t in tmps:
try:
source_template = t.template1
source_template = create_string_buffer(source_template)
math_result = mathpro.process10(source_template, obj_template)
if math_result == FP_IDENTIFY_SUCCESS:
user = t.user
backend = ModelBackend()
user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)
return t
elif math_result == FP_NO_LICENCES:
return math_result
except:
import traceback; traceback.print_exc()
return FP_IDENTIFY_FAILED
else:
return FP_IDENTIFY_FAILED
def post(self, request):
form = AccessTokenForm.create_from_request(request)
if not form.is_valid():
raise ValidationException(request, form)
backend = ModelBackend()
user = backend.authenticate(request,
username=form.cleaned_data['username'],
password=form.cleaned_data['password'])
if not user:
raise UnauthorizedException(request)
access_token = JWTFactory(user.pk).access()
jti, refresh_token = JWTFactory(user.pk).refresh()
redis = Redis(host=settings.REDIS_HOST,
port=settings.REDIS_PORT,
db=settings.REDIS_DATABASE)
redis.set(f"refresh_token:{jti}", jti)
redis.expire(f"refresh_token:{jti}",
settings.SECURED_VIEW_JWT_REFRESH_TOKEN_EXPIRATION)
return SingleResponse(request, {
'access_token': access_token,
'refresh_token': refresh_token
},
status=HTTPStatus.OK)
def comhtml(request):
"""评论"""
userid = request.session.get('_auth_user_id', None)
cacheuserdic = cache.get(userid, None)
if not cacheuserdic or not cacheuserdic['is_login']:
weiboresponeobj = weiborespone.is_com(comlist='',
status=False,
message="登录超时,请重新登录")
return HttpResponse(json.dumps(weiboresponeobj.dic()))
if request.method == 'GET':
comid = request.GET.get('id', None)
text = request.GET.get('text', None)
userobj = ModelBackend().get_user(user_id=userid)
weibocontenobj = models_server.WeiboContent()
if text:
ret = weibocontenobj.is_comment(weibo_id=comid,
userobj=userobj,
comment=text)
else:
ret = weibocontenobj.select_comment(comid)
weiboresponeobj = weiborespone.is_com(comlist=ret,
status=True,
message="")
return HttpResponse(json.dumps(weiboresponeobj.dic()))
elif request.method == 'POST':
pass
def test_create_active_user(db):
"""Should authenticate users in active state."""
user = UserAccount.objects.create_user(**DEFAULT_PARAMETERS)
parameters = DEFAULT_PARAMETERS.copy()
password = parameters.pop("password")
assert ModelBackend().authenticate(request=None,
username=user.email,
password=password)
def login_password(request, username, password):
"""login_password(username, password): session_id"""
backend = ModelBackend()
user = backend.authenticate(username, password)
if user is None:
raise PermissionDenied("Invalid username or password.")
user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)
django.contrib.auth.login(request, user)
return request.session.session_key
def login(request):
"""登录视图"""
if request.method == 'GET':
pass
elif request.method == 'POST':
"""登录判断"""
username = request.POST.get('username', None)
password = request.POST.get('password', None)
loginrespone = userrespone.loginespone()
if username and password:
obj = models_server.UserCollection()
ret = obj.is_login(request=request,
username=username,
password=password)
if ret:
user_id = request.session['_auth_user_id']
request.session['id_login'] = True
loginrespone.status = True
sessionrequestobj = sessionrespone.sessionrespone(
user_id=user_id)
cache.set(user_id,
sessionrequestobj.dic(),
timeout=config.cache['redis_timeout'])
usercollobj = models_server.UserCollection()
newmess_push.start('%s%s' % (str(
usercollobj.mymess(
ModelBackend().get_user(user_id=user_id)).id), 'mq'))
else:
loginrespone.status = False
loginrespone.message = "用户名或密码错误"
else:
loginrespone.status = False
loginrespone.message = "用户名或密码不能为空"
return HttpResponse(json.dumps(loginrespone.dic()))
elif request.method == 'PUT':
"""更改密码"""
username = request.POST.get('username', None)
old_password = request.POST.get('old_password', None)
new_password = request.POST.get('new_password', None)
if username and old_password and new_password:
obj = models_server.UserCollection()
ret = obj.put_passwd(username=username,
old_password=old_password,
new_password=new_password)
print(ret)
return
elif request.method == 'DELETE':
"""退出用户登录"""
userid = request.session.get('_auth_user_id', None)
cache.set(userid, {'is_login': False}, timeout=5)
obj = models_server.UserCollection()
ret = obj.is_logout(request)
return redirect('/index/', permanent=True)
def loginPOST(req):
form = req.POST
nexturl = form.get('next', '/')
kwds = {}
kwds['username'] = form.get('uid', '') or form.get('username', '')
kwds['password'] = form.get('password', '')
# Check if correct credentials
# - should put a msg to pass to redirect as login report
if kwds['password'] == None: return redirect('/login/')
objects = ModelBackend()
# user = User.objects.authenticate(kwds['username'], kwds['password'])
user = objects.authenticate(kwds['username'], kwds['password'])
# user_list = objects.all()
print "user_list:"
print User.objects.all()
print "username:%s, pwd:%s" % (kwds['username'], kwds['password'])
# Check if user in group for redirect
# - should put a msg to pass to redirect as login report
group = user.groups.all().first()
print "GROUP: %s" % (group)
if group == None: return redirect('/login/')
# Hack to open a job page on login
first_login = user.date_joined == user.last_login
print "user.date_joined == user.last_login => first_login:%s" % first_login
if (first_login):
from mcsimulator.models import Job, Simulation
simulations = Simulation.objects
sim = simulations.get(name__startswith=group)
print "SIM:%s" % sim
print " id: %s" % sim.id
print " name: %s" % sim.name
print " simgroup: %s" % sim.simgroup
print " displayname: %s" % sim.displayname
print " params:"
for k, v in sim.params.items():
print " key:%s, val:%s" % (k, v)
# got a simulation that is relevent to the user now build and save a job for them
job_ref = "%s_%s_%s" % (datetime.datetime.now().strftime(
"%Y%m%d%H%M%S"), sim.name(), user.name)
Job.new(job_ref, sim, 0, 1000, 1000, sim.id).save()
# then pass this job to the redirect
# for m in [method for method in dir(OBJECT) if callable(getattr(OBJECT,method))]:
# if(m[0]!="_"):print m
# End of Job ref hack
if user is None or not user.is_active:
return redirect('/login/Invalid_credentials')
else:
user.backend = 'django.contrib.auth.backends.ModelBackend'
login(req, user)
return redirect(nexturl + job_ref)
def get_user(request):
"""
Returns the user model instance associated with the given request token.
If no user is retrieved an instance of `AnonymousUser` is returned.
"""
if hasattr(request, 'token'):
user_id = request.token.user.pk
user = ModelBackend().get_user(user_id) or AnonymousUser()
else:
user = AnonymousUser()
return user
def validate(self, attrs):
username = attrs.get('username')
password = attrs.get('password')
if password and password:
is_correct = bool(ModelBackend().authenticate(request=self.request,
username=username,
password=password))
if not is_correct:
raise serializers.ValidationError(
'Incorrect login and password combination.')
return attrs
def test_anonymous_has_no_permissions(self):
"""Anonymous users shouldn't have permissions in ModelBackend
#17903 -- Anonymous users shouldn't have permissions in
ModelBackend.get_(all|user|group)_permissions().
https://code.djangoproject.com/ticket/17903
"""
backend = ModelBackend()
user = self.UserModel._default_manager.get(pk=self.user.pk)
content_type = ContentType.objects.get_for_model(Group)
user_perm = Permission.objects.create(name="test",
content_type=content_type,
codename="test_user")
group_perm = Permission.objects.create(name="test2",
content_type=content_type,
codename="test_group")
user.user_permissions.add(user_perm)
group = Group.objects.create(name="test_group")
user.groups.add(group)
group.permissions.add(group_perm)
self.assertEqual(
backend.get_all_permissions(user),
{"auth.test_user", "auth.test_group"},
)
# Django 2.0 avoids cache permission problems
# https://code.djangoproject.com/ticket/28713
# https://github.com/django/django/pull/9242
if DJANGO_VERSION >= (2, 0):
self.assertEqual(backend.get_user_permissions(user),
{"auth.test_user"})
else:
self.assertEqual(
backend.get_user_permissions(user),
{"auth.test_user", "auth.test_group"},
)
self.assertEqual(backend.get_group_permissions(user),
{"auth.test_group"})
# In Django 1.10, is_anonymous became a property.
if DJANGO_VERSION >= (1, 10):
is_anon_mock = True
else:
is_anon_mock = lambda s: True # noqa: E731
with patch.object(self.UserModel, "is_anonymous", is_anon_mock):
self.assertEqual(backend.get_all_permissions(user), set())
self.assertEqual(backend.get_user_permissions(user), set())
self.assertEqual(backend.get_group_permissions(user), set())
def authenticate(self, request):
incoming = extract_incoming(request)
if not isinstance(incoming, dict):
raise AuthenticationFailed()
username, password = incoming.get(USERNAME), incoming.get(PASSWORD)
if not username or not password:
return None
user = ModelBackend().authenticate(request, username, password)
if user is None:
raise AuthenticationFailed('%s or %s is incorrect.' %
(USERNAME, PASSWORD))
if not user.is_active:
raise AuthenticationFailed("Invalid Login.")
return user, None
def authenticate(self, username, password, backend_cls=None):
if not backend_cls:
class EveryoneCanActAs(ActAsBackend):
def can_act_as(self, auth_user, user):
return True
backend_cls = EveryoneCanActAs
backend = backend_cls()
with patched_get_backends([backend, ModelBackend()]):
return auth_through_backend(backend,
username=username,
password=password)
class Meta:
queryset = Product.objects.all()
list_allowed_methods = ['get', 'post']
detail_allowed_methods = ['get', 'put', 'delete']
serializer = Serializer(formats=['json'])
authentication = CustomAuthentication(backend=ModelBackend())
authorization = DjangoAuthorization()
excludes = [
'is_active',
'is_staff',
'is_superuser',
'date_joined',
'last_login'
]
def post(self, request, *kwargs):
"""..."""
print(request.user)
post = request.POST
auth_backend = ModelBackend()
user = auth_backend.authenticate(request, post.get('email'),
post.get('password'))
print(user)
login(request, user)
return JsonResponse({'status': 'success'})
def test_inactive_has_no_permissions(self):
"""Inactive users shouldn't have permissions in ModelBackend
#17903 -- Inactive users shouldn't have permissions in
ModelBackend.get_(all|user|group)_permissions().
https://code.djangoproject.com/ticket/17903
"""
backend = ModelBackend()
user = self.UserModel._default_manager.get(pk=self.user.pk)
content_type = ContentType.objects.get_for_model(Group)
user_perm = Permission.objects.create(name="test",
content_type=content_type,
codename="test_user")
group_perm = Permission.objects.create(name="test2",
content_type=content_type,
codename="test_group")
user.user_permissions.add(user_perm)
group = Group.objects.create(name="test_group")
user.groups.add(group)
group.permissions.add(group_perm)
self.assertEqual(
backend.get_all_permissions(user),
{"auth.test_user", "auth.test_group"},
)
# Django 2.0 avoids cache permission problems
# https://code.djangoproject.com/ticket/28713
# https://github.com/django/django/pull/9242
if DJANGO_VERSION >= (2, 0):
self.assertEqual(backend.get_user_permissions(user),
{"auth.test_user"})
else:
self.assertEqual(
backend.get_user_permissions(user),
{"auth.test_user", "auth.test_group"},
)
self.assertEqual(backend.get_group_permissions(user),
{"auth.test_group"})
user.is_active = False
user.save()
self.assertEqual(backend.get_all_permissions(user), set())
self.assertEqual(backend.get_user_permissions(user), set())
self.assertEqual(backend.get_group_permissions(user), set())
def validate(self, data):
# The `validate` method is where we make sure that the current
# instance of `LoginSerializer` has "valid". In the case of logging a
# user in, this means validating that they've provided an email
# and password and that this combination matches one of the users in
# our database.
email = data.get('email', None)
password = data.get('password', None)
if email is None:
raise serializers.ValidationError(
'An email address is required to log in.')
if password is None:
raise serializers.ValidationError(
'A password is required to log in.')
# The `authenticate` method is provided by Django and handles checking
# for a user that matches this email/password combination.
# we pass `email` as the `username` value since in our User
# model we set `USERNAME_FIELD` as `email`.
# we use the authenticate method of the ModelBackend class in order to
# mock it in tests and avoid hitting the database when unit testing this
# serializer. The None value represents the request argument of the method
user = ModelBackend().authenticate(None,
username=email,
password=password)
if user is None:
raise NotFound('A user with this email and password was not found')
# purpose of this flag is to tell us whether the user has been banned
# or deactivated.
if not user.is_active:
raise serializers.ValidationError('This user has been deactivated')
return {
'email': user.email,
'username': user.username,
'token': user.token,
'profile': user.profile,
}
def menu_filter(request):
user = request.user
menus = ModelBackend().get_all_permissions(user_obj=user)
can_menus = {
'menus': [],
}
for menu in menus:
if str(menu).split('.')[0] == 'plug_ins':
menu = Permission.objects.get(codename=str(menu).split('.')[-1])
if menu.codename.split('_')[0] == 'view':
can_menus['menus'].append({
'id':
menu.codename.split('view_')[-1],
'url':
'/xadmin/ta/%s/' %
menu.codename.split('view_')[-1].replace('menu', '')
})
return can_menus
def test_anonymous_has_no_permissions(self):
"""
#17903 -- Anonymous users shouldn't have permissions in
ModelBackend.get_(all|user|group)_permissions().
"""
backend = ModelBackend()
user = self.UserModel._default_manager.get(pk=self.user.pk)
content_type = ContentType.objects.get_for_model(Group)
user_perm = Permission.objects.create(name='test',
content_type=content_type,
codename='test_user')
group_perm = Permission.objects.create(name='test2',
content_type=content_type,
codename='test_group')
user.user_permissions.add(user_perm)
group = Group.objects.create(name='test_group')
user.groups.add(group)
group.permissions.add(group_perm)
self.assertEqual(backend.get_all_permissions(user),
{'auth.test_user', 'auth.test_group'})
self.assertEqual(backend.get_user_permissions(user),
{'auth.test_user', 'auth.test_group'})
self.assertEqual(backend.get_group_permissions(user),
{'auth.test_group'})
# In Django 1.10, is_anonymous became a property.
is_anon = self.UserModel.is_anonymous
if django.VERSION >= (1, 10):
self.UserModel.is_anonymous = True
else:
user.is_anonymous = lambda: True
self.assertEqual(backend.get_all_permissions(user), set())
self.assertEqual(backend.get_user_permissions(user), set())
self.assertEqual(backend.get_group_permissions(user), set())
self.UserModel.is_anonymous = is_anon
def user_login(request):
if request.method == 'POST':
username = request.POST.get('username')
password = request.POST.get('password')
UserModel = get_user_model()
user = UserModel._default_manager.get_by_natural_key(username)
mb = ModelBackend()
user = authenticate(username=username,
password=password,
request=request)
if user:
if user.is_active:
login(request, user)
return HttpResponseRedirect(reverse('home'))
else:
return HttpResponse("ACCOUNT NOT ACTIVE")
else:
print("Someone tried to login and failed")
return HttpResponse("Invalid login details")
else:
return render(request, 'accounts/login.html', {})
.. moduleauthor:: Gerson Galang <*****@*****.**>
'''
import logging
from django.contrib.auth.models import User, Group
from django.contrib.auth.backends import ModelBackend
from tardis.tardis_portal.auth.interfaces import AuthProvider, GroupProvider, UserProvider
logger = logging.getLogger(__name__)
auth_key = u'localdb'
auth_display_name = u'Local DB'
_modelBackend = ModelBackend()
class DjangoAuthBackend(AuthProvider):
"""Authenticate against Django's Model Backend.
"""
def authenticate(self, request):
"""authenticate a user, this expect the user will be using
form based auth and the *username* and *password* will be
passed in as **POST** variables.
:param request: a HTTP Request instance
:type request: :class:`django.http.HttpRequest`
"""
username = request.POST['username']
def check_global_permission(user: User, perm: str) -> bool:
"""Check whether a user has a global permission."""
return ModelBackend().has_perm(user, perm)
def authenticate(self, *args, **kwargs):
if django.VERSION[0] >= 2 or (django.VERSION[0] == 1
and django.VERSION[1] >= 11):
assert len(args) > 0 and args[0]
return ModelBackend().authenticate(*args, **kwargs)
