Esempio n. 1
0
def view_or_basicauth(view, request, realm = "", *args, **kwargs):
    if request.user.is_authenticated():
        return view(request, *args, **kwargs)
    auth = request.META.get('HTTP_AUTHORIZATION','').split()
    if len(auth) == 2 and auth[0].lower() == 'basic':
        try: # Browser based Auth
            uname, passwd = b64decode(auth[1]).split(':')
            user = authenticate(username=uname, password=passwd)
            if user != None and user.is_active:
                login(request, user) # ORLY?
                request.user = user
                return view(request, *args, **kwargs)
        except ValueError: # Can has Keyed Auth ????
            hash = b64decode(auth[1]) 
            try:
                host = get_ip(request)
                # Does key exist?
                user = Key.objects.get(key=hash,hostname=host).user
                # Does hash match?
                assert hash == get_hexdigest('sha1', host, user.username)
                # Then login if active
                if user.is_active:
                    user.backend = 'django.contrib.auth.backends.ModelBackend' 
                    login(request, user) # ORLY?
                    return view(request, *args, **kwargs)
            except (AssertionError, Key.DoesNotExist):
                # WTF!
                pass
    # NO WAI!!!
    response = HttpResponse('Not authorized')
    response.status_code = 401
    response['WWW-Authenticate'] = 'Basic realm="%s"' % realm
    return response
Esempio n. 2
0
 def create_from_transaction(self, request, response, msg):
     try:
         msg = unicode(msg[:100])
     except UnicodeDecodeError:
         msg = quote(msg[:100])[:100]
     user = None
     if hasattr(request, 'user'):
         user = request.user
     return self.create(
         ip = apibuilder.get_ip(request),
         path = request.path[:255],
         user = user,
         query = urlencode(request.GET.items()),
         status_code = response.status_code,
         comment = msg,
         method = request.method
     )