def _auth_is_authenticated(self, request):
"""Authenticate requests with existing users."""
if request.user.is_anonymous:
raise InvalidAudienceError('Token requires authenticated user.')
if self.login_mode == RequestToken.LOGIN_MODE_NONE:
return request
if request.user == self.user:
return request
raise InvalidAudienceError(
"RequestToken [%i] audience mismatch: '%s' != '%s'" %
(self.id, request.user, self.user))
def _auth_is_anonymous(self, request):
"""Authenticate anonymous requests."""
if request.user.is_authenticated:
raise InvalidAudienceError('Token requires anonymous user.')
if self.login_mode == RequestToken.LOGIN_MODE_NONE:
pass
if self.login_mode == RequestToken.LOGIN_MODE_REQUEST:
logger.debug(
'Setting request.user to %r from token %i.',
self.user, self.id
)
request.user = self.user
if self.login_mode == RequestToken.LOGIN_MODE_SESSION:
logger.debug(
'Authenticating request.user as %r from token %i.',
self.user, self.id
)
# I _think_ we can get away with this as we are pulling the
# user out of the DB, and we are explicitly authenticating
# the user.
self.user.backend = 'django.contrib.auth.backends.ModelBackend'
login(request, self.user)
return request