def atmo_login(request, *args, **kwargs): if not request: logger.debug("[NOREQUEST] User is being logged out because request" " is empty") logger.debug("%s\n%s\n%s\n%s" % (request, args, kwargs, func)) return HttpResponseRedirect(settings.SERVER_URL + "/logout/") if not request.session: logger.debug("[NOSESSION] User is being logged out because session" " object does not exist in request") logger.debug("%s\n%s\n%s\n%s" % (request, args, kwargs, func)) return HttpResponseRedirect(settings.SERVER_URL + "/logout/") if not request.session.get("username"): logger.debug("[NOUSER] User is being logged out because session" " did not include a username") logger.debug("%s\n%s\n%s\n%s" % (request, args, kwargs, func)) return HttpResponseRedirect(settings.SERVER_URL + "/logout/") # logger.info('atmo_login_required session info: %s' # % request.session.__dict__) logger.info( "atmo_login_required authentication: %s" % request.session.get("username", "<Username not in session>") ) username = request.session.get("username", None) token = request.session.get("token", None) redirect = kwargs.get("redirect", request.get_full_path()) emulator = request.session.get("emulated_by", None) if emulator: logger.info("Test emulator %s instead of %s" % (emulator, username)) logger.debug(request.session.__dict__) # Authenticate the user (Force a CAS test) user = authenticate(username=emulator, password="", auth_token=token, request=request) # AUTHORIZED STAFF ONLY if not user or not user.is_staff: return HttpResponseRedirect(settings.SERVER_URL + "/logout/") logger.info("Emulate success - Logging in %s" % user.username) django_login(request, user) return func(request, *args, **kwargs) user = authenticate(username=username, password="", auth_token=token, request=request) if not user: logger.info("Could not authenticate user %s" % username) return cas_loginRedirect(request, redirect) django_login(request, user) return func(request, *args, **kwargs)
def token_auth(request): """ VERSION 2 AUTH Authentication is based on the POST parameters: * Username (Required) * Password (Not Required if CAS authenticated previously) NOTE: This authentication is SEPARATE from django model authentication Use this to give out tokens to access the API """ token = request.POST.get("token", None) username = request.POST.get("username", None) # CAS authenticated user already has session data # without passing any parameters if not username: username = request.session.get("username", None) password = request.POST.get("password", None) # LDAP Authenticate if password provided. if username and password: if ldap_validate(username, password): token = create_token(username, issuer="API") expireTime = token.issuedTime + auth_settings.TOKEN_EXPIRY_TIME auth_json = { "token": token.key, "username": token.user.username, "expires": expireTime.strftime("%b %d, %Y %H:%M:%S"), } return HttpResponse(content=json.dumps(auth_json), status=201, content_type="application/json") else: logger.debug("[LDAP] Failed to validate %s" % username) return HttpResponse("LDAP login failed", status=401) # logger.info("User %s already authenticated, renewing token" # % username) # ASSERT: Token exists here if token: expireTime = token.issuedTime + auth_settings.TOKEN_EXPIRY_TIME auth_json = { "token": token.key, "username": token.user.username, "expires": expireTime.strftime("%b %d, %Y %H:%M:%S"), } return HttpResponse(content=json.dumps(auth_json), content_type="application/json") if not username and not password: # The user and password were not found # force user to login via CAS return cas_loginRedirect(request, "/auth/") if cas_validateUser(username): logger.info("CAS User %s validated. Creating auth token" % username) token = createAuthToken(username) expireTime = token.issuedTime + auth_settings.TOKEN_EXPIRY_TIME auth_json = { "token": token.key, "username": token.user.username, "expires": expireTime.strftime("%b %d, %Y %H:%M:%S"), } return HttpResponse(content=json.dumps(auth_json), content_type="application/json") else: logger.debug("[CAS] Failed to validate - %s" % username) return HttpResponse("CAS Login Failure", status=401)