def auth1_0(request): """ VERSION 1 AUTH -- DEPRECATED Authentication is based on the values passed in to the header. If successful, the request is passed on to auth_response CAS Authentication requires: "x-auth-user" AND "x-auth-cas" LDAP Authentication requires: "x-auth-user" AND "x-auth-key" NOTE(esteve): Should we just always attempt authentication by cas, then we dont send around x-auth-* headers.. """ logger.debug("Auth Request") if 'HTTP_X_AUTH_USER' in request.META\ and 'HTTP_X_AUTH_CAS' in request.META: username = request.META['HTTP_X_AUTH_USER'] if cas_validateUser(username): del request.META['HTTP_X_AUTH_CAS'] return auth_response(request) else: logger.debug("CAS login failed - %s" % username) return HttpResponse("401 UNAUTHORIZED", status=401) if 'HTTP_X_AUTH_KEY' in request.META\ and 'HTTP_X_AUTH_USER' in request.META: username = request.META['HTTP_X_AUTH_USER'] x_auth_key = request.META['HTTP_X_AUTH_KEY'] if ldap_validate(username, x_auth_key): return auth_response(request) else: logger.debug("LDAP login failed - %s" % username) return HttpResponse("401 UNAUTHORIZED", status=401) else: logger.debug("Request did not have User/Key" " or User/CAS in the headers") return HttpResponse("401 UNAUTHORIZED", status=401)
def authenticate(self, username=None, password=None, request=None): """ Return user if validated by LDAP. Return None otherwise. """ if not ldap_validate(username, password): logger.debug("LDAP Authentication failed - "+username) return None ldap_attrs = ldap_lookupUser(username) attributes = ldap_formatAttrs(ldap_attrs) return get_or_create_user(username, attributes)
def authenticate(self, username=None, password=None, request=None): """ Return user if validated by LDAP. Return None otherwise. """ # logger.debug("LDAPBackend-- U:%s P:%s R:%s" # % (username, password, request)) if not ldap_validate(username, password): logger.debug("LDAP Authentication failed - "+username) return None ldap_attrs = ldap_lookupUser(username) attributes = ldap_formatAttrs(ldap_attrs) logger.debug("[LDAP] Authentication Success - " + username) return get_or_create_user(username, attributes)
def authenticate(self, username=None, password=None, request=None): """ Return user if validated by LDAP. Return None otherwise. """ # logger.debug("LDAPBackend-- U:%s P:%s R:%s" # % (username, password, request)) if not ldap_validate(username, password): logger.debug("LDAP Authentication failed - " + username) return None ldap_attrs = ldap_lookupUser(username) attributes = ldap_formatAttrs(ldap_attrs) logger.debug("[LDAP] Authentication Success - " + username) return get_or_create_user(username, attributes)
def token_auth(request): """ VERSION 2 AUTH Authentication is based on the POST parameters: * Username (Required) * Password (Not Required if CAS authenticated previously) NOTE: This authentication is SEPARATE from django model authentication Use this to give out tokens to access the API """ logger.info('Request to auth') logger.info(request) token = request.POST.get('token', None) emulate_user = request.POST.get('emulate_user', None) username = request.POST.get('username', None) #CAS authenticated user already has session data #without passing any parameters if not username: username = request.session.get('username', None) password = request.POST.get('password', None) #LDAP Authenticate if password provided. if username and password: if ldap_validate(username, password): logger.info("LDAP User %s validated. Creating auth token" % username) token = createAuthToken(username) expireTime = token.issuedTime + secrets.TOKEN_EXPIRY_TIME auth_json = { 'token': token.key, 'username': token.user.username, 'expires': expireTime.strftime("%b %d, %Y %H:%M:%S") } return HttpResponse( content=json.dumps(auth_json), status=status.HTTP_201_CREATED, content_type='application/json') else: logger.debug("[LDAP] Failed to validate %s" % username) return HttpResponse("LDAP login failed", status=401) #if request.session and request.session.get('token'): # logger.info("User %s already authenticated, renewing token" % username) # token = validateToken(username, request.session.get('token')) #ASSERT: Token exists here if token: expireTime = token.issuedTime + secrets.TOKEN_EXPIRY_TIME auth_json = { 'token': token.key, 'username': token.user.username, 'expires': expireTime.strftime("%b %d, %Y %H:%M:%S") } return HttpResponse( content=json.dumps(auth_json), content_type='application/json') if not username and not password: #The user and password were not found #force user to login via CAS return cas_loginRedirect(request, '/auth/') #CAS Authenticate by Proxy (Password not necessary): if cas_validateUser(username): logger.info("CAS User %s validated. Creating auth token" % username) token = createAuthToken(username) expireTime = token.issuedTime + secrets.TOKEN_EXPIRY_TIME auth_json = { 'token': token.key, 'username': token.user.username, 'expires': expireTime.strftime("%b %d, %Y %H:%M:%S") } return HttpResponse( content=json.dumps(auth_json), content_type='application/json') else: logger.debug("[CAS] Failed to validate - %s" % username) return HttpResponse("CAS Login Failure", status=401)
def token_auth(request): """ VERSION 2 AUTH Authentication is based on the POST parameters: * Username (Required) * Password (Not Required if CAS authenticated previously) NOTE: This authentication is SEPARATE from django model authentication Use this to give out tokens to access the API """ logger.info('Request to auth') logger.info(request) token = None username = request.POST.get('username', None) #CAS authenticated user already has session data #without passing any parameters if not username: username = request.session.get('username', None) password = request.POST.get('password', None) #LDAP Authenticate if password provided. if username and password: if ldap_validate(username, password): logger.info("LDAP User %s validated. Creating auth token" % username) token = createAuthToken(username) expireTime = token.issuedTime + secrets.TOKEN_EXPIRY_TIME auth_json = { 'token': token.key, 'username': token.user.username, 'expires': expireTime.strftime("%b %d, %Y %H:%M:%S") } return HttpResponse( content=json.dumps(auth_json), status=status.HTTP_201_CREATED, content_type='application/json') else: logger.debug("[LDAP] Failed to validate %s" % username) return HttpResponse("LDAP login failed", status=401) #if request.session and request.session.get('token'): # logger.info("User %s already authenticated, renewing token" % username) # token = validateToken(username, request.session.get('token')) #ASSERT: Token exists here if token: expireTime = token.issuedTime + secrets.TOKEN_EXPIRY_TIME auth_json = { 'token': token.key, 'username': token.user.username, 'expires': expireTime.strftime("%b %d, %Y %H:%M:%S") } return HttpResponse( content=json.dumps(auth_json), content_type='application/json') if not username and not password: #The user and password were not found #force user to login via CAS return cas_loginRedirect(request, '/auth/') #CAS Authenticate by Proxy (Password not necessary): if cas_validateUser(username): logger.info("CAS User %s validated. Creating auth token" % username) token = createAuthToken(username) expireTime = token.issuedTime + secrets.TOKEN_EXPIRY_TIME auth_json = { 'token': token.key, 'username': token.user.username, 'expires': expireTime.strftime("%b %d, %Y %H:%M:%S") } return HttpResponse( content=json.dumps(auth_json), content_type='application/json') else: logger.debug("[CAS] Failed to validate - %s" % username) return HttpResponse("CAS Login Failure", status=401)
def token_auth(request): """ VERSION 2 AUTH Authentication is based on the POST parameters: * Username (Required) * Password (Not Required if CAS authenticated previously) NOTE: This authentication is SEPARATE from django model authentication Use this to give out tokens to access the API """ token = request.POST.get("token", None) username = request.POST.get("username", None) # CAS authenticated user already has session data # without passing any parameters if not username: username = request.session.get("username", None) password = request.POST.get("password", None) # LDAP Authenticate if password provided. if username and password: if ldap_validate(username, password): token = create_token(username, issuer="API") expireTime = token.issuedTime + auth_settings.TOKEN_EXPIRY_TIME auth_json = { "token": token.key, "username": token.user.username, "expires": expireTime.strftime("%b %d, %Y %H:%M:%S"), } return HttpResponse(content=json.dumps(auth_json), status=201, content_type="application/json") else: logger.debug("[LDAP] Failed to validate %s" % username) return HttpResponse("LDAP login failed", status=401) # logger.info("User %s already authenticated, renewing token" # % username) # ASSERT: Token exists here if token: expireTime = token.issuedTime + auth_settings.TOKEN_EXPIRY_TIME auth_json = { "token": token.key, "username": token.user.username, "expires": expireTime.strftime("%b %d, %Y %H:%M:%S"), } return HttpResponse(content=json.dumps(auth_json), content_type="application/json") if not username and not password: # The user and password were not found # force user to login via CAS return cas_loginRedirect(request, "/auth/") if cas_validateUser(username): logger.info("CAS User %s validated. Creating auth token" % username) token = createAuthToken(username) expireTime = token.issuedTime + auth_settings.TOKEN_EXPIRY_TIME auth_json = { "token": token.key, "username": token.user.username, "expires": expireTime.strftime("%b %d, %Y %H:%M:%S"), } return HttpResponse(content=json.dumps(auth_json), content_type="application/json") else: logger.debug("[CAS] Failed to validate - %s" % username) return HttpResponse("CAS Login Failure", status=401)