def auth1_0(request):
"""
VERSION 1 AUTH -- DEPRECATED
Authentication is based on the values passed in to the header.
If successful, the request is passed on to auth_response
CAS Authentication requires: "x-auth-user" AND "x-auth-cas"
LDAP Authentication requires: "x-auth-user" AND "x-auth-key"
NOTE(esteve): Should we just always attempt authentication by cas,
then we dont send around x-auth-* headers..
"""
logger.debug("Auth Request")
if 'HTTP_X_AUTH_USER' in request.META\
and 'HTTP_X_AUTH_CAS' in request.META:
username = request.META['HTTP_X_AUTH_USER']
if cas_validateUser(username):
del request.META['HTTP_X_AUTH_CAS']
return auth_response(request)
else:
logger.debug("CAS login failed - %s" % username)
return HttpResponse("401 UNAUTHORIZED", status=401)
if 'HTTP_X_AUTH_KEY' in request.META\
and 'HTTP_X_AUTH_USER' in request.META:
username = request.META['HTTP_X_AUTH_USER']
x_auth_key = request.META['HTTP_X_AUTH_KEY']
if ldap_validate(username, x_auth_key):
return auth_response(request)
else:
logger.debug("LDAP login failed - %s" % username)
return HttpResponse("401 UNAUTHORIZED", status=401)
else:
logger.debug("Request did not have User/Key"
" or User/CAS in the headers")
return HttpResponse("401 UNAUTHORIZED", status=401)
def auth1_0(request):
"""
VERSION 1 AUTH -- DEPRECATED
Authentication is based on the values passed in to the header.
If successful, the request is passed on to auth_response
CAS Authentication requires: "x-auth-user" AND "x-auth-cas"
LDAP Authentication requires: "x-auth-user" AND "x-auth-key"
NOTE(esteve): Should we just always attempt authentication by cas,
then we dont send around x-auth-* headers..
"""
logger.debug("Auth Request")
if 'HTTP_X_AUTH_USER' in request.META\
and 'HTTP_X_AUTH_CAS' in request.META:
username = request.META['HTTP_X_AUTH_USER']
if cas_validateUser(username):
del request.META['HTTP_X_AUTH_CAS']
return auth_response(request)
else:
logger.debug("CAS login failed - %s" % username)
return HttpResponse("401 UNAUTHORIZED", status=401)
if 'HTTP_X_AUTH_KEY' in request.META\
and 'HTTP_X_AUTH_USER' in request.META:
username = request.META['HTTP_X_AUTH_USER']
x_auth_key = request.META['HTTP_X_AUTH_KEY']
if ldap_validate(username, x_auth_key):
return auth_response(request)
else:
logger.debug("LDAP login failed - %s" % username)
return HttpResponse("401 UNAUTHORIZED", status=401)
else:
logger.debug("Request did not have User/Key"
" or User/CAS in the headers")
return HttpResponse("401 UNAUTHORIZED", status=401)
def token_auth(request):
"""
VERSION 2 AUTH
Authentication is based on the POST parameters:
* Username (Required)
* Password (Not Required if CAS authenticated previously)
NOTE: This authentication is SEPARATE from
django model authentication
Use this to give out tokens to access the API
"""
logger.info('Request to auth')
#logger.info(request)
token = request.POST.get('token', None)
username = request.POST.get('username', None)
# CAS authenticated user already has session data
# without passing any parameters
if not username:
username = request.session.get('username', None)
password = request.POST.get('password', None)
# LDAP Authenticate if password provided.
if username and password:
if ldap_validate(username, password):
logger.info("LDAP User %s validated. Creating auth token"
% username)
token = createAuthToken(username)
expireTime = token.issuedTime + TOKEN_EXPIRY_TIME
auth_json = {
'token': token.key,
'username': token.user.username,
'expires': expireTime.strftime("%b %d, %Y %H:%M:%S")
}
return HttpResponse(
content=json.dumps(auth_json),
status=201,
content_type='application/json')
else:
logger.debug("[LDAP] Failed to validate %s" % username)
return HttpResponse("LDAP login failed", status=401)
# if request.session and request.session.get('token'):
# logger.info("User %s already authenticated, renewing token"
# % username)
# token = validateToken(username, request.session.get('token'))
# ASSERT: Token exists here
if token:
expireTime = token.issuedTime + TOKEN_EXPIRY_TIME
auth_json = {
'token': token.key,
'username': token.user.username,
'expires': expireTime.strftime("%b %d, %Y %H:%M:%S")
}
return HttpResponse(
content=json.dumps(auth_json),
content_type='application/json')
if not username and not password:
# The user and password were not found
# force user to login via CAS
return cas_loginRedirect(request, '/auth/')
# CAS Authenticate by Proxy (Password not necessary):
if cas_validateUser(username):
logger.info("CAS User %s validated. Creating auth token" % username)
token = createAuthToken(username)
expireTime = token.issuedTime + TOKEN_EXPIRY_TIME
auth_json = {
'token': token.key,
'username': token.user.username,
'expires': expireTime.strftime("%b %d, %Y %H:%M:%S")
}
return HttpResponse(
content=json.dumps(auth_json),
content_type='application/json')
else:
logger.debug("[CAS] Failed to validate - %s" % username)
return HttpResponse("CAS Login Failure", status=401)
def token_auth(request):
"""
VERSION 2 AUTH
Authentication is based on the POST parameters:
* Username (Required)
* Password (Not Required if CAS authenticated previously)
NOTE: This authentication is SEPARATE from
django model authentication
Use this to give out tokens to access the API
"""
logger.info('Request to auth')
#logger.info(request)
token = request.POST.get('token', None)
username = request.POST.get('username', None)
# CAS authenticated user already has session data
# without passing any parameters
if not username:
username = request.session.get('username', None)
password = request.POST.get('password', None)
# LDAP Authenticate if password provided.
if username and password:
if ldap_validate(username, password):
logger.info("LDAP User %s validated. Creating auth token" %
username)
token = createAuthToken(username)
expireTime = token.issuedTime + TOKEN_EXPIRY_TIME
auth_json = {
'token': token.key,
'username': token.user.username,
'expires': expireTime.strftime("%b %d, %Y %H:%M:%S")
}
return HttpResponse(content=json.dumps(auth_json),
status=201,
content_type='application/json')
else:
logger.debug("[LDAP] Failed to validate %s" % username)
return HttpResponse("LDAP login failed", status=401)
# if request.session and request.session.get('token'):
# logger.info("User %s already authenticated, renewing token"
# % username)
# token = validateToken(username, request.session.get('token'))
# ASSERT: Token exists here
if token:
expireTime = token.issuedTime + TOKEN_EXPIRY_TIME
auth_json = {
'token': token.key,
'username': token.user.username,
'expires': expireTime.strftime("%b %d, %Y %H:%M:%S")
}
return HttpResponse(content=json.dumps(auth_json),
content_type='application/json')
if not username and not password:
# The user and password were not found
# force user to login via CAS
return cas_loginRedirect(request, '/auth/')
# CAS Authenticate by Proxy (Password not necessary):
if cas_validateUser(username):
logger.info("CAS User %s validated. Creating auth token" % username)
token = createAuthToken(username)
expireTime = token.issuedTime + TOKEN_EXPIRY_TIME
auth_json = {
'token': token.key,
'username': token.user.username,
'expires': expireTime.strftime("%b %d, %Y %H:%M:%S")
}
return HttpResponse(content=json.dumps(auth_json),
content_type='application/json')
else:
logger.debug("[CAS] Failed to validate - %s" % username)
return HttpResponse("CAS Login Failure", status=401)
