def auth1_0(request): """ VERSION 1 AUTH -- DEPRECATED Authentication is based on the values passed in to the header. If successful, the request is passed on to auth_response CAS Authentication requires: "x-auth-user" AND "x-auth-cas" LDAP Authentication requires: "x-auth-user" AND "x-auth-key" NOTE(esteve): Should we just always attempt authentication by cas, then we dont send around x-auth-* headers.. """ logger.debug("Auth Request") if 'HTTP_X_AUTH_USER' in request.META\ and 'HTTP_X_AUTH_CAS' in request.META: username = request.META['HTTP_X_AUTH_USER'] if cas_validateUser(username): del request.META['HTTP_X_AUTH_CAS'] return auth_response(request) else: logger.debug("CAS login failed - %s" % username) return HttpResponse("401 UNAUTHORIZED", status=401) if 'HTTP_X_AUTH_KEY' in request.META\ and 'HTTP_X_AUTH_USER' in request.META: username = request.META['HTTP_X_AUTH_USER'] x_auth_key = request.META['HTTP_X_AUTH_KEY'] if ldap_validate(username, x_auth_key): return auth_response(request) else: logger.debug("LDAP login failed - %s" % username) return HttpResponse("401 UNAUTHORIZED", status=401) else: logger.debug("Request did not have User/Key" " or User/CAS in the headers") return HttpResponse("401 UNAUTHORIZED", status=401)
def auth1_0(request): """ VERSION 1 AUTH -- DEPRECATED Authentication is based on the values passed in to the header. If successful, the request is passed on to auth_response CAS Authentication requires: "x-auth-user" AND "x-auth-cas" LDAP Authentication requires: "x-auth-user" AND "x-auth-key" NOTE(esteve): Should we just always attempt authentication by cas, then we dont send around x-auth-* headers.. """ logger.debug("Auth Request") if 'HTTP_X_AUTH_USER' in request.META\ and 'HTTP_X_AUTH_CAS' in request.META: username = request.META['HTTP_X_AUTH_USER'] if cas_validateUser(username): del request.META['HTTP_X_AUTH_CAS'] return auth_response(request) else: logger.debug("CAS login failed - %s" % username) return HttpResponse("401 UNAUTHORIZED", status=401) if 'HTTP_X_AUTH_KEY' in request.META\ and 'HTTP_X_AUTH_USER' in request.META: username = request.META['HTTP_X_AUTH_USER'] x_auth_key = request.META['HTTP_X_AUTH_KEY'] if ldap_validate(username, x_auth_key): return auth_response(request) else: logger.debug("LDAP login failed - %s" % username) return HttpResponse("401 UNAUTHORIZED", status=401) else: logger.debug("Request did not have User/Key" " or User/CAS in the headers") return HttpResponse("401 UNAUTHORIZED", status=401)
def token_auth(request): """ VERSION 2 AUTH Authentication is based on the POST parameters: * Username (Required) * Password (Not Required if CAS authenticated previously) NOTE: This authentication is SEPARATE from django model authentication Use this to give out tokens to access the API """ logger.info('Request to auth') #logger.info(request) token = request.POST.get('token', None) username = request.POST.get('username', None) # CAS authenticated user already has session data # without passing any parameters if not username: username = request.session.get('username', None) password = request.POST.get('password', None) # LDAP Authenticate if password provided. if username and password: if ldap_validate(username, password): logger.info("LDAP User %s validated. Creating auth token" % username) token = createAuthToken(username) expireTime = token.issuedTime + TOKEN_EXPIRY_TIME auth_json = { 'token': token.key, 'username': token.user.username, 'expires': expireTime.strftime("%b %d, %Y %H:%M:%S") } return HttpResponse( content=json.dumps(auth_json), status=201, content_type='application/json') else: logger.debug("[LDAP] Failed to validate %s" % username) return HttpResponse("LDAP login failed", status=401) # if request.session and request.session.get('token'): # logger.info("User %s already authenticated, renewing token" # % username) # token = validateToken(username, request.session.get('token')) # ASSERT: Token exists here if token: expireTime = token.issuedTime + TOKEN_EXPIRY_TIME auth_json = { 'token': token.key, 'username': token.user.username, 'expires': expireTime.strftime("%b %d, %Y %H:%M:%S") } return HttpResponse( content=json.dumps(auth_json), content_type='application/json') if not username and not password: # The user and password were not found # force user to login via CAS return cas_loginRedirect(request, '/auth/') # CAS Authenticate by Proxy (Password not necessary): if cas_validateUser(username): logger.info("CAS User %s validated. Creating auth token" % username) token = createAuthToken(username) expireTime = token.issuedTime + TOKEN_EXPIRY_TIME auth_json = { 'token': token.key, 'username': token.user.username, 'expires': expireTime.strftime("%b %d, %Y %H:%M:%S") } return HttpResponse( content=json.dumps(auth_json), content_type='application/json') else: logger.debug("[CAS] Failed to validate - %s" % username) return HttpResponse("CAS Login Failure", status=401)
def token_auth(request): """ VERSION 2 AUTH Authentication is based on the POST parameters: * Username (Required) * Password (Not Required if CAS authenticated previously) NOTE: This authentication is SEPARATE from django model authentication Use this to give out tokens to access the API """ logger.info('Request to auth') #logger.info(request) token = request.POST.get('token', None) username = request.POST.get('username', None) # CAS authenticated user already has session data # without passing any parameters if not username: username = request.session.get('username', None) password = request.POST.get('password', None) # LDAP Authenticate if password provided. if username and password: if ldap_validate(username, password): logger.info("LDAP User %s validated. Creating auth token" % username) token = createAuthToken(username) expireTime = token.issuedTime + TOKEN_EXPIRY_TIME auth_json = { 'token': token.key, 'username': token.user.username, 'expires': expireTime.strftime("%b %d, %Y %H:%M:%S") } return HttpResponse(content=json.dumps(auth_json), status=201, content_type='application/json') else: logger.debug("[LDAP] Failed to validate %s" % username) return HttpResponse("LDAP login failed", status=401) # if request.session and request.session.get('token'): # logger.info("User %s already authenticated, renewing token" # % username) # token = validateToken(username, request.session.get('token')) # ASSERT: Token exists here if token: expireTime = token.issuedTime + TOKEN_EXPIRY_TIME auth_json = { 'token': token.key, 'username': token.user.username, 'expires': expireTime.strftime("%b %d, %Y %H:%M:%S") } return HttpResponse(content=json.dumps(auth_json), content_type='application/json') if not username and not password: # The user and password were not found # force user to login via CAS return cas_loginRedirect(request, '/auth/') # CAS Authenticate by Proxy (Password not necessary): if cas_validateUser(username): logger.info("CAS User %s validated. Creating auth token" % username) token = createAuthToken(username) expireTime = token.issuedTime + TOKEN_EXPIRY_TIME auth_json = { 'token': token.key, 'username': token.user.username, 'expires': expireTime.strftime("%b %d, %Y %H:%M:%S") } return HttpResponse(content=json.dumps(auth_json), content_type='application/json') else: logger.debug("[CAS] Failed to validate - %s" % username) return HttpResponse("CAS Login Failure", status=401)