示例#1
0
 def authenticate(self, username=None, password=None):
     try:
         myproxy_logon(settings.ESGF_HOST,
                 username,
                 password,
                 os.path.join(settings.PROXY_CERT_DIR,
                                 username + '.pem').encode("UTF-8"),
                 lifetime=43200,
                 port=settings.ESGF_PORT
                 )
     except GetException as e:
         # myproxy_logon failed, so return None instead of a User
         #
         # TODO: When Django 1.6 comes out, this should be changed to:
         #
         #     raise PermissionDenied
         #
         # This will prevent the possibility of someone listing multiple
         # authentication backends in their settings.py, thus allowing an
         # attacker to authenticate as any user simply by using the default
         # password assigned to all users created by this auth backend.
         return None
         
     # if we make it here, the username and password were good
     # (myproxy_logon throws GetException if login fails)
     try:
         user = User.objects.get(username=username)
     except User.DoesNotExist:
         # Create a new user. Note that we can set password
         # to anything, because unless another authentication backend is
         # listed in settings.py's AUTHENTICATION_BACKENDS, this password
         # will never be seen.
         user = User(username=username,
                     password='******')
         user.is_staff = False
         user.is_superuser = False
         user.save()
     return user
示例#2
0
 def authenticate(self, username=None, password=None, peernode=None):
     print "AUTHENTICATE NOW"
     try:
         cert_path=os.path.join(settings.PROXY_CERT_DIR,username)
         if not os.path.exists(cert_path):
             try:
                 os.makedirs(cert_path)
             except:
                 pass
         myproxy_logon(peernode,
                 username,
                 password,
                 os.path.join(cert_path,username + '.pem').encode("UTF-8"),
                 lifetime=43200,
                 port=settings.ESGF_PORT
                 )
         print cert_path,username
     except GetException as e:
         print e
         # myproxy_logon failed, so return None instead of a User
         #
         # TODO: When Django 1.6 comes out, this should be changed to:
         #
         #     raise PermissionDenied
         #
         # This will prevent the possibility of someone listing multiple
         # authentication backends in their settings.py, thus allowing an
         # attacker to authenticate as any user simply by using the default
         # password assigned to all users created by this auth backend.
         return None
     # if we make it here, the username and password were good
     # output .httprc file if .httprc is not found
     try:
         #cdms2.setHttprcDirectory(cert_path)
         homepath=os.environ['HOME']
         filepath=os.path.join(homepath,".daprc")
         print filepath
         if not os.path.exists(filepath):
             dodsrc_cache_root=os.path.join(cert_path,".dods_cache")
             dodsrc_curl_ssl_certificate=os.path.join(cert_path,"%s.pem"%username)
             dodsrc_curl_ssl_key=os.path.join(cert_path,"%s.pem"%username)
             dodsrc_curl_ssl_capath=os.path.join(os.environ["HOME"],".esg","certificates")
             daprc_text=""
             daprc_text+="USE_CACHE=0\n"
             daprc_text+="MAX_CACHE_SIZE=20\n"
             daprc_text+="MAX_CACHED_OBJ=5\n"
             daprc_text+="IGNORE_EXPIRES=0\n"
             daprc_text+="CACHE_ROOT=%s/\n"%dodsrc_cache_root
             daprc_text+="DEFAULT_EXPIRES=86400\n"
             daprc_text+="ALWAYS_VALIDATE=0\n"
             daprc_text+="DEFLATE=0\n"
             daprc_text+="VALIDATE_SSL=1\n"
             daprc_text+="CURL.COOKIEJAR=.dods_cookies\n"
             daprc_text+="CURL.SSL.VALIDATE=1\n"
             daprc_text+="CURL.SSL.CERTIFICATE=%s\n"%dodsrc_curl_ssl_certificate
             daprc_text+="CURL.SSL.KEY=%s\n"%dodsrc_curl_ssl_key
             daprc_text+="CURL.SSL.CAPATH=%s\n"%dodsrc_curl_ssl_capath
             outfile=open(filepath, 'w')
             flock(outfile, LOCK_EX)
             outfile.write(daprc_text)
             flock(outfile, LOCK_UN)
             outfile.close()
     except Exception as e:
         print e
         print "Unable to locate .daprc\n"
         return None
     # if we make it here, the username and password were good
     # (myproxy_logon throws GetException if login fails)
     try:
         user = User.objects.get(username=username)
     except User.DoesNotExist:
         # Create a new user. Note that we can set password
         # to anything, because unless another authentication backend is
         # listed in settings.py's AUTHENTICATION_BACKENDS, this password
         # will never be seen.
         user = User(username=username,
                     password='******')
         user.is_staff = False
         user.is_superuser = False
         user.save()
     return user