diff options
Diffstat (limited to 'webapp/django/contrib/auth/handlers/modpython.py')
-rw-r--r-- | webapp/django/contrib/auth/handlers/modpython.py | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/webapp/django/contrib/auth/handlers/modpython.py b/webapp/django/contrib/auth/handlers/modpython.py new file mode 100644 index 0000000000..de961fa4dd --- /dev/null +++ b/webapp/django/contrib/auth/handlers/modpython.py @@ -0,0 +1,56 @@ +from mod_python import apache +import os + +def authenhandler(req, **kwargs): + """ + Authentication handler that checks against Django's auth database. + """ + + # mod_python fakes the environ, and thus doesn't process SetEnv. This fixes + # that so that the following import works + os.environ.update(req.subprocess_env) + + # apache 2.2 requires a call to req.get_basic_auth_pw() before + # req.user and friends are available. + req.get_basic_auth_pw() + + # check for PythonOptions + _str_to_bool = lambda s: s.lower() in ('1', 'true', 'on', 'yes') + + options = req.get_options() + permission_name = options.get('DjangoPermissionName', None) + staff_only = _str_to_bool(options.get('DjangoRequireStaffStatus', "on")) + superuser_only = _str_to_bool(options.get('DjangoRequireSuperuserStatus', "off")) + settings_module = options.get('DJANGO_SETTINGS_MODULE', None) + if settings_module: + os.environ['DJANGO_SETTINGS_MODULE'] = settings_module + + from django.contrib.auth.models import User + from django import db + db.reset_queries() + + # check that the username is valid + kwargs = {'username': req.user, 'is_active': True} + if staff_only: + kwargs['is_staff'] = True + if superuser_only: + kwargs['is_superuser'] = True + try: + try: + user = User.objects.get(**kwargs) + except User.DoesNotExist: + return apache.HTTP_UNAUTHORIZED + + # check the password and any permission given + if user.check_password(req.get_basic_auth_pw()): + if permission_name: + if user.has_perm(permission_name): + return apache.OK + else: + return apache.HTTP_UNAUTHORIZED + else: + return apache.OK + else: + return apache.HTTP_UNAUTHORIZED + finally: + db.connection.close() |