1 files changed, 56 insertions, 0 deletions

diff --git a/webapp/django/contrib/auth/handlers/modpython.py b/webapp/django/contrib/auth/handlers/modpython.py
new file mode 100644
index 0000000000..de961fa4dd
--- /dev/null
+++ b/webapp/django/contrib/auth/handlers/modpython.py
@@ -0,0 +1,56 @@
+from mod_python import apache
+import os
+
+def authenhandler(req, **kwargs):
+    """
+    Authentication handler that checks against Django's auth database.
+    """
+
+    # mod_python fakes the environ, and thus doesn't process SetEnv.  This fixes
+    # that so that the following import works
+    os.environ.update(req.subprocess_env)
+
+    # apache 2.2 requires a call to req.get_basic_auth_pw() before 
+    # req.user and friends are available.
+    req.get_basic_auth_pw()
+
+    # check for PythonOptions
+    _str_to_bool = lambda s: s.lower() in ('1', 'true', 'on', 'yes')
+
+    options = req.get_options()
+    permission_name = options.get('DjangoPermissionName', None)
+    staff_only = _str_to_bool(options.get('DjangoRequireStaffStatus', "on"))
+    superuser_only = _str_to_bool(options.get('DjangoRequireSuperuserStatus', "off"))
+    settings_module = options.get('DJANGO_SETTINGS_MODULE', None)
+    if settings_module:
+        os.environ['DJANGO_SETTINGS_MODULE'] = settings_module
+
+    from django.contrib.auth.models import User
+    from django import db
+    db.reset_queries()
+
+    # check that the username is valid
+    kwargs = {'username': req.user, 'is_active': True}
+    if staff_only:
+        kwargs['is_staff'] = True
+    if superuser_only:
+        kwargs['is_superuser'] = True
+    try:
+        try:
+            user = User.objects.get(**kwargs)
+        except User.DoesNotExist:
+            return apache.HTTP_UNAUTHORIZED
+    
+        # check the password and any permission given
+        if user.check_password(req.get_basic_auth_pw()):
+            if permission_name:
+                if user.has_perm(permission_name):
+                    return apache.OK
+                else:
+                    return apache.HTTP_UNAUTHORIZED
+            else:
+                return apache.OK
+        else:
+            return apache.HTTP_UNAUTHORIZED
+    finally:
+        db.connection.close()