diff options
Diffstat (limited to 'pgmailmgr/auth.py')
| -rw-r--r-- | pgmailmgr/auth.py | 142 |
1 files changed, 71 insertions, 71 deletions
diff --git a/pgmailmgr/auth.py b/pgmailmgr/auth.py index c3118d5..0a7101e 100644 --- a/pgmailmgr/auth.py +++ b/pgmailmgr/auth.py @@ -32,10 +32,10 @@ from Crypto.Cipher import AES import time class AuthBackend(ModelBackend): - # We declare a fake backend that always fails direct authentication - - # since we should never be using direct authentication in the first place! - def authenticate(self, username=None, password=None): - raise Exception("Direct authentication not supported") + # We declare a fake backend that always fails direct authentication - + # since we should never be using direct authentication in the first place! + def authenticate(self, username=None, password=None): + raise Exception("Direct authentication not supported") #### @@ -44,85 +44,85 @@ class AuthBackend(ModelBackend): # Handle login requests by sending them off to the main site def login(request): - if request.GET.has_key('next'): - return HttpResponseRedirect("%s?su=%s" % ( - settings.PGAUTH_REDIRECT, - quote_plus(request.GET['next']), - )) - else: - return HttpResponseRedirect(settings.PGAUTH_REDIRECT) + if request.GET.has_key('next'): + return HttpResponseRedirect("%s?su=%s" % ( + settings.PGAUTH_REDIRECT, + quote_plus(request.GET['next']), + )) + else: + return HttpResponseRedirect(settings.PGAUTH_REDIRECT) # Handle logout requests by logging out of this site and then # redirecting to log out from the main site as well. def logout(request): - if request.user.is_authenticated(): - django_logout(request) - return HttpResponseRedirect("%slogout/" % settings.PGAUTH_REDIRECT) + if request.user.is_authenticated(): + django_logout(request) + return HttpResponseRedirect("%slogout/" % settings.PGAUTH_REDIRECT) # Receive an authentication response from the main website and try # to log the user in. def auth_receive(request): - if request.GET.has_key('s') and request.GET['s'] == "logout": - # This was a logout request - return HttpResponseRedirect('/') + if request.GET.has_key('s') and request.GET['s'] == "logout": + # This was a logout request + return HttpResponseRedirect('/') - if not request.GET.has_key('i'): - raise Exception("Missing IV") - if not request.GET.has_key('d'): - raise Exception("Missing data!") + if not request.GET.has_key('i'): + raise Exception("Missing IV") + if not request.GET.has_key('d'): + raise Exception("Missing data!") - # Set up an AES object and decrypt the data we received - decryptor = AES.new(base64.b64decode(settings.PGAUTH_KEY), - AES.MODE_CBC, - base64.b64decode(str(request.GET['i']), "-_")) - s = decryptor.decrypt(base64.b64decode(str(request.GET['d']), "-_")).rstrip(' ') + # Set up an AES object and decrypt the data we received + decryptor = AES.new(base64.b64decode(settings.PGAUTH_KEY), + AES.MODE_CBC, + base64.b64decode(str(request.GET['i']), "-_")) + s = decryptor.decrypt(base64.b64decode(str(request.GET['d']), "-_")).rstrip(' ') - # Now un-urlencode it - try: - data = urlparse.parse_qs(s, strict_parsing=True) - except ValueError, e: - raise Exception("Invalid encrypted data received.") + # Now un-urlencode it + try: + data = urlparse.parse_qs(s, strict_parsing=True) + except ValueError, e: + raise Exception("Invalid encrypted data received.") - # Check the timestamp in the authentication - if (int(data['t'][0]) < time.time() - 10): - raise Exception("Authentication token too old.") + # Check the timestamp in the authentication + if (int(data['t'][0]) < time.time() - 10): + raise Exception("Authentication token too old.") - # Update the user record (if any) - try: - user = User.objects.get(username=data['u'][0]) - # User found, let's see if any important fields have changed - changed = False - if user.first_name != data['f'][0]: - user.first_name = data['f'][0] - changed = True - if user.last_name != data['l'][0]: - user.last_name = data['l'][0] - changed = True - if user.email != data['e'][0]: - user.email = data['e'][0] - changed= True - if changed: - user.save() - except User.DoesNotExist, e: - # User not found, create it! - user = User(username=data['u'][0], - first_name=data['f'][0], - last_name=data['l'][0], - email=data['e'][0], - password='setbypluginnotasha1', - ) - user.save() + # Update the user record (if any) + try: + user = User.objects.get(username=data['u'][0]) + # User found, let's see if any important fields have changed + changed = False + if user.first_name != data['f'][0]: + user.first_name = data['f'][0] + changed = True + if user.last_name != data['l'][0]: + user.last_name = data['l'][0] + changed = True + if user.email != data['e'][0]: + user.email = data['e'][0] + changed= True + if changed: + user.save() + except User.DoesNotExist, e: + # User not found, create it! + user = User(username=data['u'][0], + first_name=data['f'][0], + last_name=data['l'][0], + email=data['e'][0], + password='setbypluginnotasha1', + ) + user.save() - # Ok, we have a proper user record. Now tell django that - # we're authenticated so it persists it in the session. Before - # we do that, we have to annotate it with the backend information. - user.backend = "%s.%s" % (AuthBackend.__module__, AuthBackend.__name__) - django_login(request, user) + # Ok, we have a proper user record. Now tell django that + # we're authenticated so it persists it in the session. Before + # we do that, we have to annotate it with the backend information. + user.backend = "%s.%s" % (AuthBackend.__module__, AuthBackend.__name__) + django_login(request, user) - # Finally, redirect the user - if data.has_key('su'): - return HttpResponseRedirect(data['su'][0]) - # No redirect specified, see if we have it in our settings - if hasattr(settings, 'PGAUTH_REDIRECT_SUCCESS'): - return HttpResponseRedirect(settings.PGAUTH_REDIRECT_SUCCESS) - raise Exception("Authentication successful, but don't know where to redirect!") + # Finally, redirect the user + if data.has_key('su'): + return HttpResponseRedirect(data['su'][0]) + # No redirect specified, see if we have it in our settings + if hasattr(settings, 'PGAUTH_REDIRECT_SUCCESS'): + return HttpResponseRedirect(settings.PGAUTH_REDIRECT_SUCCESS) + raise Exception("Authentication successful, but don't know where to redirect!") |