[Scripts/git/.git] / __init__.py

import subprocess
import ldap
import ldap.filter

from django.contrib.auth.middleware import RemoteUserMiddleware
from django.contrib.auth.backends import RemoteUserBackend
from django.contrib.auth.views import login
from django.contrib.auth import REDIRECT_FIELD_NAME
from django.http import HttpResponseRedirect
from django.contrib import auth
from django.core.exceptions import ObjectDoesNotExist
import settings

def zephyr(msg, clas='message', instance='log', rcpt='nobody',):
    proc = subprocess.Popen(
        ['zwrite', '-d', '-n', '-c', clas, '-i', instance, rcpt, ],
        stdin=subprocess.PIPE, stdout=subprocess.PIPE
    )
    proc.communicate(msg)

class ScriptsRemoteUserMiddleware(RemoteUserMiddleware):
    header = 'SSL_CLIENT_S_DN_Email'

class ScriptsRemoteUserBackend(RemoteUserBackend):
    def clean_username(self, username, ):
        if '@' in username:
            name, domain = username.split('@')
            assert domain.upper() == 'MIT.EDU'
            return name
        else:
            return username
    def configure_user(self, user, ):
        username = user.username
        user.password = "ScriptsSSLAuth"
        con = ldap.open('ldap-too.mit.edu')
        con.simple_bind_s("", "")
        dn = "dc=mit,dc=edu"
        fields = ['cn', 'sn', 'givenName', 'mail', ]
        userfilter = ldap.filter.filter_format('uid=%s', [username])
        result = con.search_s('dc=mit,dc=edu', ldap.SCOPE_SUBTREE, userfilter, fields)
        if len(result) == 1:
            user.first_name = result[0][1]['givenName'][0]
            user.last_name = result[0][1]['sn'][0]
            try:
                user.email = result[0][1]['mail'][0]
            except KeyError:
                user.email = username + '@mit.edu'
            try:
                user.groups.add(auth.models.Group.objects.get(name='mit'))
            except ObjectDoesNotExist:
                print "Failed to retrieve mit group"
        else:
            raise ValueError, ("Could not find user with username '%s' (filter '%s')"%(username, userfilter))
        try:
            user.groups.add(auth.models.Group.objects.get(name='autocreated'))
        except ObjectDoesNotExist:
            print "Failed to retrieve autocreated group"
        user.save()
        return user

def get_or_create_mit_user(username, ):
    """
    Given an MIT username, return a Django user object for them.
    If necessary, create (and save) the Django user for them.
    If the MIT user doesn't exist, raises ValueError.
    """
    user, created = auth.models.User.objects.get_or_create(username=username, )
    if created:
        backend = ScriptsRemoteUserBackend()
        # Raises ValueError if the user doesn't exist
        try:
            return backend.configure_user(user), created
        except ValueError:
            user.delete()
            raise
    else:
        return user, created

def scripts_login(request, **kwargs):
    host = request.META['HTTP_HOST'].split(':')[0]
    if host == 'localhost':
        return login(request, **kwargs)
    elif request.META['SERVER_PORT'] == '444':
        if request.user.is_authenticated():
            # They're already authenticated --- go ahead and redirect
            if 'redirect_field_name' in kwargs:
                redirect_field_name = kwargs['redirect_field_names']
            else:
                from django.contrib.auth import REDIRECT_FIELD_NAME
                redirect_field_name = REDIRECT_FIELD_NAME
            redirect_to = request.REQUEST.get(redirect_field_name, '')
            if not redirect_to or '//' in redirect_to or ' ' in redirect_to:
                redirect_to = settings.LOGIN_REDIRECT_URL
            return HttpResponseRedirect(redirect_to)
        else:
            return login(request, **kwargs)
    else:
        # Move to port 444
        redirect_to = "https://%s:444%s" % (host, request.META['REQUEST_URI'], )
        return HttpResponseRedirect(redirect_to)
Commit	Line	Data
aec307d9 AD	1	import subprocess
	2	import ldap
	3	import ldap.filter
	4
e2ce65b9 AD	5	from django.contrib.auth.middleware import RemoteUserMiddleware
e2ce65b9 AD	6	from django.contrib.auth.backends import RemoteUserBackend
2e0bd8fa AD	7	from django.contrib.auth.views import login
	8	from django.contrib.auth import REDIRECT_FIELD_NAME
	9	from django.http import HttpResponseRedirect
e2ce65b9 AD	10	from django.contrib import auth
e2ce65b9 AD	11	from django.core.exceptions import ObjectDoesNotExist
2e0bd8fa	12	import settings
e2ce65b9	13
aec307d9 AD	14	def zephyr(msg, clas='message', instance='log', rcpt='nobody',):
	15	proc = subprocess.Popen(
	16	['zwrite', '-d', '-n', '-c', clas, '-i', instance, rcpt, ],
	17	stdin=subprocess.PIPE, stdout=subprocess.PIPE
	18	)
	19	proc.communicate(msg)
e2ce65b9 AD	20
	21	class ScriptsRemoteUserMiddleware(RemoteUserMiddleware):
	22	header = 'SSL_CLIENT_S_DN_Email'
	23
	24	class ScriptsRemoteUserBackend(RemoteUserBackend):
	25	def clean_username(self, username, ):
	26	if '@' in username:
	27	name, domain = username.split('@')
	28	assert domain.upper() == 'MIT.EDU'
	29	return name
	30	else:
	31	return username
	32	def configure_user(self, user, ):
	33	username = user.username
aec307d9	34	user.password = "ScriptsSSLAuth"
abab96a3	35	con = ldap.open('ldap-too.mit.edu')
e2ce65b9 AD	36	con.simple_bind_s("", "")
	37	dn = "dc=mit,dc=edu"
	38	fields = ['cn', 'sn', 'givenName', 'mail', ]
aec307d9 AD	39	userfilter = ldap.filter.filter_format('uid=%s', [username])
aec307d9 AD	40	result = con.search_s('dc=mit,dc=edu', ldap.SCOPE_SUBTREE, userfilter, fields)
e2ce65b9 AD	41	if len(result) == 1:
	42	user.first_name = result[0][1]['givenName'][0]
	43	user.last_name = result[0][1]['sn'][0]
23bea0e4 GT	44	try:
	45	user.email = result[0][1]['mail'][0]
	46	except KeyError:
	47	user.email = username + '@mit.edu'
e2ce65b9 AD	48	try:
	49	user.groups.add(auth.models.Group.objects.get(name='mit'))
	50	except ObjectDoesNotExist:
	51	print "Failed to retrieve mit group"
aec307d9 AD	52	else:
aec307d9 AD	53	raise ValueError, ("Could not find user with username '%s' (filter '%s')"%(username, userfilter))
e2ce65b9 AD	54	try:
	55	user.groups.add(auth.models.Group.objects.get(name='autocreated'))
	56	except ObjectDoesNotExist:
	57	print "Failed to retrieve autocreated group"
aec307d9	58	user.save()
e2ce65b9	59	return user
2e0bd8fa	60
d4bd5af8 AD	61	def get_or_create_mit_user(username, ):
	62	"""
	63	Given an MIT username, return a Django user object for them.
	64	If necessary, create (and save) the Django user for them.
	65	If the MIT user doesn't exist, raises ValueError.
	66	"""
	67	user, created = auth.models.User.objects.get_or_create(username=username, )
	68	if created:
	69	backend = ScriptsRemoteUserBackend()
	70	# Raises ValueError if the user doesn't exist
	71	try:
	72	return backend.configure_user(user), created
	73	except ValueError:
	74	user.delete()
	75	raise
	76	else:
	77	return user, created
	78
2e0bd8fa	79	def scripts_login(request, **kwargs):
4df1aef4 AD	80	host = request.META['HTTP_HOST'].split(':')[0]
4df1aef4 AD	81	if host == 'localhost':
2e0bd8fa AD	82	return login(request, **kwargs)
	83	elif request.META['SERVER_PORT'] == '444':
	84	if request.user.is_authenticated():
	85	# They're already authenticated --- go ahead and redirect
	86	if 'redirect_field_name' in kwargs:
	87	redirect_field_name = kwargs['redirect_field_names']
	88	else:
	89	from django.contrib.auth import REDIRECT_FIELD_NAME
	90	redirect_field_name = REDIRECT_FIELD_NAME
	91	redirect_to = request.REQUEST.get(redirect_field_name, '')
	92	if not redirect_to or '//' in redirect_to or ' ' in redirect_to:
	93	redirect_to = settings.LOGIN_REDIRECT_URL
	94	return HttpResponseRedirect(redirect_to)
	95	else:
	96	return login(request, **kwargs)
	97	else:
	98	# Move to port 444
2e0bd8fa AD	99	redirect_to = "https://%s:444%s" % (host, request.META['REQUEST_URI'], )
2e0bd8fa AD	100	return HttpResponseRedirect(redirect_to)