[Scripts/git/.git] / __init__.py

import subprocess
import ldap
import ldap.filter

from django.contrib.auth.middleware import RemoteUserMiddleware
from django.contrib.auth.backends import RemoteUserBackend
from django.contrib.auth.views import login
from django.contrib.auth import REDIRECT_FIELD_NAME
from django.http import HttpResponseRedirect
from django.contrib import auth
from django.core.exceptions import ObjectDoesNotExist
from django.core.validators import URLValidator, ValidationError

import settings

def zephyr(msg, clas='message', instance='log', rcpt='nobody',):
    proc = subprocess.Popen(
        ['zwrite', '-d', '-n', '-c', clas, '-i', instance, rcpt, ],
        stdin=subprocess.PIPE, stdout=subprocess.PIPE
    )
    proc.communicate(msg)

def UrlOrAfsValidator(value):
    if value.startswith('/mit/') or value.startswith('/afs/'):
        return
    else:
        try:
            URLValidator()(value)
        except ValidationError:
            raise ValidationError('Provide a valid URL or AFS path')

class ScriptsRemoteUserMiddleware(RemoteUserMiddleware):
    header = 'SSL_CLIENT_S_DN_Email'

class ScriptsRemoteUserBackend(RemoteUserBackend):
    def clean_username(self, username, ):
        if '@' in username:
            name, domain = username.split('@')
            assert domain.upper() == 'MIT.EDU'
            return name
        else:
            return username
    def configure_user(self, user, ):
        username = user.username
        user.password = "ScriptsSSLAuth"
        con = ldap.open('ldap-too.mit.edu')
        con.simple_bind_s("", "")
        dn = "dc=mit,dc=edu"
        fields = ['cn', 'sn', 'givenName', 'mail', ]
        userfilter = ldap.filter.filter_format('uid=%s', [username])
        result = con.search_s('dc=mit,dc=edu', ldap.SCOPE_SUBTREE, userfilter, fields)
        if len(result) == 1:
            user.first_name = result[0][1]['givenName'][0]
            user.last_name = result[0][1]['sn'][0]
            try:
                user.email = result[0][1]['mail'][0]
            except KeyError:
                user.email = username + '@mit.edu'
            try:
                user.groups.add(auth.models.Group.objects.get(name='mit'))
            except ObjectDoesNotExist:
                print "Failed to retrieve mit group"
        else:
            raise ValueError, ("Could not find user with username '%s' (filter '%s')"%(username, userfilter))
        try:
            user.groups.add(auth.models.Group.objects.get(name='autocreated'))
        except ObjectDoesNotExist:
            print "Failed to retrieve autocreated group"
        user.save()
        return user

def get_or_create_mit_user(username, ):
    """
    Given an MIT username, return a Django user object for them.
    If necessary, create (and save) the Django user for them.
    If the MIT user doesn't exist, raises ValueError.
    """
    user, created = auth.models.User.objects.get_or_create(username=username, )
    if created:
        backend = ScriptsRemoteUserBackend()
        # Raises ValueError if the user doesn't exist
        try:
            return backend.configure_user(user), created
        except ValueError:
            user.delete()
            raise
    else:
        return user, created

def scripts_login(request, **kwargs):
    host = request.META['HTTP_HOST'].split(':')[0]
    if host == 'localhost':
        return login(request, **kwargs)
    elif request.META['SERVER_PORT'] == '444':
        if request.user.is_authenticated():
            # They're already authenticated --- go ahead and redirect
            if 'redirect_field_name' in kwargs:
                redirect_field_name = kwargs['redirect_field_names']
            else:
                from django.contrib.auth import REDIRECT_FIELD_NAME
                redirect_field_name = REDIRECT_FIELD_NAME
            redirect_to = request.REQUEST.get(redirect_field_name, '')
            if not redirect_to or '//' in redirect_to or ' ' in redirect_to:
                redirect_to = settings.LOGIN_REDIRECT_URL
            return HttpResponseRedirect(redirect_to)
        else:
            return login(request, **kwargs)
    else:
        # Move to port 444
        redirect_to = "https://%s:444%s" % (host, request.META['REQUEST_URI'], )
        return HttpResponseRedirect(redirect_to)
Commit	Line	Data
aec307d9 AD	1	import subprocess
	2	import ldap
	3	import ldap.filter
	4
e2ce65b9 AD	5	from django.contrib.auth.middleware import RemoteUserMiddleware
e2ce65b9 AD	6	from django.contrib.auth.backends import RemoteUserBackend
2e0bd8fa AD	7	from django.contrib.auth.views import login
	8	from django.contrib.auth import REDIRECT_FIELD_NAME
	9	from django.http import HttpResponseRedirect
e2ce65b9 AD	10	from django.contrib import auth
e2ce65b9 AD	11	from django.core.exceptions import ObjectDoesNotExist
6650ee78 AD	12	from django.core.validators import URLValidator, ValidationError
6650ee78 AD	13
2e0bd8fa	14	import settings
e2ce65b9	15
aec307d9 AD	16	def zephyr(msg, clas='message', instance='log', rcpt='nobody',):
	17	proc = subprocess.Popen(
	18	['zwrite', '-d', '-n', '-c', clas, '-i', instance, rcpt, ],
	19	stdin=subprocess.PIPE, stdout=subprocess.PIPE
	20	)
	21	proc.communicate(msg)
e2ce65b9	22
6650ee78 AD	23	def UrlOrAfsValidator(value):
	24	if value.startswith('/mit/') or value.startswith('/afs/'):
	25	return
	26	else:
	27	try:
	28	URLValidator()(value)
	29	except ValidationError:
	30	raise ValidationError('Provide a valid URL or AFS path')
	31
e2ce65b9 AD	32	class ScriptsRemoteUserMiddleware(RemoteUserMiddleware):
	33	header = 'SSL_CLIENT_S_DN_Email'
	34
	35	class ScriptsRemoteUserBackend(RemoteUserBackend):
	36	def clean_username(self, username, ):
	37	if '@' in username:
	38	name, domain = username.split('@')
	39	assert domain.upper() == 'MIT.EDU'
	40	return name
	41	else:
	42	return username
	43	def configure_user(self, user, ):
	44	username = user.username
aec307d9	45	user.password = "ScriptsSSLAuth"
abab96a3	46	con = ldap.open('ldap-too.mit.edu')
e2ce65b9 AD	47	con.simple_bind_s("", "")
	48	dn = "dc=mit,dc=edu"
	49	fields = ['cn', 'sn', 'givenName', 'mail', ]
aec307d9 AD	50	userfilter = ldap.filter.filter_format('uid=%s', [username])
aec307d9 AD	51	result = con.search_s('dc=mit,dc=edu', ldap.SCOPE_SUBTREE, userfilter, fields)
e2ce65b9 AD	52	if len(result) == 1:
	53	user.first_name = result[0][1]['givenName'][0]
	54	user.last_name = result[0][1]['sn'][0]
23bea0e4 GT	55	try:
	56	user.email = result[0][1]['mail'][0]
	57	except KeyError:
	58	user.email = username + '@mit.edu'
e2ce65b9 AD	59	try:
	60	user.groups.add(auth.models.Group.objects.get(name='mit'))
	61	except ObjectDoesNotExist:
	62	print "Failed to retrieve mit group"
aec307d9 AD	63	else:
aec307d9 AD	64	raise ValueError, ("Could not find user with username '%s' (filter '%s')"%(username, userfilter))
e2ce65b9 AD	65	try:
	66	user.groups.add(auth.models.Group.objects.get(name='autocreated'))
	67	except ObjectDoesNotExist:
	68	print "Failed to retrieve autocreated group"
aec307d9	69	user.save()
e2ce65b9	70	return user
2e0bd8fa	71
d4bd5af8 AD	72	def get_or_create_mit_user(username, ):
	73	"""
	74	Given an MIT username, return a Django user object for them.
	75	If necessary, create (and save) the Django user for them.
	76	If the MIT user doesn't exist, raises ValueError.
	77	"""
	78	user, created = auth.models.User.objects.get_or_create(username=username, )
	79	if created:
	80	backend = ScriptsRemoteUserBackend()
	81	# Raises ValueError if the user doesn't exist
	82	try:
	83	return backend.configure_user(user), created
	84	except ValueError:
	85	user.delete()
	86	raise
	87	else:
	88	return user, created
	89
2e0bd8fa	90	def scripts_login(request, **kwargs):
4df1aef4 AD	91	host = request.META['HTTP_HOST'].split(':')[0]
4df1aef4 AD	92	if host == 'localhost':
2e0bd8fa AD	93	return login(request, **kwargs)
	94	elif request.META['SERVER_PORT'] == '444':
	95	if request.user.is_authenticated():
	96	# They're already authenticated --- go ahead and redirect
	97	if 'redirect_field_name' in kwargs:
	98	redirect_field_name = kwargs['redirect_field_names']
	99	else:
	100	from django.contrib.auth import REDIRECT_FIELD_NAME
	101	redirect_field_name = REDIRECT_FIELD_NAME
	102	redirect_to = request.REQUEST.get(redirect_field_name, '')
	103	if not redirect_to or '//' in redirect_to or ' ' in redirect_to:
	104	redirect_to = settings.LOGIN_REDIRECT_URL
	105	return HttpResponseRedirect(redirect_to)
	106	else:
	107	return login(request, **kwargs)
	108	else:
	109	# Move to port 444
2e0bd8fa AD	110	redirect_to = "https://%s:444%s" % (host, request.META['REQUEST_URI'], )
2e0bd8fa AD	111	return HttpResponseRedirect(redirect_to)