snippets / Scripts / git / .git / blame
| Commit | Line | Data |
|---|---|---|
| aec307d9 AD |
1 | import subprocess |
| 2 | import ldap | |
| 3 | import ldap.filter | |
| 4 | ||
| e2ce65b9 AD |
5 | from django.contrib.auth.middleware import RemoteUserMiddleware |
| 6 | from django.contrib.auth.backends import RemoteUserBackend | |
| 2e0bd8fa AD |
7 | from django.contrib.auth.views import login |
| 8 | from django.contrib.auth import REDIRECT_FIELD_NAME | |
| 9 | from django.http import HttpResponseRedirect | |
| e2ce65b9 AD |
10 | from django.contrib import auth |
| 11 | from django.core.exceptions import ObjectDoesNotExist | |
| 2e0bd8fa | 12 | import settings |
| e2ce65b9 | 13 | |
| aec307d9 AD |
14 | def zephyr(msg, clas='message', instance='log', rcpt='nobody',): |
| 15 | proc = subprocess.Popen( | |
| 16 | ['zwrite', '-d', '-n', '-c', clas, '-i', instance, rcpt, ], | |
| 17 | stdin=subprocess.PIPE, stdout=subprocess.PIPE | |
| 18 | ) | |
| 19 | proc.communicate(msg) | |
| e2ce65b9 AD |
20 | |
| 21 | class ScriptsRemoteUserMiddleware(RemoteUserMiddleware): | |
| 22 | header = 'SSL_CLIENT_S_DN_Email' | |
| 23 | ||
| 24 | class ScriptsRemoteUserBackend(RemoteUserBackend): | |
| 25 | def clean_username(self, username, ): | |
| 26 | if '@' in username: | |
| 27 | name, domain = username.split('@') | |
| 28 | assert domain.upper() == 'MIT.EDU' | |
| 29 | return name | |
| 30 | else: | |
| 31 | return username | |
| 32 | def configure_user(self, user, ): | |
| 33 | username = user.username | |
| aec307d9 | 34 | user.password = "ScriptsSSLAuth" |
| abab96a3 | 35 | con = ldap.open('ldap-too.mit.edu') |
| e2ce65b9 AD |
36 | con.simple_bind_s("", "") |
| 37 | dn = "dc=mit,dc=edu" | |
| 38 | fields = ['cn', 'sn', 'givenName', 'mail', ] | |
| aec307d9 AD |
39 | userfilter = ldap.filter.filter_format('uid=%s', [username]) |
| 40 | result = con.search_s('dc=mit,dc=edu', ldap.SCOPE_SUBTREE, userfilter, fields) | |
| e2ce65b9 AD |
41 | if len(result) == 1: |
| 42 | user.first_name = result[0][1]['givenName'][0] | |
| 43 | user.last_name = result[0][1]['sn'][0] | |
| 44 | user.email = result[0][1]['mail'][0] | |
| 45 | try: | |
| 46 | user.groups.add(auth.models.Group.objects.get(name='mit')) | |
| 47 | except ObjectDoesNotExist: | |
| 48 | print "Failed to retrieve mit group" | |
| aec307d9 AD |
49 | else: |
| 50 | raise ValueError, ("Could not find user with username '%s' (filter '%s')"%(username, userfilter)) | |
| e2ce65b9 AD |
51 | try: |
| 52 | user.groups.add(auth.models.Group.objects.get(name='autocreated')) | |
| 53 | except ObjectDoesNotExist: | |
| 54 | print "Failed to retrieve autocreated group" | |
| aec307d9 | 55 | user.save() |
| e2ce65b9 | 56 | return user |
| 2e0bd8fa AD |
57 | |
| 58 | def scripts_login(request, **kwargs): | |
| 4df1aef4 AD |
59 | host = request.META['HTTP_HOST'].split(':')[0] |
| 60 | if host == 'localhost': | |
| 2e0bd8fa AD |
61 | return login(request, **kwargs) |
| 62 | elif request.META['SERVER_PORT'] == '444': | |
| 63 | if request.user.is_authenticated(): | |
| 64 | # They're already authenticated --- go ahead and redirect | |
| 65 | if 'redirect_field_name' in kwargs: | |
| 66 | redirect_field_name = kwargs['redirect_field_names'] | |
| 67 | else: | |
| 68 | from django.contrib.auth import REDIRECT_FIELD_NAME | |
| 69 | redirect_field_name = REDIRECT_FIELD_NAME | |
| 70 | redirect_to = request.REQUEST.get(redirect_field_name, '') | |
| 71 | if not redirect_to or '//' in redirect_to or ' ' in redirect_to: | |
| 72 | redirect_to = settings.LOGIN_REDIRECT_URL | |
| 73 | return HttpResponseRedirect(redirect_to) | |
| 74 | else: | |
| 75 | return login(request, **kwargs) | |
| 76 | else: | |
| 77 | # Move to port 444 | |
| 2e0bd8fa AD |
78 | redirect_to = "https://%s:444%s" % (host, request.META['REQUEST_URI'], ) |
| 79 | return HttpResponseRedirect(redirect_to) |