django/mit/__init__.py

   1 import subprocess
   2 import ldap
   3 import ldap.filter
   4
   5 from django.contrib.auth.middleware import RemoteUserMiddleware
   6 from django.contrib.auth.backends import RemoteUserBackend
   7 from django.contrib.auth.views import login
   8 from django.contrib.auth import REDIRECT_FIELD_NAME
   9 from django.http import HttpResponseRedirect
  10 from django.contrib import auth
  11 from django.core.exceptions import ObjectDoesNotExist
  12 import settings
  13
  14 def zephyr(msg, clas='message', instance='log', rcpt='nobody',):
  15     proc = subprocess.Popen(
  16         ['zwrite', '-d', '-n', '-c', clas, '-i', instance, rcpt, ],
  17         stdin=subprocess.PIPE, stdout=subprocess.PIPE
  18     )
  19     proc.communicate(msg)
  20
  21 class ScriptsRemoteUserMiddleware(RemoteUserMiddleware):
  22     header = 'SSL_CLIENT_S_DN_Email'
  23
  24 class ScriptsRemoteUserBackend(RemoteUserBackend):
  25     def clean_username(self, username, ):
  26         if '@' in username:
  27             name, domain = username.split('@')
  28             assert domain.upper() == 'MIT.EDU'
  29             return name
  30         else:
  31             return username
  32     def configure_user(self, user, ):
  33         username = user.username
  34         user.password = "ScriptsSSLAuth"
  35         con = ldap.open('ldap-too.mit.edu')
  36         con.simple_bind_s("", "")
  37         dn = "dc=mit,dc=edu"
  38         fields = ['cn', 'sn', 'givenName', 'mail', ]
  39         userfilter = ldap.filter.filter_format('uid=%s', [username])
  40         result = con.search_s('dc=mit,dc=edu', ldap.SCOPE_SUBTREE, userfilter, fields)
  41         if len(result) == 1:
  42             user.first_name = result[0][1]['givenName'][0]
  43             user.last_name = result[0][1]['sn'][0]
  44             user.email = result[0][1]['mail'][0]
  45             try:
  46                 user.groups.add(auth.models.Group.objects.get(name='mit'))
  47             except ObjectDoesNotExist:
  48                 print "Failed to retrieve mit group"
  49         else:
  50             raise ValueError, ("Could not find user with username '%s' (filter '%s')"%(username, userfilter))
  51         try:
  52             user.groups.add(auth.models.Group.objects.get(name='autocreated'))
  53         except ObjectDoesNotExist:
  54             print "Failed to retrieve autocreated group"
  55         user.save()
  56         return user
  57
  58 def scripts_login(request, **kwargs):
  59     host = request.META['HTTP_HOST'].split(':')[0]
  60     if host == 'localhost':
  61         return login(request, **kwargs)
  62     elif request.META['SERVER_PORT'] == '444':
  63         if request.user.is_authenticated():
  64             # They're already authenticated --- go ahead and redirect
  65             if 'redirect_field_name' in kwargs:
  66                 redirect_field_name = kwargs['redirect_field_names']
  67             else:
  68                 from django.contrib.auth import REDIRECT_FIELD_NAME
  69                 redirect_field_name = REDIRECT_FIELD_NAME
  70             redirect_to = request.REQUEST.get(redirect_field_name, '')
  71             if not redirect_to or '//' in redirect_to or ' ' in redirect_to:
  72                 redirect_to = settings.LOGIN_REDIRECT_URL
  73             return HttpResponseRedirect(redirect_to)
  74         else:
  75             return login(request, **kwargs)
  76     else:
  77         # Move to port 444
  78         redirect_to = "https://%s:444%s" % (host, request.META['REQUEST_URI'], )
  79         return HttpResponseRedirect(redirect_to)