X-Git-Url: https://snippets.scripts.mit.edu/gitweb.cgi/Scripts/git/.git/blobdiff_plain/9c504e485be1758ee01e7f577b9649633daae6ca..dbc3dbe21f242e88160475788cf96508ecc142a1:/django/mit/__init__.py

diff --git a/django/mit/__init__.py b/django/mit/__init__.py
index fd8d452..7958beb 100644
--- a/django/mit/__init__.py
+++ b/django/mit/__init__.py
@@ -1,10 +1,22 @@
+import subprocess
+import ldap
+import ldap.filter
+
 from django.contrib.auth.middleware import RemoteUserMiddleware
 from django.contrib.auth.backends import RemoteUserBackend
+from django.contrib.auth.views import login
+from django.contrib.auth import REDIRECT_FIELD_NAME
+from django.http import HttpResponseRedirect
 from django.contrib import auth
+from django.core.exceptions import ObjectDoesNotExist
+import settings
 
-def zephyr(msg, clas='remit', instance='log', rcpt='adehnert',):
-    import os
-    os.system("zwrite -d -c '%s' -i '%s' '%s' -m '%s'" % (clas, instance, rcpt, msg, ))
+def zephyr(msg, clas='message', instance='log', rcpt='nobody',):
+    proc = subprocess.Popen(
+        ['zwrite', '-d', '-n', '-c', clas, '-i', instance, rcpt, ],
+        stdin=subprocess.PIPE, stdout=subprocess.PIPE
+    )
+    proc.communicate(msg)
 
 class ScriptsRemoteUserMiddleware(RemoteUserMiddleware):
     header = 'SSL_CLIENT_S_DN_Email'
@@ -19,15 +31,49 @@ class ScriptsRemoteUserBackend(RemoteUserBackend):
             return username
     def configure_user(self, user, ):
         username = user.username
-        import ldap
+        user.password = "ScriptsSSLAuth"
         con = ldap.open('ldap.mit.edu')
         con.simple_bind_s("", "")
         dn = "dc=mit,dc=edu"
         fields = ['cn', 'sn', 'givenName', 'mail', ]
-        result = con.search_s('dc=mit,dc=edu', ldap.SCOPE_SUBTREE, 'uid=%s'%username, fields)
+        userfilter = ldap.filter.filter_format('uid=%s', [username])
+        result = con.search_s('dc=mit,dc=edu', ldap.SCOPE_SUBTREE, userfilter, fields)
         if len(result) == 1:
             user.first_name = result[0][1]['givenName'][0]
             user.last_name = result[0][1]['sn'][0]
             user.email = result[0][1]['mail'][0]
-            user.save()
+            try:
+                user.groups.add(auth.models.Group.objects.get(name='mit'))
+            except ObjectDoesNotExist:
+                print "Failed to retrieve mit group"
+        else:
+            raise ValueError, ("Could not find user with username '%s' (filter '%s')"%(username, userfilter))
+        try:
+            user.groups.add(auth.models.Group.objects.get(name='autocreated'))
+        except ObjectDoesNotExist:
+            print "Failed to retrieve autocreated group"
+        user.save()
         return user
+
+def scripts_login(request, **kwargs):
+    host = request.META['HTTP_HOST'].split(':')[0]
+    if host == 'localhost':
+        return login(request, **kwargs)
+    elif request.META['SERVER_PORT'] == '444':
+        if request.user.is_authenticated():
+            # They're already authenticated --- go ahead and redirect
+            if 'redirect_field_name' in kwargs:
+                redirect_field_name = kwargs['redirect_field_names']
+            else:
+                from django.contrib.auth import REDIRECT_FIELD_NAME
+                redirect_field_name = REDIRECT_FIELD_NAME
+            redirect_to = request.REQUEST.get(redirect_field_name, '')
+            if not redirect_to or '//' in redirect_to or ' ' in redirect_to:
+                redirect_to = settings.LOGIN_REDIRECT_URL
+            return HttpResponseRedirect(redirect_to)
+        else:
+            return login(request, **kwargs)
+    else:
+        # Move to port 444
+        redirect_to = "https://%s:444%s" % (host, request.META['REQUEST_URI'], )
+        return HttpResponseRedirect(redirect_to)