nielsperetzke
/
healthchecks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 32 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1874 Commits
2 Branches
15 MiB
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
healthchecks/hc/accounts/backends.py

68 lines
2.0 KiB
Raw Permalink Normal View History

Store the one time login token in profile so user.password can be used for regular passwords.
9 years ago
Add http header auth (#457) * Add HTTP header authentiation backend/middleware * Add docs for remote header auth * Improve docs on external auth * Add warning for unknown REMOTE_USER_HEADER_TYPE * Move active check for header auth to middleware Add extra header type sanity check to the backend * Add test cases for remote header login * Improve header-based authentication - remove the 'ID' mode - add CustomHeaderBackend to AUTHENTICATION_BACKENDS conditionally - rewrite CustomHeaderBackend and CustomHeaderMiddleware to use less inherited code - add more test cases Co-authored-by: Pēteris Caune <[email protected]>
4 years ago
Store the one time login token in profile so user.password can be used for regular passwords.
9 years ago
Add http header auth (#457) * Add HTTP header authentiation backend/middleware * Add docs for remote header auth * Improve docs on external auth * Add warning for unknown REMOTE_USER_HEADER_TYPE * Move active check for header auth to middleware Add extra header type sanity check to the backend * Add test cases for remote header login * Improve header-based authentication - remove the 'ID' mode - add CustomHeaderBackend to AUTHENTICATION_BACKENDS conditionally - rewrite CustomHeaderBackend and CustomHeaderMiddleware to use less inherited code - add more test cases Co-authored-by: Pēteris Caune <[email protected]>
4 years ago
Store the one time login token in profile so user.password can be used for regular passwords.
9 years ago
fix tests and optimize authentication and fix some unclosed markup
9 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
request.project is now unused, removing
5 years ago
Preload Profile.current_project, saves one query per request.
6 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
Store the one time login token in profile so user.password can be used for regular passwords.
9 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
Fix deprecation warnings.
8 years ago
Store the one time login token in profile so user.password can be used for regular passwords.
9 years ago
/admin/login/ uses the same login view as the main site.
8 years ago
Store the one time login token in profile so user.password can be used for regular passwords.
9 years ago
login, set-password, and change-email tokens use different salts.
7 years ago
Store the one time login token in profile so user.password can be used for regular passwords.
9 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
Fix deprecation warnings.
8 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
Add http header auth (#457) * Add HTTP header authentiation backend/middleware * Add docs for remote header auth * Improve docs on external auth * Add warning for unknown REMOTE_USER_HEADER_TYPE * Move active check for header auth to middleware Add extra header type sanity check to the backend * Add test cases for remote header login * Improve header-based authentication - remove the 'ID' mode - add CustomHeaderBackend to AUTHENTICATION_BACKENDS conditionally - rewrite CustomHeaderBackend and CustomHeaderMiddleware to use less inherited code - add more test cases Co-authored-by: Pēteris Caune <[email protected]>
4 years ago
 
  1. from django.contrib.auth.models import User
  2. from django.conf import settings
  3. from hc.accounts.models import Profile
  4. from hc.accounts.views import _make_user
  5. 

  6. 

  7. class BasicBackend(object):
  8.     def get_user(self, user_id):
  9.         try:
  10.             q = User.objects.select_related("profile")
  11. 

  12.             return q.get(pk=user_id)
  13.         except User.DoesNotExist:
  14.             return None
  15. 

  16. 

  17. # Authenticate against the token in user's profile.
  18. class ProfileBackend(BasicBackend):
  19.     def authenticate(self, request=None, username=None, token=None):
  20.         try:
  21.             profiles = Profile.objects.select_related("user")
  22.             profile = profiles.get(user__username=username)
  23.         except Profile.DoesNotExist:
  24.             return None
  25. 

  26.         if not profile.check_token(token, "login"):
  27.             return None
  28. 

  29.         return profile.user
  30. 

  31. 

  32. class EmailBackend(BasicBackend):
  33.     def authenticate(self, request=None, username=None, password=None):
  34.         try:
  35.             user = User.objects.get(email=username)
  36.         except User.DoesNotExist:
  37.             return None
  38. 

  39.         if user.check_password(password):
  40.             return user
  41. 

  42. 

  43. class CustomHeaderBackend(BasicBackend):
  44.     """

  45.     This backend works in conjunction with the ``CustomHeaderMiddleware``,
  46.     and is used when the server is handling authentication outside of Django.
  47. 

  48.     """

  49. 

  50.     def authenticate(self, request, remote_user_email):
  51.         """

  52.         The email address passed as remote_user_email is considered trusted.
  53.         Return the User object with the given email address. Create a new User
  54.         if it does not exist.
  55. 

  56.         """

  57. 

  58.         # This backend should only be used when header-based authentication is enabled
  59.         assert settings.REMOTE_USER_HEADER
  60.         # remote_user_email should have a value
  61.         assert remote_user_email
  62. 

  63.         try:
  64.             user = User.objects.get(email=remote_user_email)
  65.         except User.DoesNotExist:
  66.             user = _make_user(remote_user_email)
  67. 

  68.         return user