from django.contrib import auth from django.contrib.auth.middleware import RemoteUserMiddleware from django.conf import settings from hc.accounts.models import Profile class TeamAccessMiddleware(object): def __init__(self, get_response): self.get_response = get_response def __call__(self, request): if not request.user.is_authenticated: return self.get_response(request) request.profile = Profile.objects.for_user(request.user) return self.get_response(request) class CustomHeaderMiddleware(RemoteUserMiddleware): """ Middleware for utilizing Web-server-provided authentication. If request.user is not authenticated, then this middleware: - looks for an email address in request.META[settings.REMOTE_USER_HEADER] - looks up and automatically logs in the user with a matching email """ def process_request(self, request): if not settings.REMOTE_USER_HEADER: return # Make sure AuthenticationMiddleware is installed assert hasattr(request, "user") email = request.META.get(settings.REMOTE_USER_HEADER) if not email: # If specified header doesn't exist or is empty then log out any # authenticated user and return if request.user.is_authenticated: auth.logout(request) return # If the user is already authenticated and that user is the user we are # getting passed in the headers, then the correct user is already # persisted in the session and we don't need to continue. if request.user.is_authenticated: if request.user.email == email: return else: # An authenticated user is associated with the request, but # it does not match the authorized user in the header. auth.logout(request) # We are seeing this user for the first time in this session, attempt # to authenticate the user. user = auth.authenticate(request, remote_user_email=email) if user: # User is valid. Set request.user and persist user in the session # by logging the user in. request.user = user auth.login(request, user)