django-cas-server/cas_server/auth.py

143 lines
4.6 KiB
Python
Raw Normal View History

2015-05-17 21:24:41 +00:00
# ⁻*- coding: utf-8 -*-
2015-05-27 20:10:06 +00:00
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU General Public License version 3 for
# more details.
#
# You should have received a copy of the GNU General Public License version 3
# along with this program; if not, write to the Free Software Foundation, Inc., 51
# Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
# (c) 2015 Valentin Samir
2015-05-27 19:56:39 +00:00
"""Some authentication classes for the CAS"""
2015-05-17 21:24:41 +00:00
from django.conf import settings
2015-12-12 16:26:19 +00:00
from django.contrib.auth import get_user_model
2015-05-17 21:24:41 +00:00
try:
import MySQLdb
import MySQLdb.cursors
import crypt
except ImportError:
MySQLdb = None
2015-05-27 19:56:39 +00:00
2015-06-12 16:10:52 +00:00
2015-12-12 16:26:19 +00:00
class AuthUser(object):
def __init__(self, username):
self.username = username
def test_password(self, password):
"""test `password` agains the user"""
raise NotImplemented()
def attributs(self):
"""return a dict of user attributes"""
raise NotImplemented()
class DummyAuthUser(AuthUser):
2015-05-27 19:56:39 +00:00
"""A Dummy authentication class"""
2015-06-12 16:10:52 +00:00
2015-05-17 21:24:41 +00:00
def __init__(self, username):
2015-12-12 16:26:19 +00:00
super(DummyAuthUser, self).__init__(username)
2015-05-17 21:24:41 +00:00
def test_password(self, password):
2015-05-27 19:56:39 +00:00
"""test `password` agains the user"""
2015-05-17 21:24:41 +00:00
return False
def attributs(self):
2015-05-27 19:56:39 +00:00
"""return a dict of user attributes"""
2015-05-17 21:24:41 +00:00
return {}
2015-12-12 16:26:19 +00:00
class TestAuthUser(AuthUser):
2015-05-27 19:56:39 +00:00
"""A test authentication class with one user test having
alose test as password and some attributes"""
2015-06-12 16:10:52 +00:00
2015-05-17 21:24:41 +00:00
def __init__(self, username):
2015-05-27 19:56:39 +00:00
super(TestAuthUser, self).__init__(username)
2015-05-17 21:24:41 +00:00
def test_password(self, password):
2015-05-27 19:56:39 +00:00
"""test `password` agains the user"""
2015-05-17 21:24:41 +00:00
return self.username == "test" and password == "test"
def attributs(self):
2015-05-27 19:56:39 +00:00
"""return a dict of user attributes"""
2015-06-12 16:10:52 +00:00
return {'nom': 'Nymous', 'prenom': 'Ano', 'email': 'anonymous@example.net'}
2015-05-17 21:24:41 +00:00
2015-12-12 16:26:19 +00:00
class MysqlAuthUser(AuthUser):
2015-05-27 19:56:39 +00:00
"""A mysql auth class: authentication user agains a mysql database"""
2015-05-17 21:24:41 +00:00
user = None
2015-06-12 16:10:52 +00:00
2015-05-17 21:24:41 +00:00
def __init__(self, username):
mysql_config = {
2015-05-27 19:56:39 +00:00
"user": settings.CAS_SQL_USERNAME,
"passwd": settings.CAS_SQL_PASSWORD,
"db": settings.CAS_SQL_DBNAME,
"host": settings.CAS_SQL_HOST,
2015-06-12 16:10:52 +00:00
"charset": settings.CAS_SQL_DBCHARSET,
"cursorclass": MySQLdb.cursors.DictCursor
2015-05-17 21:24:41 +00:00
}
if not MySQLdb:
raise RuntimeError("Please install MySQLdb before using the MysqlAuthUser backend")
conn = MySQLdb.connect(**mysql_config)
curs = conn.cursor()
if curs.execute(settings.CAS_SQL_USER_QUERY, (username,)) == 1:
self.user = curs.fetchone()
super(MysqlAuthUser, self).__init__(self.user['username'])
else:
super(MysqlAuthUser, self).__init__(username)
2015-05-17 21:24:41 +00:00
def test_password(self, password):
2015-05-27 19:56:39 +00:00
"""test `password` agains the user"""
2015-05-17 21:24:41 +00:00
if not self.user:
return False
else:
if settings.CAS_SQL_PASSWORD_CHECK == "plain":
return password == self.user["password"]
elif settings.CAS_SQL_PASSWORD_CHECK == "crypt":
if self.user["password"].startswith('$'):
salt = '$'.join(self.user["password"].split('$', 3)[:-1])
return crypt.crypt(password, salt) == self.user["password"]
else:
2015-05-27 20:18:01 +00:00
return crypt.crypt(
password,
self.user["password"][:2]
) == self.user["password"]
2015-05-17 21:24:41 +00:00
def attributs(self):
2015-05-27 19:56:39 +00:00
"""return a dict of user attributes"""
2015-05-17 21:24:41 +00:00
if not self.user:
return {}
else:
return self.user
2015-06-12 16:10:52 +00:00
2015-12-12 16:26:19 +00:00
class DjangoAuthUser(AuthUser):
2015-05-27 19:56:39 +00:00
"""A django auth class: authenticate user agains django internal users"""
2015-05-17 21:24:41 +00:00
user = None
2015-06-12 16:10:52 +00:00
2015-05-17 21:24:41 +00:00
def __init__(self, username):
2015-12-12 16:26:19 +00:00
User = get_user_model()
2015-05-17 21:24:41 +00:00
try:
self.user = User.objects.get(username=username)
except User.DoesNotExist:
pass
super(DjangoAuthUser, self).__init__(username)
def test_password(self, password):
2015-05-27 19:56:39 +00:00
"""test `password` agains the user"""
2015-05-17 21:24:41 +00:00
if not self.user:
return False
else:
return self.user.check_password(password)
def attributs(self):
2015-05-27 19:56:39 +00:00
"""return a dict of user attributes"""
2015-05-17 21:24:41 +00:00
if not self.user:
return {}
else:
attr = {}
for field in self.user._meta.fields:
2015-05-27 19:56:39 +00:00
attr[field.attname] = getattr(self.user, field.attname)
2015-05-17 21:24:41 +00:00
return attr