django-cas-server/cas_server/auth.py

# -*- coding: utf-8 -*-
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU General Public License version 3 for
# more details.
#
# You should have received a copy of the GNU General Public License version 3
# along with this program; if not, write to the Free Software Foundation, Inc., 51
# Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
# (c) 2015-2016 Valentin Samir
"""Some authentication classes for the CAS"""
from django.conf import settings
from django.contrib.auth import get_user_model
from django.utils import timezone

from datetime import timedelta
try:  # pragma: no cover
    import MySQLdb
    import MySQLdb.cursors
    from utils import check_password
except ImportError:
    MySQLdb = None

from .models import FederatedUser


class AuthUser(object):
    """Authentication base class"""
    def __init__(self, username):
        self.username = username

    def test_password(self, password):
        """test `password` agains the user"""
        raise NotImplementedError()

    def attributs(self):
        """return a dict of user attributes"""
        raise NotImplementedError()


class DummyAuthUser(AuthUser):  # pragma: no cover
    """A Dummy authentication class"""

    def __init__(self, username):
        super(DummyAuthUser, self).__init__(username)

    def test_password(self, password):
        """test `password` agains the user"""
        return False

    def attributs(self):
        """return a dict of user attributes"""
        return {}


class TestAuthUser(AuthUser):
    """A test authentication class with one user test having
    alose test as password and some attributes"""

    def __init__(self, username):
        super(TestAuthUser, self).__init__(username)

    def test_password(self, password):
        """test `password` agains the user"""
        return self.username == settings.CAS_TEST_USER and password == settings.CAS_TEST_PASSWORD

    def attributs(self):
        """return a dict of user attributes"""
        return settings.CAS_TEST_ATTRIBUTES


class MysqlAuthUser(AuthUser):  # pragma: no cover
    """A mysql auth class: authentication user agains a mysql database"""
    user = None

    def __init__(self, username):
        mysql_config = {
            "user": settings.CAS_SQL_USERNAME,
            "passwd": settings.CAS_SQL_PASSWORD,
            "db": settings.CAS_SQL_DBNAME,
            "host": settings.CAS_SQL_HOST,
            "charset": settings.CAS_SQL_DBCHARSET,
            "cursorclass": MySQLdb.cursors.DictCursor
        }
        if not MySQLdb:
            raise RuntimeError("Please install MySQLdb before using the MysqlAuthUser backend")
        conn = MySQLdb.connect(**mysql_config)
        curs = conn.cursor()
        if curs.execute(settings.CAS_SQL_USER_QUERY, (username,)) == 1:
            self.user = curs.fetchone()
            super(MysqlAuthUser, self).__init__(self.user['username'])
        else:
            super(MysqlAuthUser, self).__init__(username)

    def test_password(self, password):
        """test `password` agains the user"""
        if self.user:
            return check_password(
                settings.CAS_SQL_PASSWORD_CHECK,
                password,
                self.user["password"],
                settings.CAS_SQL_DBCHARSET
            )
        else:
            return False

    def attributs(self):
        """return a dict of user attributes"""
        if self.user:
            return self.user
        else:
            return {}


class DjangoAuthUser(AuthUser):  # pragma: no cover
    """A django auth class: authenticate user agains django internal users"""
    user = None

    def __init__(self, username):
        User = get_user_model()
        try:
            self.user = User.objects.get(username=username)
        except User.DoesNotExist:
            pass
        super(DjangoAuthUser, self).__init__(username)

    def test_password(self, password):
        """test `password` agains the user"""
        if self.user:
            return self.user.check_password(password)
        else:
            return False

    def attributs(self):
        """return a dict of user attributes"""
        if self.user:
            attr = {}
            for field in self.user._meta.fields:
                attr[field.attname] = getattr(self.user, field.attname)
            return attr
        else:
            return {}


class CASFederateAuth(AuthUser):
    """Authentication class used then CAS_FEDERATE is True"""
    user = None

    def __init__(self, username):
        try:
            self.user = FederatedUser.get_from_federated_username(username)
            super(CASFederateAuth, self).__init__(
                self.user.federated_username
            )
        except FederatedUser.DoesNotExist:
            super(CASFederateAuth, self).__init__(username)

    def test_password(self, ticket):
        """test `password` agains the user"""
        if not self.user or not self.user.ticket:
            return False
        else:
            return (
                ticket == self.user.ticket and
                self.user.last_update >
                (timezone.now() - timedelta(seconds=settings.CAS_TICKET_VALIDITY))
            )

    def attributs(self):
        """return a dict of user attributes"""
        if not self.user:  # pragma: no cover (should not happen)
            return {}
        else:
            return self.user.attributs
Update sime legal headers 2016-07-03 16:11:48 +00:00			`# -- coding: utf-8 --`
copyright notice 2015-05-27 20:10:06 +00:00			`# This program is distributed in the hope that it will be useful, but WITHOUT`
			`# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS`
			`# FOR A PARTICULAR PURPOSE. See the GNU General Public License version 3 for`
			`# more details.`
			`#`
			`# You should have received a copy of the GNU General Public License version 3`
			`# along with this program; if not, write to the Free Software Foundation, Inc., 51`
			`# Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.`
			`#`
Set legals headers 2016-06-30 22:00:53 +00:00			`# (c) 2015-2016 Valentin Samir`
Some refactoring 2015-05-27 19:56:39 +00:00			`"""Some authentication classes for the CAS"""`
Some login backends 2015-05-17 21:24:41 +00:00			`from django.conf import settings`
Update README 2015-12-12 16:26:19 +00:00			`from django.contrib.auth import get_user_model`
Test for CAS federation 2016-06-17 17:28:49 +00:00			`from django.utils import timezone`

			`from datetime import timedelta`
Exclude non test auth from coverage 2016-06-26 13:34:26 +00:00			`try: # pragma: no cover`
Some login backends 2015-05-17 21:24:41 +00:00			`import MySQLdb`
			`import MySQLdb.cursors`
Add some password check methods to the MySQL auth backend 2016-06-26 18:29:47 +00:00			`from utils import check_password`
Some login backends 2015-05-17 21:24:41 +00:00			`except ImportError:`
			`MySQLdb = None`
Some refactoring 2015-05-27 19:56:39 +00:00
Test for CAS federation 2016-06-17 17:28:49 +00:00			`from .models import FederatedUser`

PEP8 2015-06-12 16:10:52 +00:00
Update README 2015-12-12 16:26:19 +00:00			`class AuthUser(object):`
Add some docstrings and comments 2016-06-28 22:25:09 +00:00			`"""Authentication base class"""`
Update README 2015-12-12 16:26:19 +00:00			`def __init__(self, username):`
			`self.username = username`

			`def test_password(self, password):`
			"""test `password` agains the user"""
style 2016-06-26 09:16:41 +00:00			`raise NotImplementedError()`
Update README 2015-12-12 16:26:19 +00:00
			`def attributs(self):`
			`"""return a dict of user attributes"""`
style 2016-06-26 09:16:41 +00:00			`raise NotImplementedError()`
Update README 2015-12-12 16:26:19 +00:00

Exclude non test auth from coverage 2016-06-26 13:34:26 +00:00			`class DummyAuthUser(AuthUser): # pragma: no cover`
Some refactoring 2015-05-27 19:56:39 +00:00			`"""A Dummy authentication class"""`
PEP8 2015-06-12 16:10:52 +00:00
Some login backends 2015-05-17 21:24:41 +00:00			`def __init__(self, username):`
Update README 2015-12-12 16:26:19 +00:00			`super(DummyAuthUser, self).__init__(username)`
Some login backends 2015-05-17 21:24:41 +00:00
			`def test_password(self, password):`
Some refactoring 2015-05-27 19:56:39 +00:00			"""test `password` agains the user"""
Some login backends 2015-05-17 21:24:41 +00:00			`return False`

			`def attributs(self):`
Some refactoring 2015-05-27 19:56:39 +00:00			`"""return a dict of user attributes"""`
Some login backends 2015-05-17 21:24:41 +00:00			`return {}`


Update README 2015-12-12 16:26:19 +00:00			`class TestAuthUser(AuthUser):`
Some refactoring 2015-05-27 19:56:39 +00:00			`"""A test authentication class with one user test having`
			`alose test as password and some attributes"""`
PEP8 2015-06-12 16:10:52 +00:00
Some login backends 2015-05-17 21:24:41 +00:00			`def __init__(self, username):`
Some refactoring 2015-05-27 19:56:39 +00:00			`super(TestAuthUser, self).__init__(username)`
Some login backends 2015-05-17 21:24:41 +00:00
			`def test_password(self, password):`
Some refactoring 2015-05-27 19:56:39 +00:00			"""test `password` agains the user"""
Put test username, password, attributes in settings 2016-06-24 19:06:36 +00:00			`return self.username == settings.CAS_TEST_USER and password == settings.CAS_TEST_PASSWORD`
Some login backends 2015-05-17 21:24:41 +00:00
			`def attributs(self):`
Some refactoring 2015-05-27 19:56:39 +00:00			`"""return a dict of user attributes"""`
Put test username, password, attributes in settings 2016-06-24 19:06:36 +00:00			`return settings.CAS_TEST_ATTRIBUTES`
Some login backends 2015-05-17 21:24:41 +00:00

Exclude non test auth from coverage 2016-06-26 13:34:26 +00:00			`class MysqlAuthUser(AuthUser): # pragma: no cover`
Some refactoring 2015-05-27 19:56:39 +00:00			`"""A mysql auth class: authentication user agains a mysql database"""`
Some login backends 2015-05-17 21:24:41 +00:00			`user = None`
PEP8 2015-06-12 16:10:52 +00:00
Some login backends 2015-05-17 21:24:41 +00:00			`def __init__(self, username):`
			`mysql_config = {`
Some refactoring 2015-05-27 19:56:39 +00:00			`"user": settings.CAS_SQL_USERNAME,`
			`"passwd": settings.CAS_SQL_PASSWORD,`
			`"db": settings.CAS_SQL_DBNAME,`
			`"host": settings.CAS_SQL_HOST,`
PEP8 2015-06-12 16:10:52 +00:00			`"charset": settings.CAS_SQL_DBCHARSET,`
			`"cursorclass": MySQLdb.cursors.DictCursor`
Some login backends 2015-05-17 21:24:41 +00:00			`}`
			`if not MySQLdb:`
			`raise RuntimeError("Please install MySQLdb before using the MysqlAuthUser backend")`
			`conn = MySQLdb.connect(**mysql_config)`
			`curs = conn.cursor()`
			`if curs.execute(settings.CAS_SQL_USER_QUERY, (username,)) == 1:`
			`self.user = curs.fetchone()`
Fix MysqlAuthUser when number of results != 1, typo in README 2015-12-19 16:14:02 +00:00			`super(MysqlAuthUser, self).__init__(self.user['username'])`
			`else:`
			`super(MysqlAuthUser, self).__init__(username)`
Some login backends 2015-05-17 21:24:41 +00:00
			`def test_password(self, password):`
Some refactoring 2015-05-27 19:56:39 +00:00			"""test `password` agains the user"""
Exclude non test auth from coverage 2016-06-26 13:34:26 +00:00			`if self.user:`
Forgotten return 2016-06-27 12:01:39 +00:00			`return check_password(`
Add some password check methods to the MySQL auth backend 2016-06-26 18:29:47 +00:00			`settings.CAS_SQL_PASSWORD_CHECK,`
			`password,`
			`self.user["password"],`
			`settings.CAS_SQL_DBCHARSET`
			`)`
Some login backends 2015-05-17 21:24:41 +00:00			`else:`
Exclude non test auth from coverage 2016-06-26 13:34:26 +00:00			`return False`
Some login backends 2015-05-17 21:24:41 +00:00
			`def attributs(self):`
Some refactoring 2015-05-27 19:56:39 +00:00			`"""return a dict of user attributes"""`
Exclude non test auth from coverage 2016-06-26 13:34:26 +00:00			`if self.user:`
Some login backends 2015-05-17 21:24:41 +00:00			`return self.user`
Exclude non test auth from coverage 2016-06-26 13:34:26 +00:00			`else:`
			`return {}`
Some login backends 2015-05-17 21:24:41 +00:00
PEP8 2015-06-12 16:10:52 +00:00
Exclude non test auth from coverage 2016-06-26 13:34:26 +00:00			`class DjangoAuthUser(AuthUser): # pragma: no cover`
Some refactoring 2015-05-27 19:56:39 +00:00			`"""A django auth class: authenticate user agains django internal users"""`
Some login backends 2015-05-17 21:24:41 +00:00			`user = None`
PEP8 2015-06-12 16:10:52 +00:00
Some login backends 2015-05-17 21:24:41 +00:00			`def __init__(self, username):`
Update README 2015-12-12 16:26:19 +00:00			`User = get_user_model()`
Some login backends 2015-05-17 21:24:41 +00:00			`try:`
			`self.user = User.objects.get(username=username)`
			`except User.DoesNotExist:`
			`pass`
			`super(DjangoAuthUser, self).__init__(username)`

			`def test_password(self, password):`
Some refactoring 2015-05-27 19:56:39 +00:00			"""test `password` agains the user"""
Exclude non test auth from coverage 2016-06-26 13:34:26 +00:00			`if self.user:`
Some login backends 2015-05-17 21:24:41 +00:00			`return self.user.check_password(password)`
Exclude non test auth from coverage 2016-06-26 13:34:26 +00:00			`else:`
			`return False`
Some login backends 2015-05-17 21:24:41 +00:00
			`def attributs(self):`
Some refactoring 2015-05-27 19:56:39 +00:00			`"""return a dict of user attributes"""`
Exclude non test auth from coverage 2016-06-26 13:34:26 +00:00			`if self.user:`
Some login backends 2015-05-17 21:24:41 +00:00			`attr = {}`
			`for field in self.user._meta.fields:`
Some refactoring 2015-05-27 19:56:39 +00:00			`attr[field.attname] = getattr(self.user, field.attname)`
Some login backends 2015-05-17 21:24:41 +00:00			`return attr`
Exclude non test auth from coverage 2016-06-26 13:34:26 +00:00			`else:`
			`return {}`
Test for CAS federation 2016-06-17 17:28:49 +00:00
Fix some style error introduced during the merge 2016-06-27 22:37:18 +00:00
Test for CAS federation 2016-06-17 17:28:49 +00:00			`class CASFederateAuth(AuthUser):`
Add some docstrings 2016-07-03 15:54:11 +00:00			`"""Authentication class used then CAS_FEDERATE is True"""`
Test for CAS federation 2016-06-17 17:28:49 +00:00			`user = None`

			`def __init__(self, username):`
			`try:`
Use django admin application to add/modif identty providers when CAS_FEDERATE is True 2016-07-04 15:23:11 +00:00			`self.user = FederatedUser.get_from_federated_username(username)`
Test for CAS federation 2016-06-17 17:28:49 +00:00			`super(CASFederateAuth, self).__init__(`
Use django admin application to add/modif identty providers when CAS_FEDERATE is True 2016-07-04 15:23:11 +00:00			`self.user.federated_username`
Test for CAS federation 2016-06-17 17:28:49 +00:00			`)`
			`except FederatedUser.DoesNotExist:`
Use django admin application to add/modif identty providers when CAS_FEDERATE is True 2016-07-04 15:23:11 +00:00			`super(CASFederateAuth, self).__init__(username)`
Test for CAS federation 2016-06-17 17:28:49 +00:00
			`def test_password(self, ticket):`
			"""test `password` agains the user"""
			`if not self.user or not self.user.ticket:`
			`return False`
			`else:`
			`return (`
			`ticket == self.user.ticket and`
			`self.user.last_update >`
			`(timezone.now() - timedelta(seconds=settings.CAS_TICKET_VALIDITY))`
			`)`

			`def attributs(self):`
			`"""return a dict of user attributes"""`
Add unit tests for when CAS_FEDERATE is True Also fix some unicode related bugs 2016-07-03 11:51:00 +00:00			`if not self.user: # pragma: no cover (should not happen)`
Test for CAS federation 2016-06-17 17:28:49 +00:00			`return {}`
			`else:`
			`return self.user.attributs`