mirror of https://gitlab.crans.org/bde/nk20
Add possibility to authenticate an account with its IP address
This commit is contained in:
parent
bf29efda0a
commit
d773303d18
|
@ -2,12 +2,12 @@
|
||||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||||
|
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
|
from django.contrib.auth import login
|
||||||
from django.contrib.auth.models import AnonymousUser, User
|
from django.contrib.auth.models import AnonymousUser, User
|
||||||
|
from django.contrib.sessions.backends.db import SessionStore
|
||||||
|
|
||||||
from threading import local
|
from threading import local
|
||||||
|
|
||||||
from django.contrib.sessions.backends.db import SessionStore
|
|
||||||
|
|
||||||
USER_ATTR_NAME = getattr(settings, 'LOCAL_USER_ATTR_NAME', '_current_user')
|
USER_ATTR_NAME = getattr(settings, 'LOCAL_USER_ATTR_NAME', '_current_user')
|
||||||
SESSION_ATTR_NAME = getattr(settings, 'LOCAL_SESSION_ATTR_NAME', '_current_session')
|
SESSION_ATTR_NAME = getattr(settings, 'LOCAL_SESSION_ATTR_NAME', '_current_session')
|
||||||
IP_ATTR_NAME = getattr(settings, 'LOCAL_IP_ATTR_NAME', '_current_ip')
|
IP_ATTR_NAME = getattr(settings, 'LOCAL_IP_ATTR_NAME', '_current_ip')
|
||||||
|
@ -78,6 +78,41 @@ class SessionMiddleware(object):
|
||||||
return response
|
return response
|
||||||
|
|
||||||
|
|
||||||
|
class LoginByIPMiddleware(object):
|
||||||
|
"""
|
||||||
|
Allow some users to be authenticated based on their IP address.
|
||||||
|
For example, the "note" account should not be used elsewhere than the Kfet computer,
|
||||||
|
and should not have any password.
|
||||||
|
The password that is stored in database should be on the form "ipbased$my.public.ip.address".
|
||||||
|
"""
|
||||||
|
|
||||||
|
def __init__(self, get_response):
|
||||||
|
self.get_response = get_response
|
||||||
|
|
||||||
|
def __call__(self, request):
|
||||||
|
"""
|
||||||
|
If the user is not authenticated, get the used IP address
|
||||||
|
and check if an user is authorized to be automatically logged with this address.
|
||||||
|
If it is the case, the logging is performed with the full rights.
|
||||||
|
"""
|
||||||
|
if not request.user.is_authenticated:
|
||||||
|
if 'HTTP_X_REAL_IP' in request.META:
|
||||||
|
ip = request.META.get('HTTP_X_REAL_IP')
|
||||||
|
elif 'HTTP_X_FORWARDED_FOR' in request.META:
|
||||||
|
ip = request.META.get('HTTP_X_FORWARDED_FOR').split(', ')[0]
|
||||||
|
else:
|
||||||
|
ip = request.META.get('REMOTE_ADDR')
|
||||||
|
|
||||||
|
qs = User.objects.filter(password=f"ipbased${ip}")
|
||||||
|
if qs.exists():
|
||||||
|
login(request, qs.get())
|
||||||
|
session = request.session
|
||||||
|
session["permission_mask"] = 42
|
||||||
|
session.save()
|
||||||
|
|
||||||
|
return self.get_response(request)
|
||||||
|
|
||||||
|
|
||||||
class TurbolinksMiddleware(object):
|
class TurbolinksMiddleware(object):
|
||||||
"""
|
"""
|
||||||
Send the `Turbolinks-Location` header in response to a visit that was redirected,
|
Send the `Turbolinks-Location` header in response to a visit that was redirected,
|
||||||
|
|
|
@ -49,9 +49,6 @@ try:
|
||||||
except ImportError:
|
except ImportError:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
if "logs" in INSTALLED_APPS:
|
|
||||||
MIDDLEWARE += ('note_kfet.middlewares.SessionMiddleware',)
|
|
||||||
|
|
||||||
if DEBUG:
|
if DEBUG:
|
||||||
PASSWORD_HASHERS += ['member.hashers.DebugSuperuserBackdoor']
|
PASSWORD_HASHERS += ['member.hashers.DebugSuperuserBackdoor']
|
||||||
if "debug_toolbar" in INSTALLED_APPS:
|
if "debug_toolbar" in INSTALLED_APPS:
|
||||||
|
|
|
@ -79,6 +79,8 @@ MIDDLEWARE = [
|
||||||
'django.middleware.locale.LocaleMiddleware',
|
'django.middleware.locale.LocaleMiddleware',
|
||||||
'django.contrib.sites.middleware.CurrentSiteMiddleware',
|
'django.contrib.sites.middleware.CurrentSiteMiddleware',
|
||||||
'django_htcpcp_tea.middleware.HTCPCPTeaMiddleware',
|
'django_htcpcp_tea.middleware.HTCPCPTeaMiddleware',
|
||||||
|
'note_kfet.middlewares.SessionMiddleware',
|
||||||
|
'note_kfet.middlewares.LoginByIPMiddleware',
|
||||||
'note_kfet.middlewares.TurbolinksMiddleware',
|
'note_kfet.middlewares.TurbolinksMiddleware',
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue