Skip to content

Commit

Permalink
Moved Apache auth handler to django/contrib/auth/handlers/modpython.py
Browse files Browse the repository at this point in the history 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1500 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information
@adrianholovaty
adrianholovaty committed Nov 30, 2005
1 parent 5066fe5 commit 3cb20c4
Show file tree
Hide file tree
Showing 4 changed files with 57 additions and 56 deletions.
Empty file added django/contrib/auth/handlers/__init__.py
View file
Empty file.
44 changes: 44 additions & 0 deletions django/contrib/auth/handlers/modpython.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
from mod_python import apache
import os

def authenhandler(req, **kwargs):
"""
Authentication handler that checks against Django's auth database.
"""

# mod_python fakes the environ, and thus doesn't process SetEnv. This fixes
# that so that the following import works
os.environ.update(req.subprocess_env)

from django.models.auth import users

# check for PythonOptions
_str_to_bool = lambda s: s.lower() in '1', 'true', 'on', 'yes'

options = req.get_options()
permission_name = options.get('DjangoPermissionName', None)
staff_only = _str_to_bool(options.get('DjangoRequireStaffStatus', "on"))
superuser_only = _str_to_bool(options.get('DjangoRequireSuperuserStatus', "off"))

# check that the username is valid
kwargs = {'username__exact': req.user, 'is_active__exact': True}
if staff_only:
kwargs['is_staff__exact'] = True
if superuser_only:
kwargs['is_superuser__exact'] = True
try:
user = users.get_object(**kwargs)
except users.UserDoesNotExist:
return apache.HTTP_UNAUTHORIZED

# check the password and any permission given
if user.check_password(req.get_basic_auth_pw()):
if permission_name:
if user.has_perm(permission_name):
return apache.OK
else:
return apache.HTTP_UNAUTHORIZED
else:
return apache.OK
else:
return apache.HTTP_UNAUTHORIZED
43 changes: 0 additions & 43 deletions django/core/handlers/modpython.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -163,46 +163,3 @@ def populate_apache_request(http_response, mod_python_req):
def handler(req):
# mod_python hooks into this function.
return ModPythonHandler()(req)

def authenhandler(req, **kwargs):
"""
Authentication handler that checks against Django's auth database.
"""
from mod_python import apache

# mod_python fakes the environ, and thus doesn't process SetEnv. This fixes
# that so that the following import works
os.environ.update(req.subprocess_env)
from django.models.auth import users

# check for PythonOptions
_str_to_bool = lambda s: s.lower() in '1', 'true', 'on', 'yes'

options = req.get_options()
permission_name = options.get('DjangoPermissionName', None)
staff_only = _str_to_bool(options.get('DjangoRequireStaffStatus', "on"))
superuser_only = _str_to_bool(options.get('DjangoRequireSuperuserStatus', "off"))

# check that the username is valid
kwargs = {'username__exact': req.user, 'is_active__exact': True}
if staff_only:
kwargs['is_staff__exact'] = True
if superuser_only:
kwargs['is_superuser__exact'] = True
try:
user = users.get_object(**kwargs)
except users.UserDoesNotExist:
return apache.HTTP_UNAUTHORIZED

# check the password and any permission given
if user.check_password(req.get_basic_auth_pw()):
if permission_name:
if user.has_perm(permission_name):
return apache.OK
else:
return apache.HTTP_UNAUTHORIZED
else:
return apache.OK
else:
return apache.HTTP_UNAUTHORIZED

26 changes: 13 additions & 13 deletions docs/apache_auth.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,12 @@ dealing with Apache, you can configuring Apache to authenticate against Django's
`authentication system`_ directly. For example, you could:

* Serve media files directly from Apache only to authenticated users.

* Authenticate access to a Subversion_ repository against Django users with
a certain permission.

* Allow certain users to connect to a WebDAV share created with mod_dav_.

Configuring Apache
==================

Expand All @@ -24,9 +24,9 @@ with the standard ``Auth*`` and ``Require`` directives::
AuthType basic
AuthName "example.com"
Require valid-user

SetEnv DJANGO_SETTINGS_MODULE mysite.settings
PythonAuthenHandler django.core.handlers.modpython
PythonAuthenHandler django.contrib.auth.handlers.modpython
</Location>

By default, the authentication handler will limit access to the ``/example/``
Expand All @@ -37,26 +37,26 @@ location to users marked as staff members. You can use a set of
``PythonOption`` Explanation
================================ =========================================
``DjangoRequireStaffStatus`` If set to ``on`` only "staff" users (i.e.
those with the ``is_staff`` flag set)
those with the ``is_staff`` flag set)
will be allowed.

Defaults to ``on``.

``DjangoRequireSuperuserStatus`` If set to ``on`` only superusers (i.e.
those with the ``is_superuser`` flag set)
will be allowed.

Defaults to ``off``.

``DjangoPermissionName`` The name of a permission to require for
access. See `custom permissions`_ for
access. See `custom permissions`_ for
more information.

By default no specific permission will be
required.
================================ =========================================

.. _authentication system: http://www.djangoproject.com/documentation/authentication/
.. _Subversion: http://subversion.tigris.org/
.. _mod_dav: http://httpd.apache.org/docs/2.0/mod/mod_dav.html
.. _custom permissions: http://www.djangoproject.com/documentation/authentication/#custom-permissions
.. _custom permissions: http://www.djangoproject.com/documentation/authentication/#custom-permissions

0 comments on commit 3cb20c4

Please sign in to comment.