/
middleware.py
140 lines (105 loc) · 4.44 KB
/
middleware.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
"""Middleware for account-related functionality."""
import pytz
from django.conf import settings
from django.contrib import auth
from django.utils import timezone
from djblets.siteconfig.models import SiteConfiguration
from reviewboard.accounts.backends import X509Backend
def timezone_middleware(get_response):
"""Middleware that activates the user's local timezone.
Args:
get_response (callable):
The method to execute the view.
"""
def middleware(request):
"""Activate the user's selected timezone for this request.
Args:
request (django.http.HttpRequest):
The HTTP request from the client.
Returns:
django.http.HttpResponse:
The response object.
"""
if request.user.is_authenticated:
try:
user = request.user.get_profile()
timezone.activate(pytz.timezone(user.timezone))
except pytz.UnknownTimeZoneError:
pass
return get_response(request)
return middleware
def update_last_login_middleware(get_response):
"""Middleware that updates a user's last login time more frequently.
This will update the user's stored login time if it's been more than 30
minutes since they last made a request. This helps turn the login time into
a recent activity time, providing a better sense of how often people are
actively using Review Board.
Args:
get_response (callable):
The method to execute the view.
"""
#: The smallest period of time between login time updates.
UPDATE_PERIOD_SECS = 30 * 60 # 30 minutes
def middleware(request):
"""Process the request and update the login time.
Args:
request (django.http.HttpRequest):
The HTTP request from the client.
Returns:
django.http.HttpResponse:
The response object.
"""
user = request.user
if user.is_authenticated:
now = timezone.now()
delta = now - request.user.last_login
if delta.total_seconds() >= UPDATE_PERIOD_SECS:
user.last_login = now
user.save(update_fields=('last_login',))
return get_response(request)
return middleware
def x509_auth_middleware(get_response):
"""Middleware that authenticates a user using X.509 certificates.
If Review Board is configured to use the X.509 authentication backend, this
will automatically authenticate the user using the environment variables
set by mod_ssl.
Apache needs to be configured with mod_ssl. For Review Board to be usable
with X.509 client certificate authentication, the ``SSLVerifyClient``
configuration directive should be set to ``optional``. This will ensure
that basic authentication will still work, allowing clients to work with a
username and password.
Args:
get_response (callable):
The method to execute the view.
"""
def middleware(request):
"""Log in users by their certificate if using X.509 authentication.
This will only log in a user if the request environment (*not* the
headers) are populated with a pre-verified username, and the request
is being handled over HTTPS.
Args:
request (django.http.HttpRequest):
The HTTP request from the client.
Returns:
django.http.HttpResponse:
The response object.
"""
siteconfig = SiteConfiguration.objects.get_current()
if (request.is_secure() and
siteconfig.get('auth_backend') == X509Backend.backend_id):
x509_settings_field = getattr(settings, 'X509_USERNAME_FIELD',
None)
if x509_settings_field == 'CUSTOM':
x509_settings_field = getattr(settings,
'X509_CUSTOM_USERNAME_FIELD',
None)
if x509_settings_field:
x509_field = request.environ.get(x509_settings_field)
if x509_field:
user = auth.authenticate(request=request,
x509_field=x509_field)
if user:
request.user = user
auth.login(request, user)
return get_response(request)
return middleware