kpsul/kfet/auth/middleware.py

from django.contrib.auth import get_user_model

from .backends import AccountBackend

User = get_user_model()


class TemporaryAuthMiddleware:
    """Authenticate another user for this request if AccountBackend succeeds.

    By the way, if a user is authenticated, we refresh its from db to add
    values from CofProfile and Account of this user.

    """
    def process_request(self, request):
        if request.user.is_authenticated():
            # avoid multiple db accesses in views and templates
            request.user = (
                User.objects
                .select_related('profile__account_kfet')
                .get(pk=request.user.pk)
            )

        temp_request_user = AccountBackend().authenticate(
            request,
            kfet_password=self.get_kfet_password(request),
        )

        if temp_request_user:
            request.real_user = request.user
            request.user = temp_request_user

    def get_kfet_password(self, request):
        return (
            request.META.get('HTTP_KFETPASSWORD') or
            request.POST.get('KFETPASSWORD')
        )
Mass cleaning of kfet' authentication machinery AccountBackend - Should now work if used in AUTHENTICATION_BACKENDS settings. - It does not retieve itself the password, as it should not be used this way. GenericBackend - Delete useless 'username' arg of its 'authenticate()' method. - Now delete the token in DB. TemporaryAuthMiddleware - New name of the middleware is more meaningful. - Is now responsible to retrieve the password from the request, instead of the AccountBackend. GenericTeamToken model - Add a manager' method to create token, avoiding possible error due to unicity constraint. GenericLoginView (authentication with the kfet generic user) - Replace obscure system with a 100% HTTP handling. - See comments for more information. Misc - More docstrings! - More tests! - Add some i18n. - Add kfet/confirm_form.html template: Ask user to confirm sth via a form (which will send a POST request). Context variables: * title: the page title * confirm_url: action attribute for <form> * text: displayed confirmation text - kfet.js : Add functions allowing to emit POST request from <a> tag. - Non-link nav items from kfet navbar also get a 'title'. - A utility has been found for the 'sunglasses' glyphicon! 2017-09-25 17:16:19 +02:00			`from django.contrib.auth import get_user_model`
Py2 compatible 2016-09-01 00:45:44 +02:00
Mass cleaning of kfet' authentication machinery AccountBackend - Should now work if used in AUTHENTICATION_BACKENDS settings. - It does not retieve itself the password, as it should not be used this way. GenericBackend - Delete useless 'username' arg of its 'authenticate()' method. - Now delete the token in DB. TemporaryAuthMiddleware - New name of the middleware is more meaningful. - Is now responsible to retrieve the password from the request, instead of the AccountBackend. GenericTeamToken model - Add a manager' method to create token, avoiding possible error due to unicity constraint. GenericLoginView (authentication with the kfet generic user) - Replace obscure system with a 100% HTTP handling. - See comments for more information. Misc - More docstrings! - More tests! - Add some i18n. - Add kfet/confirm_form.html template: Ask user to confirm sth via a form (which will send a POST request). Context variables: * title: the page title * confirm_url: action attribute for <form> * text: displayed confirmation text - kfet.js : Add functions allowing to emit POST request from <a> tag. - Non-link nav items from kfet navbar also get a 'title'. - A utility has been found for the 'sunglasses' glyphicon! 2017-09-25 17:16:19 +02:00			`from .backends import AccountBackend`
Py2 compatible 2016-09-01 00:45:44 +02:00
Mass cleaning of kfet' authentication machinery AccountBackend - Should now work if used in AUTHENTICATION_BACKENDS settings. - It does not retieve itself the password, as it should not be used this way. GenericBackend - Delete useless 'username' arg of its 'authenticate()' method. - Now delete the token in DB. TemporaryAuthMiddleware - New name of the middleware is more meaningful. - Is now responsible to retrieve the password from the request, instead of the AccountBackend. GenericTeamToken model - Add a manager' method to create token, avoiding possible error due to unicity constraint. GenericLoginView (authentication with the kfet generic user) - Replace obscure system with a 100% HTTP handling. - See comments for more information. Misc - More docstrings! - More tests! - Add some i18n. - Add kfet/confirm_form.html template: Ask user to confirm sth via a form (which will send a POST request). Context variables: * title: the page title * confirm_url: action attribute for <form> * text: displayed confirmation text - kfet.js : Add functions allowing to emit POST request from <a> tag. - Non-link nav items from kfet navbar also get a 'title'. - A utility has been found for the 'sunglasses' glyphicon! 2017-09-25 17:16:19 +02:00			`User = get_user_model()`
globally fewer db requests 2017-04-06 14:15:03 +02:00
Authentification K-Psul Si une (des) permission(s) sont nécessaires pour enregistrer/annuler des opérations, une demande d'authentification apparaît où l'utilisateur doit mettre le mot de passe d'un compte ayant la (les) permission(s) requise(s). Ce mot de passe est envoyé dans la requête AJAX via le header `KFetPassword`. Le middleware `KFetAuthenticationPassword` est appelée à chaque requête. Il appelle lui même le backend `KFetBackend` qui est chargé de retrouver le user dont le compte K-Fêt correspond au mot de passe défini dans le header `KFETPASSWORD`. Si le header n'est pas présent ou qu'aucun utilisateur ne correspond à ce mot de passe, le middleware ne fait... rien ! Dans le cas où un user est trouvé, il est "chargé" dans `request.user` permettant ainsi de connecter l'utilisateur pour ce cycle requête/réponse sans déconnecter l'utilisateur connecté de manière normale. 2016-08-19 06:20:37 +02:00
Mass cleaning of kfet' authentication machinery AccountBackend - Should now work if used in AUTHENTICATION_BACKENDS settings. - It does not retieve itself the password, as it should not be used this way. GenericBackend - Delete useless 'username' arg of its 'authenticate()' method. - Now delete the token in DB. TemporaryAuthMiddleware - New name of the middleware is more meaningful. - Is now responsible to retrieve the password from the request, instead of the AccountBackend. GenericTeamToken model - Add a manager' method to create token, avoiding possible error due to unicity constraint. GenericLoginView (authentication with the kfet generic user) - Replace obscure system with a 100% HTTP handling. - See comments for more information. Misc - More docstrings! - More tests! - Add some i18n. - Add kfet/confirm_form.html template: Ask user to confirm sth via a form (which will send a POST request). Context variables: * title: the page title * confirm_url: action attribute for <form> * text: displayed confirmation text - kfet.js : Add functions allowing to emit POST request from <a> tag. - Non-link nav items from kfet navbar also get a 'title'. - A utility has been found for the 'sunglasses' glyphicon! 2017-09-25 17:16:19 +02:00			`class TemporaryAuthMiddleware:`
			`"""Authenticate another user for this request if AccountBackend succeeds.`
globally fewer db requests 2017-04-06 14:15:03 +02:00
			`By the way, if a user is authenticated, we refresh its from db to add`
			`values from CofProfile and Account of this user.`

			`"""`
Authentification K-Psul Si une (des) permission(s) sont nécessaires pour enregistrer/annuler des opérations, une demande d'authentification apparaît où l'utilisateur doit mettre le mot de passe d'un compte ayant la (les) permission(s) requise(s). Ce mot de passe est envoyé dans la requête AJAX via le header `KFetPassword`. Le middleware `KFetAuthenticationPassword` est appelée à chaque requête. Il appelle lui même le backend `KFetBackend` qui est chargé de retrouver le user dont le compte K-Fêt correspond au mot de passe défini dans le header `KFETPASSWORD`. Si le header n'est pas présent ou qu'aucun utilisateur ne correspond à ce mot de passe, le middleware ne fait... rien ! Dans le cas où un user est trouvé, il est "chargé" dans `request.user` permettant ainsi de connecter l'utilisateur pour ce cycle requête/réponse sans déconnecter l'utilisateur connecté de manière normale. 2016-08-19 06:20:37 +02:00			`def process_request(self, request):`
globally fewer db requests 2017-04-06 14:15:03 +02:00			`if request.user.is_authenticated():`
			`# avoid multiple db accesses in views and templates`
			`request.user = (`
			`User.objects`
			`.select_related('profile__account_kfet')`
Mass cleaning of kfet' authentication machinery AccountBackend - Should now work if used in AUTHENTICATION_BACKENDS settings. - It does not retieve itself the password, as it should not be used this way. GenericBackend - Delete useless 'username' arg of its 'authenticate()' method. - Now delete the token in DB. TemporaryAuthMiddleware - New name of the middleware is more meaningful. - Is now responsible to retrieve the password from the request, instead of the AccountBackend. GenericTeamToken model - Add a manager' method to create token, avoiding possible error due to unicity constraint. GenericLoginView (authentication with the kfet generic user) - Replace obscure system with a 100% HTTP handling. - See comments for more information. Misc - More docstrings! - More tests! - Add some i18n. - Add kfet/confirm_form.html template: Ask user to confirm sth via a form (which will send a POST request). Context variables: * title: the page title * confirm_url: action attribute for <form> * text: displayed confirmation text - kfet.js : Add functions allowing to emit POST request from <a> tag. - Non-link nav items from kfet navbar also get a 'title'. - A utility has been found for the 'sunglasses' glyphicon! 2017-09-25 17:16:19 +02:00			`.get(pk=request.user.pk)`
globally fewer db requests 2017-04-06 14:15:03 +02:00			`)`

Mass cleaning of kfet' authentication machinery AccountBackend - Should now work if used in AUTHENTICATION_BACKENDS settings. - It does not retieve itself the password, as it should not be used this way. GenericBackend - Delete useless 'username' arg of its 'authenticate()' method. - Now delete the token in DB. TemporaryAuthMiddleware - New name of the middleware is more meaningful. - Is now responsible to retrieve the password from the request, instead of the AccountBackend. GenericTeamToken model - Add a manager' method to create token, avoiding possible error due to unicity constraint. GenericLoginView (authentication with the kfet generic user) - Replace obscure system with a 100% HTTP handling. - See comments for more information. Misc - More docstrings! - More tests! - Add some i18n. - Add kfet/confirm_form.html template: Ask user to confirm sth via a form (which will send a POST request). Context variables: * title: the page title * confirm_url: action attribute for <form> * text: displayed confirmation text - kfet.js : Add functions allowing to emit POST request from <a> tag. - Non-link nav items from kfet navbar also get a 'title'. - A utility has been found for the 'sunglasses' glyphicon! 2017-09-25 17:16:19 +02:00			`temp_request_user = AccountBackend().authenticate(`
			`request,`
			`kfet_password=self.get_kfet_password(request),`
			`)`

Authentification K-Psul Si une (des) permission(s) sont nécessaires pour enregistrer/annuler des opérations, une demande d'authentification apparaît où l'utilisateur doit mettre le mot de passe d'un compte ayant la (les) permission(s) requise(s). Ce mot de passe est envoyé dans la requête AJAX via le header `KFetPassword`. Le middleware `KFetAuthenticationPassword` est appelée à chaque requête. Il appelle lui même le backend `KFetBackend` qui est chargé de retrouver le user dont le compte K-Fêt correspond au mot de passe défini dans le header `KFETPASSWORD`. Si le header n'est pas présent ou qu'aucun utilisateur ne correspond à ce mot de passe, le middleware ne fait... rien ! Dans le cas où un user est trouvé, il est "chargé" dans `request.user` permettant ainsi de connecter l'utilisateur pour ce cycle requête/réponse sans déconnecter l'utilisateur connecté de manière normale. 2016-08-19 06:20:37 +02:00			`if temp_request_user:`
Auth spéciale - Le backend d'auth K-Fêt est étendu pour aussi identifier une personne dans le cas dans d'un formulaire en récupérant le password contenu dans l'input de nom `KFETPASSWORD` - Le middleware d'auth K-Fêt enregistre l'utilisateur connecté de manière normale dans `request.real_user` - Ajout d'un processeurs de contextes `kfet.context_processors.auth` qui qui remplace `user` et `perms` par l'utilisateur connecté de manière normale (`request.real_user`) et non celui connecté temporairement - Modification de la vue de modif d'un compte pour s'adapter à l'auth - Modification du template de modification d'un compte pour utiliser ce moyen d'authentification - Séparation du JS conservant le côté gauche d'une page à l'écran - Séparation de l'encart gauche contenant les infos d'un comtpe dans un autre template (`left_account`) pour l'utiliser dans `account_read` et `account_update` - `base_nav` utilise user (qui est donc le vrai utilisateur connecté) au lieu de `request.user` qui peut aussi bien être le vrai utilisateur qu'un utilisateur temporaire 2016-08-20 23:31:30 +02:00			`request.real_user = request.user`
Authentification K-Psul Si une (des) permission(s) sont nécessaires pour enregistrer/annuler des opérations, une demande d'authentification apparaît où l'utilisateur doit mettre le mot de passe d'un compte ayant la (les) permission(s) requise(s). Ce mot de passe est envoyé dans la requête AJAX via le header `KFetPassword`. Le middleware `KFetAuthenticationPassword` est appelée à chaque requête. Il appelle lui même le backend `KFetBackend` qui est chargé de retrouver le user dont le compte K-Fêt correspond au mot de passe défini dans le header `KFETPASSWORD`. Si le header n'est pas présent ou qu'aucun utilisateur ne correspond à ce mot de passe, le middleware ne fait... rien ! Dans le cas où un user est trouvé, il est "chargé" dans `request.user` permettant ainsi de connecter l'utilisateur pour ce cycle requête/réponse sans déconnecter l'utilisateur connecté de manière normale. 2016-08-19 06:20:37 +02:00			`request.user = temp_request_user`
Mass cleaning of kfet' authentication machinery AccountBackend - Should now work if used in AUTHENTICATION_BACKENDS settings. - It does not retieve itself the password, as it should not be used this way. GenericBackend - Delete useless 'username' arg of its 'authenticate()' method. - Now delete the token in DB. TemporaryAuthMiddleware - New name of the middleware is more meaningful. - Is now responsible to retrieve the password from the request, instead of the AccountBackend. GenericTeamToken model - Add a manager' method to create token, avoiding possible error due to unicity constraint. GenericLoginView (authentication with the kfet generic user) - Replace obscure system with a 100% HTTP handling. - See comments for more information. Misc - More docstrings! - More tests! - Add some i18n. - Add kfet/confirm_form.html template: Ask user to confirm sth via a form (which will send a POST request). Context variables: * title: the page title * confirm_url: action attribute for <form> * text: displayed confirmation text - kfet.js : Add functions allowing to emit POST request from <a> tag. - Non-link nav items from kfet navbar also get a 'title'. - A utility has been found for the 'sunglasses' glyphicon! 2017-09-25 17:16:19 +02:00
			`def get_kfet_password(self, request):`
			`return (`
			`request.META.get('HTTP_KFETPASSWORD') or`
			`request.POST.get('KFETPASSWORD')`
			`)`