Mass cleaning of kfet' authentication machinery

AccountBackend - Should now work if used in AUTHENTICATION_BACKENDS settings. - It does not retieve itself the password, as it should not be used this way. GenericBackend - Delete useless 'username' arg of its 'authenticate()' method. - Now delete the token in DB. TemporaryAuthMiddleware - New name of the middleware is more meaningful. - Is now responsible to retrieve the password from the request, instead of the AccountBackend. GenericTeamToken model - Add a manager' method to create token, avoiding possible error due to unicity constraint. GenericLoginView (authentication with the kfet generic user) - Replace obscure system with a 100% HTTP handling. - See comments for more information. Misc - More docstrings! - More tests! - Add some i18n. - Add kfet/confirm_form.html template: Ask user to confirm sth via a form (which will send a POST request). Context variables: * title: the page title * confirm_url: action attribute for <form> * text: displayed confirmation text - kfet.js : Add functions allowing to emit POST request from <a> tag. - Non-link nav items from kfet navbar also get a 'title'. - A utility has been found for the 'sunglasses' glyphicon!
2017-09-25 17:16:19 +02:00 · 2017-09-25 17:16:19 +02:00 · b42452080f
commit b42452080f
parent 3fa7754ff4
18 changed files with 559 additions and 119 deletions
--- a/kfet/auth/middleware.py
+++ b/kfet/auth/middleware.py
@ -1,12 +1,13 @@
 # -*- coding: utf-8 -*-
+from django.contrib.auth import get_user_model

-from django.contrib.auth.models import User
+from .backends import AccountBackend

-from .backends import KFetBackend
+User = get_user_model()


-class KFetAuthenticationMiddleware(object):
-    """Authenticate another user for this request if KFetBackend succeeds.
+class TemporaryAuthMiddleware:
+    """Authenticate another user for this request if AccountBackend succeeds.

    By the way, if a user is authenticated, we refresh its from db to add
    values from CofProfile and Account of this user.
@ -15,15 +16,23 @@ class KFetAuthenticationMiddleware(object):
    def process_request(self, request):
        if request.user.is_authenticated():
            # avoid multiple db accesses in views and templates
-            user_pk = request.user.pk
            request.user = (
                User.objects
                .select_related('profile__account_kfet')
-                .get(pk=user_pk)
+                .get(pk=request.user.pk)
            )

-        kfet_backend = KFetBackend()
-        temp_request_user = kfet_backend.authenticate(request)
+        temp_request_user = AccountBackend().authenticate(
+            request,
+            kfet_password=self.get_kfet_password(request),
+        )
+
        if temp_request_user:
            request.real_user = request.user
            request.user = temp_request_user
+
+    def get_kfet_password(self, request):
+        return (
+            request.META.get('HTTP_KFETPASSWORD') or
+            request.POST.get('KFETPASSWORD')
+        )