altf4arnold/datatracker
1
0
Fork 0
Code Issues Pull requests Actions 3 Packages Projects Releases Wiki Activity
datatracker/ietf/ietfauth/auth.py
Bill Fenner 4a5a5b1d59 Introduce initial authentication/authorization linkage. This has a 
couple of aspects:

 - ietfauth.auth.EmailBackEnd is a django.contrib.auth backend to allow
   two modified authentication methods:

   - using email address (stored in django user table) as login username

   - using htpasswd-style "crypt" passwords (for compatability with
     existing user database).  On the first successful login, the
     password will be re-hashed to the django-hash style password.

 - ietfauth.models.UserMap: a mapping from django user to IETF
   person.  This is configured as the profile table, meaning
   that if you have a django user (e.g., from the RequestContext),
   you can use user.get_profile.person to get to the IETF person.

 - ietfauth.models has models for the "legacy" username/person mapping
   tables (LiaisonUser aka "users" and WgPassword aka "wg_password").
   This is to allow mapping of legacy permissions to django permissions
   by walking these tables and applying permissions to users.  The plan
   is to discard these tables eventually.
 - Legacy-Id: 155
2007-05-23 16:10:32 +00:00

43 lines
1.3 KiB
Python
Raw Blame History

from django.contrib.auth.backends import ModelBackend
from django.core.validators import email_re
from django.contrib.auth.models import User
def crypt_check_password(user, raw_password):
"""
Returns a boolean of whether the raw_password was correct. Handles
crypt format only, and updates the password to the hashed version
on first use. This is like User.check_password().
"""
enc_password = user.password
algo, salt, hsh = enc_password.split('$')
if algo == 'crypt':
import crypt
is_correct = ( salt + hsh == crypt.crypt(raw_password, salt) )
if is_correct:
user.set_password(raw_password)
user.save()
return is_correct
return user.check_password(raw_password)
# Based on http://www.djangosnippets.org/snippets/74/
# but modified to use crypt_check_password for all users.
class EmailBackend(ModelBackend):
def authenticate(self, username=None, password=None):
try:
if email_re.search(username):
user = User.objects.get(email=username)
else:
user = User.objects.get(username=username)
except User.DoesNotExist:
return None
if crypt_check_password(user, password):
return user
return None
def get_user(self, user_id):
try:
return User.objects.get(pk=user_id)
except User.DoesNotExist:
return None
Reference in a new issue View git blame Copy permalink