summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAdrian Holovaty <adrian@holovaty.com>2005-11-30 01:14:23 +0000
committerAdrian Holovaty <adrian@holovaty.com>2005-11-30 01:14:23 +0000
commit3cb20c45c73c003e4f8417ea44bf8c7d9ec6bd27 (patch)
treecb6bb1db628b82eb971527b4a93b4d5ff52e8ce2
parent5066fe528c0797af2d6d12ab49d39c7735e9b05f (diff)
Moved Apache auth handler to django/contrib/auth/handlers/modpython.py
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1500 bcc190cf-cafb-0310-a4f2-bffc1f526a37
-rw-r--r--django/contrib/auth/handlers/__init__.py0
-rw-r--r--django/contrib/auth/handlers/modpython.py44
-rw-r--r--django/core/handlers/modpython.py43
-rw-r--r--docs/apache_auth.txt26
4 files changed, 57 insertions, 56 deletions
diff --git a/django/contrib/auth/handlers/__init__.py b/django/contrib/auth/handlers/__init__.py
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/django/contrib/auth/handlers/__init__.py
diff --git a/django/contrib/auth/handlers/modpython.py b/django/contrib/auth/handlers/modpython.py
new file mode 100644
index 0000000000..a29051b4a3
--- /dev/null
+++ b/django/contrib/auth/handlers/modpython.py
@@ -0,0 +1,44 @@
+from mod_python import apache
+import os
+
+def authenhandler(req, **kwargs):
+ """
+ Authentication handler that checks against Django's auth database.
+ """
+
+ # mod_python fakes the environ, and thus doesn't process SetEnv. This fixes
+ # that so that the following import works
+ os.environ.update(req.subprocess_env)
+
+ from django.models.auth import users
+
+ # check for PythonOptions
+ _str_to_bool = lambda s: s.lower() in '1', 'true', 'on', 'yes'
+
+ options = req.get_options()
+ permission_name = options.get('DjangoPermissionName', None)
+ staff_only = _str_to_bool(options.get('DjangoRequireStaffStatus', "on"))
+ superuser_only = _str_to_bool(options.get('DjangoRequireSuperuserStatus', "off"))
+
+ # check that the username is valid
+ kwargs = {'username__exact': req.user, 'is_active__exact': True}
+ if staff_only:
+ kwargs['is_staff__exact'] = True
+ if superuser_only:
+ kwargs['is_superuser__exact'] = True
+ try:
+ user = users.get_object(**kwargs)
+ except users.UserDoesNotExist:
+ return apache.HTTP_UNAUTHORIZED
+
+ # check the password and any permission given
+ if user.check_password(req.get_basic_auth_pw()):
+ if permission_name:
+ if user.has_perm(permission_name):
+ return apache.OK
+ else:
+ return apache.HTTP_UNAUTHORIZED
+ else:
+ return apache.OK
+ else:
+ return apache.HTTP_UNAUTHORIZED
diff --git a/django/core/handlers/modpython.py b/django/core/handlers/modpython.py
index d4670eabca..e52879065f 100644
--- a/django/core/handlers/modpython.py
+++ b/django/core/handlers/modpython.py
@@ -163,46 +163,3 @@ def populate_apache_request(http_response, mod_python_req):
def handler(req):
# mod_python hooks into this function.
return ModPythonHandler()(req)
-
-def authenhandler(req, **kwargs):
- """
- Authentication handler that checks against Django's auth database.
- """
- from mod_python import apache
-
- # mod_python fakes the environ, and thus doesn't process SetEnv. This fixes
- # that so that the following import works
- os.environ.update(req.subprocess_env)
- from django.models.auth import users
-
- # check for PythonOptions
- _str_to_bool = lambda s: s.lower() in '1', 'true', 'on', 'yes'
-
- options = req.get_options()
- permission_name = options.get('DjangoPermissionName', None)
- staff_only = _str_to_bool(options.get('DjangoRequireStaffStatus', "on"))
- superuser_only = _str_to_bool(options.get('DjangoRequireSuperuserStatus', "off"))
-
- # check that the username is valid
- kwargs = {'username__exact': req.user, 'is_active__exact': True}
- if staff_only:
- kwargs['is_staff__exact'] = True
- if superuser_only:
- kwargs['is_superuser__exact'] = True
- try:
- user = users.get_object(**kwargs)
- except users.UserDoesNotExist:
- return apache.HTTP_UNAUTHORIZED
-
- # check the password and any permission given
- if user.check_password(req.get_basic_auth_pw()):
- if permission_name:
- if user.has_perm(permission_name):
- return apache.OK
- else:
- return apache.HTTP_UNAUTHORIZED
- else:
- return apache.OK
- else:
- return apache.HTTP_UNAUTHORIZED
- \ No newline at end of file
diff --git a/docs/apache_auth.txt b/docs/apache_auth.txt
index 1250679ea8..0dd5d00cbe 100644
--- a/docs/apache_auth.txt
+++ b/docs/apache_auth.txt
@@ -7,12 +7,12 @@ dealing with Apache, you can configuring Apache to authenticate against Django's
`authentication system`_ directly. For example, you could:
* Serve media files directly from Apache only to authenticated users.
-
+
* Authenticate access to a Subversion_ repository against Django users with
a certain permission.
-
+
* Allow certain users to connect to a WebDAV share created with mod_dav_.
-
+
Configuring Apache
==================
@@ -24,9 +24,9 @@ with the standard ``Auth*`` and ``Require`` directives::
AuthType basic
AuthName "example.com"
Require valid-user
-
+
SetEnv DJANGO_SETTINGS_MODULE mysite.settings
- PythonAuthenHandler django.core.handlers.modpython
+ PythonAuthenHandler django.contrib.auth.handlers.modpython
</Location>
By default, the authentication handler will limit access to the ``/example/``
@@ -37,26 +37,26 @@ location to users marked as staff members. You can use a set of
``PythonOption`` Explanation
================================ =========================================
``DjangoRequireStaffStatus`` If set to ``on`` only "staff" users (i.e.
- those with the ``is_staff`` flag set)
+ those with the ``is_staff`` flag set)
will be allowed.
-
+
Defaults to ``on``.
``DjangoRequireSuperuserStatus`` If set to ``on`` only superusers (i.e.
those with the ``is_superuser`` flag set)
will be allowed.
-
+
Defaults to ``off``.
-
+
``DjangoPermissionName`` The name of a permission to require for
- access. See `custom permissions`_ for
+ access. See `custom permissions`_ for
more information.
-
+
By default no specific permission will be
required.
================================ =========================================
-
+
.. _authentication system: http://www.djangoproject.com/documentation/authentication/
.. _Subversion: http://subversion.tigris.org/
.. _mod_dav: http://httpd.apache.org/docs/2.0/mod/mod_dav.html
-.. _custom permissions: http://www.djangoproject.com/documentation/authentication/#custom-permissions \ No newline at end of file
+.. _custom permissions: http://www.djangoproject.com/documentation/authentication/#custom-permissions