summaryrefslogtreecommitdiff
path: root/django/core/handlers/modpython.py
diff options
context:
space:
mode:
Diffstat (limited to 'django/core/handlers/modpython.py')
-rw-r--r--django/core/handlers/modpython.py43
1 files changed, 43 insertions, 0 deletions
diff --git a/django/core/handlers/modpython.py b/django/core/handlers/modpython.py
index e52879065f..d4670eabca 100644
--- a/django/core/handlers/modpython.py
+++ b/django/core/handlers/modpython.py
@@ -163,3 +163,46 @@ def populate_apache_request(http_response, mod_python_req):
def handler(req):
# mod_python hooks into this function.
return ModPythonHandler()(req)
+
+def authenhandler(req, **kwargs):
+ """
+ Authentication handler that checks against Django's auth database.
+ """
+ from mod_python import apache
+
+ # mod_python fakes the environ, and thus doesn't process SetEnv. This fixes
+ # that so that the following import works
+ os.environ.update(req.subprocess_env)
+ from django.models.auth import users
+
+ # check for PythonOptions
+ _str_to_bool = lambda s: s.lower() in '1', 'true', 'on', 'yes'
+
+ options = req.get_options()
+ permission_name = options.get('DjangoPermissionName', None)
+ staff_only = _str_to_bool(options.get('DjangoRequireStaffStatus', "on"))
+ superuser_only = _str_to_bool(options.get('DjangoRequireSuperuserStatus', "off"))
+
+ # check that the username is valid
+ kwargs = {'username__exact': req.user, 'is_active__exact': True}
+ if staff_only:
+ kwargs['is_staff__exact'] = True
+ if superuser_only:
+ kwargs['is_superuser__exact'] = True
+ try:
+ user = users.get_object(**kwargs)
+ except users.UserDoesNotExist:
+ return apache.HTTP_UNAUTHORIZED
+
+ # check the password and any permission given
+ if user.check_password(req.get_basic_auth_pw()):
+ if permission_name:
+ if user.has_perm(permission_name):
+ return apache.OK
+ else:
+ return apache.HTTP_UNAUTHORIZED
+ else:
+ return apache.OK
+ else:
+ return apache.HTTP_UNAUTHORIZED
+ \ No newline at end of file