blob: e19de0baffaa484add3b8afcce4362804503d5ed (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
from django import db
from django.contrib import auth
UserModel = auth.get_user_model()
def _get_user(username):
"""
Return the UserModel instance for `username`.
If no matching user exists, or if the user is inactive, return None.
"""
try:
user = UserModel._default_manager.get_by_natural_key(username)
except UserModel.DoesNotExist:
user = None
else:
if not user.is_active:
user = None
return user
def check_password(environ, username, password):
"""
Authenticate against Django's auth database.
mod_wsgi docs specify None, True, False as return value depending
on whether the user exists and authenticates.
Return None if the user does not exist, return False if the user exists but
password is not correct, and return True otherwise.
"""
# db connection state is managed similarly to the wsgi handler
# as mod_wsgi may call these functions outside of a request/response cycle
db.reset_queries()
try:
user = _get_user(username)
return auth.check_password_with_timing_attack_mitigation(user, password)
finally:
db.close_old_connections()
def groups_for_user(environ, username):
"""
Authorize a user based on groups
"""
db.reset_queries()
try:
try:
user = UserModel._default_manager.get_by_natural_key(username)
except UserModel.DoesNotExist:
return []
if not user.is_active:
return []
return [group.name.encode() for group in user.groups.all()]
finally:
db.close_old_connections()
|
