From 92d0c09507379aaa82b769cd1066a61628e9ac55 Mon Sep 17 00:00:00 2001 From: zhengxie Date: Wed, 17 Dec 2014 14:42:02 +0800 Subject: [PATCH] [shib] set username and api token in cookie when the user login with Shibboleth the first time --- thirdpart/shibboleth/backends.py | 2 +- thirdpart/shibboleth/middleware.py | 15 +++++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/thirdpart/shibboleth/backends.py b/thirdpart/shibboleth/backends.py index 0f461039a3..bfd51ffbe3 100644 --- a/thirdpart/shibboleth/backends.py +++ b/thirdpart/shibboleth/backends.py @@ -42,7 +42,7 @@ class ShibbolethRemoteUserBackend(RemoteUserBackend): # instead we use get_or_create when creating unknown users since it has # built-in safeguards for multiple threads. if self.create_unknown_user: - user = User.objects.create_user(email=username) + user = User.objects.create_user(email=username, is_active=True) else: try: user = User.objects.get(email=username) diff --git a/thirdpart/shibboleth/middleware.py b/thirdpart/shibboleth/middleware.py index 108b4dc022..58c9e22694 100755 --- a/thirdpart/shibboleth/middleware.py +++ b/thirdpart/shibboleth/middleware.py @@ -4,12 +4,17 @@ from django.core.exceptions import ImproperlyConfigured from shibboleth.app_settings import SHIB_ATTRIBUTE_MAP, LOGOUT_SESSION_KEY from seahub import auth +from seahub.api2.models import Token class ShibbolethRemoteUserMiddleware(RemoteUserMiddleware): """ Authentication Middleware for use with Shibboleth. Uses the recommended pattern for remote authentication from: http://code.djangoproject.com/svn/django/tags/releases/1.3/django/contrib/auth/middleware.py """ + def __init__(self, *a, **kw): + super(ShibbolethRemoteUserMiddleware, self).__init__(*a, **kw) + self.shib_login = False + def process_request(self, request): # AuthenticationMiddleware is required so that request.user exists. if not hasattr(request, 'user'): @@ -65,6 +70,16 @@ class ShibbolethRemoteUserMiddleware(RemoteUserMiddleware): self.make_profile(user, shib_meta) #setup session. self.setup_session(request) + self.shib_login = True + + def process_response(self, request, response): + if self.shib_login: + self._set_auth_cookie(request, response) + return response + + def _set_auth_cookie(self, request, response): + token, _ = Token.objects.get_or_create(user=request.user.username) + response.set_cookie('seahub_auth', request.user.username + '@' + token.key) def make_profile(self, user, shib_meta): """