Various Fixes
- Properly set user on request from view - Use Faked auth plugin to handle auth_url correctly.
This commit is contained in:
Jamie Lennox
parent
fd4ef474b7
commit
882ff0bab1
|
|
@ -12,10 +12,28 @@
|
|||
|
||||
import os
|
||||
|
||||
from keystoneclient import auth
|
||||
from keystoneclient_kerberos import v3 as v3_kerb_auth
|
||||
from openstack_auth import base
|
||||
|
||||
|
||||
class _HackedKerbAuth(v3_kerb_auth.Kerberos):
|
||||
|
||||
def __init__(self, auth_url, original_auth_url):
|
||||
self.original_auth_url = original_auth_url
|
||||
super(_HackedKerbAuth, self).__init__(auth_url=auth_url)
|
||||
|
||||
def get_endpoint(self, session, **kwargs):
|
||||
# NOTE(jamielennox): This is a hack to return the actual AUTH_URL
|
||||
# rather than the one with the kerberos path, other wise project
|
||||
# listing tries to work on the kerberized path and will fail.
|
||||
if kwargs.get('interface') == auth.AUTH_INTERFACE:
|
||||
return self.original_auth_url
|
||||
|
||||
return super(_HackedKerbAuth, self).get_endpoint(session, **kwargs)
|
||||
|
||||
|
||||
|
||||
class KerberosLogin(base.BaseIdentityAuthentication):
|
||||
|
||||
def get_unscoped_plugin(self, request=None, auth_url=None, **kwargs):
|
||||
|
|
@ -32,9 +50,11 @@ class KerberosLogin(base.BaseIdentityAuthentication):
|
|||
|
||||
os.environ['KRB5CCNAME'] = ticket
|
||||
|
||||
original_auth_url = auth_url
|
||||
|
||||
# FIXME(jamielennox): get this from settings
|
||||
s = auth_url.split('/')
|
||||
s.insert(-1, 'krb')
|
||||
auth_url = '/'.join(s)
|
||||
|
||||
return v3_kerb_auth.Kerberos(auth_url=auth_url)
|
||||
return _HackedKerbAuth(auth_url, original_auth_url)
|
||||
|
|
|
|||
|
|
@ -14,12 +14,8 @@
|
|||
from django.conf.urls import patterns
|
||||
from django.conf.urls import url
|
||||
|
||||
from openstack_auth import utils
|
||||
|
||||
utils.patch_middleware_get_user()
|
||||
|
||||
|
||||
urlpatterns = patterns(
|
||||
'openstack_auth_kerberos.views',
|
||||
url(r"^kerberos/$", "kerb_login", name='kerb_login'),
|
||||
url(r'^kerberos/$', 'kerb_login', name='kerberos_login'),
|
||||
)
|
||||
|
|
|
|||
|
|
@ -13,11 +13,13 @@
|
|||
|
||||
import logging
|
||||
import re
|
||||
import time
|
||||
|
||||
from django.conf import settings
|
||||
from django.contrib import auth
|
||||
from django.contrib.auth.decorators import login_required # noqa
|
||||
from django import http as django_http
|
||||
from django import shortcuts
|
||||
from django.utils import http
|
||||
from django.views.decorators.cache import never_cache # noqa
|
||||
from django.views.decorators.csrf import csrf_exempt # noqa
|
||||
|
|
@ -46,6 +48,13 @@ def kerb_login(request):
|
|||
"""Attempt to log a user in via kerberos credential."""
|
||||
user = auth.authenticate(request=request)
|
||||
|
||||
if user:
|
||||
if user and user.is_authenticated():
|
||||
auth.login(request, user)
|
||||
res = shortcuts.redirect(settings.LOGIN_REDIRECT_URL)
|
||||
|
||||
auth_user.set_session_from_user(request, user)
|
||||
request.session['last_activity'] = int(time.time())
|
||||
else:
|
||||
res = shortcuts.redirect('/l')
|
||||
|
||||
return res
|
||||
|
|
|
|||
Loading…
Reference in New Issue