Fix compatibility with Django < 1.4.3

The is_safe_url function used in a previous commit was introduced in
Django 1.4.3. I think breaking compatibility with the old version is
unnecessary, and Ubuntu has backported the security fixes so I'm
hesitant to require a new Django version.

This commit moves the function into openstack_auth.utils, and uses
it if the Django version is missing.

openstack_auth/utils.py

@@ -1,3 +1,5 @@
+import urlparse
+
 from django.conf import settings
 from django.contrib import auth
 from django.contrib.auth.models import AnonymousUser
@@ -103,3 +105,19 @@ def is_ans1_token(token):
     therefore, we will check for MII only and ignore the case of larger tokens
     '''
     return token[:3] == PKI_ANS1_PREFIX
+
+
+# From django.contrib.auth.views
+# Added in Django 1.4.3, 1.5b2
+# Vendored here for compatibility with old Django versions.
+def is_safe_url(url, host=None):
+    """
+    Return ``True`` if the url is a safe redirection (i.e. it doesn't point to
+    a different host).
+
+    Always returns ``False`` on an empty url.
+    """
+    if not url:
+        return False
+    netloc = urlparse.urlparse(url)[1]
+    return not netloc or netloc == host

openstack_auth/views.py

@@ -10,10 +10,14 @@ from django.contrib.auth.views import (login as django_login,
 from django.contrib.auth.decorators import login_required
 from django.views.decorators.debug import sensitive_post_parameters
 from django.utils.functional import curry
-from django.utils.http import is_safe_url
 from django.views.decorators.cache import never_cache
 from django.views.decorators.csrf import csrf_protect
 
+try:
+    from django.utils.http import is_safe_url
+except ImportError:
+    from .utils import is_safe_url
+
 from keystoneclient.v2_0 import client as keystone_client
 from keystoneclient import exceptions as keystone_exceptions