zulip/zproject/backends.py

from __future__ import absolute_import

from django.contrib.auth.backends import RemoteUserBackend
from zerver.models import UserProfile, get_user_profile_by_id, \
    get_user_profile_by_email, remote_user_to_email

from openid.consumer.consumer import SUCCESS

class ZulipAuthMixin(object):
    def get_user(self, user_profile_id):
        """ Get a UserProfile object from the user_profile_id. """
        try:
            return get_user_profile_by_id(user_profile_id)
        except UserProfile.DoesNotExist:
            return None

class EmailAuthBackend(ZulipAuthMixin):
    """
    Email Authentication Backend

    Allows a user to sign in using an email/password pair rather than
    a username/password pair.
    """

    def authenticate(self, username=None, password=None):
        """ Authenticate a user based on email address as the user name. """
        if username is None or password is None:
            # Return immediately.  Otherwise we will look for a SQL row with
            # NULL username.  While that's probably harmless, it's needless
            # exposure.
            return None

        try:
            user_profile = get_user_profile_by_email(username)
            if user_profile.check_password(password):
                return user_profile
        except UserProfile.DoesNotExist:
            return None

# Adapted from http://djangosnippets.org/snippets/2183/ by user Hangya (September 1, 2010)

class GoogleBackend(ZulipAuthMixin):
    def authenticate(self, openid_response):
        if openid_response is None:
            return None
        if openid_response.status != SUCCESS:
            return None

        google_email = openid_response.getSigned('http://openid.net/srv/ax/1.0', 'value.email')

        try:
            user_profile = get_user_profile_by_email(google_email)
        except UserProfile.DoesNotExist:
            # create a new user, or send a message to admins, etc.
            return None

        return user_profile

class ZulipRemoteUserBackend(RemoteUserBackend):
    create_unknown_user = False

    def authenticate(self, remote_user):
        if not remote_user:
            return

        email = remote_user_to_email(remote_user)

        try:
            return get_user_profile_by_email(email)
        except UserProfile.DoesNotExist:
            return None
SSO / REMOTE_USER support (imported from commit 4f4fad7af5d3c6099cac95d7708338c182626d72) 2013-11-04 23:16:46 +01:00			`from __future__ import absolute_import`

			`from django.contrib.auth.backends import RemoteUserBackend`
Rename Django project to zproject. This includes a hack to preserve humbug/backends.py as a symlink, so that we don't need to regenerate all our old sessions. (imported from commit b7918988b31c71ec01bbdc270db7017d4069221d) 2013-08-06 22:51:47 +02:00			`from zerver.models import UserProfile, get_user_profile_by_id, \`
SSO / REMOTE_USER support (imported from commit 4f4fad7af5d3c6099cac95d7708338c182626d72) 2013-11-04 23:16:46 +01:00			`get_user_profile_by_email, remote_user_to_email`
Rename Django project to zproject. This includes a hack to preserve humbug/backends.py as a symlink, so that we don't need to regenerate all our old sessions. (imported from commit b7918988b31c71ec01bbdc270db7017d4069221d) 2013-08-06 22:51:47 +02:00
			`from openid.consumer.consumer import SUCCESS`

Factor out get_user in zproject/backends.py (imported from commit d60b5440722ed596ffbcb81086b2f62d535288dd) 2013-11-01 20:22:12 +01:00			`class ZulipAuthMixin(object):`
			`def get_user(self, user_profile_id):`
			`""" Get a UserProfile object from the user_profile_id. """`
			`try:`
			`return get_user_profile_by_id(user_profile_id)`
			`except UserProfile.DoesNotExist:`
			`return None`

			`class EmailAuthBackend(ZulipAuthMixin):`
Rename Django project to zproject. This includes a hack to preserve humbug/backends.py as a symlink, so that we don't need to regenerate all our old sessions. (imported from commit b7918988b31c71ec01bbdc270db7017d4069221d) 2013-08-06 22:51:47 +02:00			`"""`
			`Email Authentication Backend`

			`Allows a user to sign in using an email/password pair rather than`
			`a username/password pair.`
			`"""`

			`def authenticate(self, username=None, password=None):`
			`""" Authenticate a user based on email address as the user name. """`
			`if username is None or password is None:`
			`# Return immediately. Otherwise we will look for a SQL row with`
			`# NULL username. While that's probably harmless, it's needless`
			`# exposure.`
			`return None`

			`try:`
			`user_profile = get_user_profile_by_email(username)`
			`if user_profile.check_password(password):`
			`return user_profile`
			`except UserProfile.DoesNotExist:`
			`return None`

			`# Adapted from http://djangosnippets.org/snippets/2183/ by user Hangya (September 1, 2010)`

Factor out get_user in zproject/backends.py (imported from commit d60b5440722ed596ffbcb81086b2f62d535288dd) 2013-11-01 20:22:12 +01:00			`class GoogleBackend(ZulipAuthMixin):`
Rename Django project to zproject. This includes a hack to preserve humbug/backends.py as a symlink, so that we don't need to regenerate all our old sessions. (imported from commit b7918988b31c71ec01bbdc270db7017d4069221d) 2013-08-06 22:51:47 +02:00			`def authenticate(self, openid_response):`
			`if openid_response is None:`
			`return None`
			`if openid_response.status != SUCCESS:`
			`return None`

			`google_email = openid_response.getSigned('http://openid.net/srv/ax/1.0', 'value.email')`

			`try:`
			`user_profile = get_user_profile_by_email(google_email)`
			`except UserProfile.DoesNotExist:`
			`# create a new user, or send a message to admins, etc.`
			`return None`

			`return user_profile`

SSO / REMOTE_USER support (imported from commit 4f4fad7af5d3c6099cac95d7708338c182626d72) 2013-11-04 23:16:46 +01:00			`class ZulipRemoteUserBackend(RemoteUserBackend):`
			`create_unknown_user = False`

			`def authenticate(self, remote_user):`
			`if not remote_user:`
			`return`

			`email = remote_user_to_email(remote_user)`

			`try:`
			`return get_user_profile_by_email(email)`
			`except UserProfile.DoesNotExist:`
			`return None`