django_example_ynh/django_ynh/sso_auth/auth_backend.py

"""
    remote user authentication backend

    Note: SSOwat/nginx add authentication headers:

        'HTTP_AUTHORIZATION': 'Basic XXXXXXXXXXXXXXXX='
        'HTTP_AUTH_USER': 'username'
        'HTTP_REMOTE_USER': 'username'

    Basic auth contains "{username}:{plaintext-password}"

    and we get SSOwat cookies like:

         'HTTP_COOKIE': 'SSOwAuthUser=username; '
                        'SSOwAuthHash=593876aa66...99e69f88af1e; '
                        'SSOwAuthExpire=1609227697.998; '

    * Login a user via HTTP_REMOTE_USER header, but check also username in:
        * SSOwAuthUser
        * HTTP_AUTH_USER
        * HTTP_AUTHORIZATION (Basic auth)
    * Create new users
    * Update Email, First / Last name for existing users
"""

import logging

from django.contrib.auth.backends import RemoteUserBackend

from django_ynh.sso_auth.user_profile import call_setup_user, update_user_profile


logger = logging.getLogger(__name__)


class SSOwatUserBackend(RemoteUserBackend):
    """
    Authentication backend via SSO/nginx header
    """

    create_unknown_user = True

    def authenticate(self, request, remote_user):
        logger.info('Remote user authenticate: %r', remote_user)
        return super().authenticate(request, remote_user)

    def configure_user(self, request, user):
        """
        Configure a new user after creation and return the updated user.
        """
        logger.warning('Configure user %s', user)

        user = update_user_profile(request, user)
        user = call_setup_user(user=user)

        return user

    def user_can_authenticate(self, user):
        logger.warning('Remote user login: %s', user)
        assert not user.is_anonymous
        return True
init 2020-12-23 19:53:13 +01:00			`"""`
			`remote user authentication backend`

			`Note: SSOwat/nginx add authentication headers:`

			`'HTTP_AUTHORIZATION': 'Basic XXXXXXXXXXXXXXXX='`
			`'HTTP_AUTH_USER': 'username'`
			`'HTTP_REMOTE_USER': 'username'`

			`Basic auth contains "{username}:{plaintext-password}"`

			`and we get SSOwat cookies like:`

			`'HTTP_COOKIE': 'SSOwAuthUser=username; '`
			`'SSOwAuthHash=593876aa66...99e69f88af1e; '`
			`'SSOwAuthExpire=1609227697.998; '`

			`* Login a user via HTTP_REMOTE_USER header, but check also username in:`
			`* SSOwAuthUser`
			`* HTTP_AUTH_USER`
			`* HTTP_AUTHORIZATION (Basic auth)`
			`* Create new users`
			`* Update Email, First / Last name for existing users`
			`"""`

			`import logging`

			`from django.contrib.auth.backends import RemoteUserBackend`

get pytest running with local test copy 2020-12-28 18:52:29 +01:00			`from django_ynh.sso_auth.user_profile import call_setup_user, update_user_profile`
init 2020-12-23 19:53:13 +01:00

			`logger = logging.getLogger(__name__)`


			`class SSOwatUserBackend(RemoteUserBackend):`
			`"""`
			`Authentication backend via SSO/nginx header`
			`"""`

			`create_unknown_user = True`

			`def authenticate(self, request, remote_user):`
			`logger.info('Remote user authenticate: %r', remote_user)`
			`return super().authenticate(request, remote_user)`

			`def configure_user(self, request, user):`
			`"""`
WIP: setup the project 2020-12-28 12:35:36 +01:00			`Configure a new user after creation and return the updated user.`
init 2020-12-23 19:53:13 +01:00			`"""`
			`logger.warning('Configure user %s', user)`

get pytest running with local test copy 2020-12-28 18:52:29 +01:00			`user = update_user_profile(request, user)`
			`user = call_setup_user(user=user)`
init 2020-12-23 19:53:13 +01:00
			`return user`

			`def user_can_authenticate(self, user):`
			`logger.warning('Remote user login: %s', user)`
get pytest running with local test copy 2020-12-28 18:52:29 +01:00			`assert not user.is_anonymous`
init 2020-12-23 19:53:13 +01:00			`return True`