This is a basic view for a FastCGI authorizer against the Django auth. The idea is to return either a blank response with REMOTE_USER set on success, a forbidden response for failure, or a redirect to a login page when no user is logged in.
I use this view for a Trac instance running on the same (lighttpd) server as Django. lighttpd is set up to use Django as a FastCGI authorizer (using snippet 1149) for the Trac URLs instead of using basic/digest HTTP authentication, so Trac has the same users as Django.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | def auth(request, path):
from django.http import HttpResponse, HttpResponseRedirect, HttpResponseForbidden
from django.utils.html import escape
if request.user.is_anonymous():
# If not logged in, redirect to login page
return HttpResponseRedirect(reverse("login") + "?next=/" + escape(path))
elif request.user.has_perm("some.perm"):
# If allowed, then return empty "200 OK" response, and
# set REQUEST_USER.
result = HttpResponse()
result['Variable-REMOTE_USER'] = request.user.username
return result
else:
# Otherwise, a user who isn't allowed.
result = HttpResponseForbidden()
result.write("Access denied")
return result
|
More like this
- Template tag - list punctuation for a list of items by shapiromatron 9 months, 3 weeks ago
- JSONRequestMiddleware adds a .json() method to your HttpRequests by cdcarter 10 months ago
- Serializer factory with Django Rest Framework by julio 1 year, 4 months ago
- Image compression before saving the new model / work with JPG, PNG by Schleidens 1 year, 5 months ago
- Help text hyperlinks by sa2812 1 year, 6 months ago
Comments
Please login first before commenting.