Rewrote parts with licensing issues

2012-05-26 17:55:46 +02:00 · 2012-05-26 17:55:46 +02:00 · b98648db19
parent 06ce64172e
commit b98648db19
2 changed files with 43 additions and 51 deletions
--- a/k4ever/api2/authentication.py
+++ b/k4ever/api2/authentication.py
@ -10,66 +10,60 @@ from django.contrib.auth import REDIRECT_FIELD_NAME
 from django.http import HttpResponse, HttpResponseRedirect
 from django.utils.http import urlquote

-# taken and modified from
-# https://bitbucket.org/yml/django-piston/src/dfb826a31ca8/piston/authentication.py

 class DjangoAuthentication(object):
 	"""
-	Django authentication. 
+	Authenticate against djangos own authentication backend
 	"""
-	def __init__(self, login_url=None, redirect_field_name=REDIRECT_FIELD_NAME):
-		if not login_url:
-			login_url = settings.LOGIN_URL
-		self.login_url = login_url
-		self.redirect_field_name = redirect_field_name
-		self.request = None
-	
+
 	def is_authenticated(self, request):
-		"""
-		This method call the `is_authenticated` method of django
-		User in django.contrib.auth.models.
+		""" Check, if user is already authenticated.
 		
+		From piston docs:
 		`is_authenticated`: Will be called when checking for
-		authentication. It returns True if the user is authenticated
-		False otherwise.
+		authentication. Receives a `request` object, please
+		set your `User` object on `request.user`, otherwise
+		return False (or something that evaluates to False.)
 		"""
 		self.request = request
 		return request.user.is_authenticated()
-		
+
 	def challenge(self):
-		"""
+		""" Redirect unauthenticated requests to login form
+
+		From piston docs
 		`challenge`: In cases where `is_authenticated` returns
 		False, the result of this method will be returned.
 		This will usually be a `HttpResponse` object with
 		some kind of challenge headers and 401 code on it.
 		"""
-		path = urlquote(self.request.get_full_path())
-		tup = self.login_url, self.redirect_field_name, path 
-		return HttpResponseRedirect('%s?%s=%s' %tup)

-# taken from
-# http://staer.github.com/2011/01/21/piston-multi-auth.html
+		loginPage = "%s?%s=%s" % (
+			settings.LOGIN_URL,
+			REDIRECT_FIELD_NAME,
+			urlquote(self.request.get_full_path()),
+		)
+		return HttpResponseRedirect(loginPage)
+
+
 class MultiAuthentication(object):
-	""" Authenticated Django-Piston against multiple types of authentication """
-	
-	def __init__(self, auth_types):
-		""" Takes a list of authenication objects to try against, the default
-		authentication type to try is the first in the list. """
-		self.auth_types = auth_types
-		self.selected_auth = auth_types[0]
-	
-	def is_authenticated(self, request):
-		""" Try each authentication type in order and use the first that succeeds """
-		authenticated = False
-		for auth in self.auth_types:
-			authenticated = auth.is_authenticated(request)
-			if authenticated:
-				selected_auth = auth
-				break
-		return authenticated
-	
-	def challenge(self):
-		""" Return the challenge for whatever the selected auth type is (or the default 
-		auth type which is the first in the list)"""
-		return self.selected_auth.challenge()
+	"""  """
+	def __init__(self, authenticators):
+		if len(authenticators) ==0:
+			raise ValueError("MultiAuthentication needs at least one authenticator in list")
+		self.authenticators = authenticators
+		self.currentAuthenticator = self.authenticators[0]
+
+	def is_authenticated(self, request):
+		""" Try to authenticate against all given authenticators. """
+		for authenticator in self.authenticators:
+			if authenticator.is_authenticated(request):
+				# success!
+				self.currentAuthenticator = authenticator
+				return True
+		return False
+
+	def challenge(self):
+		""" Return challenge for current or default authenticator. """
+		return self.currentAuthenticator.challenge()

--- a/k4ever/api2/urls.py
+++ b/k4ever/api2/urls.py
@ -17,15 +17,13 @@ import piston.utils
 piston.utils.Mimer.content_type = fix_mime(piston.utils.Mimer.content_type)

 class CsrfExemptResource(Resource):
-	""" Except a :class:`Resource` from djangos CSRF-Framework.
-
-		This idea is taken from
-		http://www.robertshady.com/content/creating-very-basic-api-using-python-django-and-piston
 	"""
-	
+	Exempt a :class:`Resource` from django's CSRF checking.
+	"""
+
 	def __init__(self, handler, authentication = None):
-		super( CsrfExemptResource, self ).__init__( handler, authentication )
-		self.csrf_exempt = getattr( self.handler, 'csrf_exempt', True )
+		Resource.__init__(handler, authentication)
+		self.csrf_exempt = getattr(self.handler, 'csrf_exempt', True)

 # build authenticatiooors
 basicAuth = HttpBasicAuthentication(realm="Freitagsrundenkassensystemapi")