5
9
request._cached_user = get_user(request)
6
10
return request._cached_user
8
13
class AuthenticationMiddleware(object):
9
14
def process_request(self, request):
10
15
assert hasattr(request, 'session'), "The Django authentication middleware requires session middleware to be installed. Edit your MIDDLEWARE_CLASSES setting to insert 'django.contrib.sessions.middleware.SessionMiddleware'."
11
16
request.__class__.user = LazyUser()
20
class RemoteUserMiddleware(object):
22
Middleware for utilizing web-server-provided authentication.
24
If request.user is not authenticated, then this middleware attempts to
25
authenticate the username passed in the ``REMOTE_USER`` request header.
26
If authentication is successful, the user is automatically logged in to
27
persist the user in the session.
29
The header used is configurable and defaults to ``REMOTE_USER``. Subclass
30
this class and change the ``header`` attribute if you need to use a
34
# Name of request header to grab username from. This will be the key as
35
# used in the request.META dictionary, i.e. the normalization of headers to
36
# all uppercase and the addition of "HTTP_" prefix apply.
37
header = "REMOTE_USER"
39
def process_request(self, request):
40
# AuthenticationMiddleware is required so that request.user exists.
41
if not hasattr(request, 'user'):
42
raise ImproperlyConfigured(
43
"The Django remote user auth middleware requires the"
44
" authentication middleware to be installed. Edit your"
45
" MIDDLEWARE_CLASSES setting to insert"
46
" 'django.contrib.auth.middleware.AuthenticationMiddleware'"
47
" before the RemoteUserMiddleware class.")
49
username = request.META[self.header]
51
# If specified header doesn't exist then return (leaving
52
# request.user set to AnonymousUser by the
53
# AuthenticationMiddleware).
55
# If the user is already authenticated and that user is the user we are
56
# getting passed in the headers, then the correct user is already
57
# persisted in the session and we don't need to continue.
58
if request.user.is_authenticated():
59
if request.user.username == self.clean_username(username, request):
61
# We are seeing this user for the first time in this session, attempt
62
# to authenticate the user.
63
user = auth.authenticate(remote_user=username)
65
# User is valid. Set request.user and persist user in the session
66
# by logging the user in.
68
auth.login(request, user)
70
def clean_username(self, username, request):
72
Allows the backend to clean the username, if the backend defines a
73
clean_username method.
75
backend_str = request.session[auth.BACKEND_SESSION_KEY]
76
backend = auth.load_backend(backend_str)
78
username = backend.clean_username(username)
79
except AttributeError: # Backend has no clean_username method.