added capability for authentication in reports

git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@2473 ce84e21b-d406-0410-9b95-82705330c041

5 files changed, 102 insertions, 3 deletions

diff --git a/reports/brpt/backends.py b/reports/brpt/backends.py
new file mode 100644
index 000000000..9207038ed
--- /dev/null
+++ b/reports/brpt/backends.py
@@ -0,0 +1,35 @@
+from django.contrib.auth.models import User
+from nisauth import *
+
+class NISBackend(object):
+
+    def authenticate(self, username=None, password=None):
+        try:
+            print "start nis authenticate"
+            n = nisauth(username, password)
+            temp_pass = User.objects.make_random_password(100)
+            nis_user = dict(username=username,
+                            )
+
+            user_session_obj = dict(
+                email = username,
+                first_name = None,
+                last_name = None,
+                uid = n.uid
+                )
+            user, created = User.objects.get_or_create(username=username)
+            
+            return user
+
+        except NISAUTHError, e:
+            print str(e)
+            return None
+
+
+    def get_user(self, user_id):
+        try:
+            return User.objects.get(pk=user_id)
+        except User.DoesNotExist, e:
+            print str(e)
+            return None
+    
diff --git a/reports/brpt/nisauth.py b/reports/brpt/nisauth.py
new file mode 100644
index 000000000..e9a954cd8
--- /dev/null
+++ b/reports/brpt/nisauth.py
@@ -0,0 +1,43 @@
+import os
+import crypt, nis
+import brpt.settings import AUTHORIZED_GROUP
+
+"""Checks with NIS to see if the current user is in the support group"""
+
+__revision__ = "$Revision: $"
+
+class NISAUTHError(Exception):
+    """NISAUTHError is raised when somehting goes boom."""
+    pass
+
+class nisauth(object):
+    group_test = False
+    samAcctName = None
+    distinguishedName = None
+    sAMAccountName = None
+    telephoneNumber = None
+    title = None
+    memberOf = None
+    department = None #this will be a list
+    mail = None
+    extensionAttribute1 = None #badgenumber
+    badge_no = None
+    uid = None
+
+    def __init__(self,login,passwd=None):
+        """get user profile from NIS"""
+        try:
+            p = nis.match(login, 'passwd.byname').split(":")
+            print p
+        except:
+            raise NISAUTHError('username')
+        # check user password using crypt and 2 character salt from passwd file
+        if p[1] == crypt.crypt(passwd, p[1][:2]):
+            # check to see if user is in valid support groups
+            # will have to include these groups in a settings file eventually
+            if not login in nis.match(AUTHORIZED_GROUP, 'group.byname').split(':')[-1].split(','):
+                raise NISAUTHError('group')
+            self.uid = p[2]
+            print self.uid
+        else:
+            raise NISAUTHError('password')
diff --git a/reports/brpt/reports/views.py b/reports/brpt/reports/views.py
index de71162a8..44c858a82 100644
--- a/reports/brpt/reports/views.py
+++ b/reports/brpt/reports/views.py
@@ -8,8 +8,7 @@ from datetime import datetime, timedelta
 from time import strptime
 from django.db import connection
 from django.db.backends import util
-
-
+from django.contrib.auth.decorators import login_required
 
 def index(request):
     return render_to_response('index.html')
diff --git a/reports/brpt/settings.py b/reports/brpt/settings.py
index 63a7132ab..6f490d688 100644
--- a/reports/brpt/settings.py
+++ b/reports/brpt/settings.py
@@ -63,6 +63,20 @@ MIDDLEWARE_CLASSES = (
 
 ROOT_URLCONF = 'brpt.urls'
 
+# Authentication Settings
+# Use NIS authentication backend defined in backends.py
+AUTHENTICATION_BACKENDS = ('django.contrib.auth.backends.ModelBackend',
+                           'brpt.backends.NISBackend')
+# The NIS group authorized to login to BCFG2's reportinvg system
+AUTHORIZED_GROUP = ''
+#create login url area:
+import django.contrib.auth
+django.contrib.auth.LOGIN_URL = '/login'
+
+SESSION_EXPIRE_AT_BROWSER_CLOSE = True
+            
+    
+
 TEMPLATE_DIRS = (
     # Put strings here, like "/home/html/django_templates".
     # Always use forward slashes, even on Windows.
diff --git a/reports/brpt/urls.py b/reports/brpt/urls.py
index 35b81a468..d6f9ecb3a 100644
--- a/reports/brpt/urls.py
+++ b/reports/brpt/urls.py
@@ -21,8 +21,16 @@ urlpatterns = patterns('',
     (r'^elements/modified/(?P<eyedee>\d+)/$','brpt.reports.views.config_item_modified'),
     (r'^elements/bad/(?P<eyedee>\d+)/(?P<timestamp>(19|20)\d\d-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])@([01][0-9]|2[0-3]):([0-5][0-9]|60):([0-5][0-9]|60))/$','brpt.reports.views.config_item_bad'),
     (r'^elements/bad/(?P<eyedee>\d+)/$','brpt.reports.views.config_item_bad'),
+                       )
 
     # Uncomment this for admin:
     #(r'^admin/', include('django.contrib.admin.urls')),
 
-)
+
+## Uncomment this section if using authentication
+#urlpatterns += patterns('',
+#                        (r'^login/$', 'django.contrib.auth.views.login',
+#                         {'template_name': 'auth/login.html'}),
+#                        (r'^logout/$', 'django.contrib.auth.views.logout',
+#                         {'template_name': 'auth/logout.html'})
+#                        )