Skip to content
Snippets Groups Projects
Commit 31243ae2 authored by Colin Murtaugh's avatar Colin Murtaugh
Browse files

initial working version

parent dbdbd397
No related branches found
No related tags found
No related merge requests found
include LICENSE
recursive-include docs *
recursive-include icommons_common *.py *.html
recursive-include icommons_common/auth/gpg_home *
recursive-include django_auth_lti *.py *.html
......@@ -2,12 +2,20 @@
django-auth-lti
=====
django_auth_lti is a Django app that provides authentication middleware and backend for building tools that work with an LTI consumer.
django_auth_lti is a package that provides Django authentication middleware and backend classes for building tools that work with an LTI consumer.
To use LTI authentication with a Django app, edit settings.py as follows:
- add 'icommons_common.auth.middleware.LTIAuthMiddleware' to your MIDDLEWARE_CLASSES, making sure that it appears AFTER 'django.contrib.auth.middleware.AuthenticationMiddleware'
- add 'django_auth_lti.middleware.LTIAuthMiddleware' to your MIDDLEWARE_CLASSES, making sure that it appears AFTER 'django.contrib.auth.middleware.AuthenticationMiddleware'
- add 'django_auth_lti.backends.LTIAuthBackend' to your BACKEND_CLASSES
- configure the OAuth credentials - add something like this to your project configuration:
OAUTH_CREDENTIALS = {
'test': 'secret',
'test2': 'reallysecret'
}
The LTIAuthMiddleware will ensure that all users of your app are authenticated before they can access any page. Upon successful authentication, a Django user record is created (or updated) and the user is allowed to access the application.
......
from os.path import abspath, dirname, join, normpath
from django.contrib.auth import get_user_model
from django.contrib.auth.backends import ModelBackend
from django.core.exceptions import PermissionDenied
......@@ -6,14 +5,15 @@ from django.core.exceptions import PermissionDenied
#from django.db.models import Q
#from icommons_common.models import *
from ims_lti_py.tool_provider import DjangoToolProvider
import gnupg
import base64
from time import time
import logging
from datetime import datetime
logger = logging.getLogger(__name__)
from django.conf import settings
# get credentials from config
oauth_creds = settings.LTI_OAUTH_CREDENTIALS
class LTIAuthBackend(ModelBackend):
"""
......@@ -27,14 +27,13 @@ class LTIAuthBackend(ModelBackend):
``False``.
"""
# move this to config
oauth_creds = {'test': 'secret'}
# Create a User object if not already in the database?
create_unknown_user = True
def authenticate(self, request):
logger.info("about to begin authentication process")
request_key = request.POST.get('oauth_consumer_key', None)
if request_key is None:
......@@ -49,13 +48,24 @@ class LTIAuthBackend(ModelBackend):
tool_provider = DjangoToolProvider(request_key, secret, request.POST.dict())
logger.info("about to check the signature")
if not tool_provider.is_valid_request(request):
logger.error("Invalid request: signature check failed.")
raise PermissionDenied
logger.info("done checking the signature")
print tool_provider.oauth_timestamp
logger.info("about to check the timestamp: %d" % int(tool_provider.oauth_timestamp))
if time() - int(tool_provider.oauth_timestamp) > 60*60:
logger.error("OAuth timestamp is too old.")
raise PermissionDenied
#raise PermissionDenied
else:
logger.info("timestamp looks good")
logger.info("done checking the timestamp")
# (this is where we should check the nonce)
......@@ -64,8 +74,11 @@ class LTIAuthBackend(ModelBackend):
user = None
username = self.clean_username(request.POST.get('lis_person_sourcedid'))
email = request.POST.get('lis_person_contact_email_primary')
first_name = request.POST.get('lis_person_name_given')
last_name = request.POST.get('lis_person_name_family')
logger.info("We have a valid username: %s" % username)
#logger.debug('authenticate using original/cleaned username: %s/%s' % (authen_userid,username))
......@@ -77,15 +90,14 @@ class LTIAuthBackend(ModelBackend):
if self.create_unknown_user:
user, created = UserModel.objects.get_or_create(**{
UserModel.USERNAME_FIELD: username
UserModel.USERNAME_FIELD: username,
})
if created:
logger.debug('authenticate created a new user for %s' % username)
user = self.configure_user(user)
else:
logger.debug('authenticate found an existing user for %s' % username)
else:
logger.debug('automatic new user creation is turned OFF! just try to find and existing record')
try:
......@@ -95,9 +107,15 @@ class LTIAuthBackend(ModelBackend):
# should return some kind of error here?
pass
logger.debug('before configuring user')
user = self.configure_user(user)
logger.debug('after configuring user')
# update the user
user.email = email
user.first_name = first_name
user.last_name = last_name
user.save()
logger.debug("updated the user record in the database")
return user
def clean_username(self, username):
return username
from django.http import HttpResponse
from django.contrib import auth
from django.conf import settings
#from django.contrib.auth.backends import RemoteUserBackend
from django.core.exceptions import ImproperlyConfigured, PermissionDenied
#from django.utils.functional import SimpleLazyObject
......@@ -11,7 +9,7 @@ from django.core.exceptions import ImproperlyConfigured, PermissionDenied
from icommons_common.models import *
import logging
logger = logging.getLogger(__name__)
......@@ -66,10 +64,6 @@ class LTIAuthMiddleware(object):
raise PermissionDenied()
def clean_username(self, username, request):
"""
Allows the backend to clean the username, if the backend defines a
......@@ -81,7 +75,6 @@ class LTIAuthMiddleware(object):
logger.debug('calling the backend %s clean_username with %s' % (backend,username))
username = backend.clean_username(username)
logger.debug('cleaned username is %s' % username)
#from pudb import set_trace; set_trace()
except AttributeError: # Backend has no clean_username method.
pass
return username
......@@ -35,4 +35,5 @@ setup(
"cx-Oracle==5.1.2",
"django-filter==0.5.4"
],
zip_safe = False,
)
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment