initial working version

31243ae2 · Colin Murtaugh · dbdbd397 · 31243ae2 · 31243ae2 · 31243ae2
Commit 31243ae2 authored 11 years ago by Colin Murtaugh
--- a/MANIFEST.in
+++ b/MANIFEST.in
 include LICENSE
 recursive-include docs *
-recursive-include icommons_common *.py *.html
-recursive-include icommons_common/auth/gpg_home *
+recursive-include django_auth_lti *.py *.html
--- a/README.txt
+++ b/README.txt
@@ -2,12 +2,20 @@
 django-auth-lti
 =====

-
-django_auth_lti is a Django app that provides authentication middleware and backend for building tools that work with an LTI consumer. 
+django_auth_lti is a package that provides Django authentication middleware and backend classes for building tools that work with an LTI consumer. 

 To use LTI authentication with a Django app, edit settings.py as follows:

- add 'icommons_common.auth.middleware.LTIAuthMiddleware' to your MIDDLEWARE_CLASSES, making sure that it appears AFTER 'django.contrib.auth.middleware.AuthenticationMiddleware'
+- add 'django_auth_lti.middleware.LTIAuthMiddleware' to your MIDDLEWARE_CLASSES, making sure that it appears AFTER 'django.contrib.auth.middleware.AuthenticationMiddleware'
+
+- add 'django_auth_lti.backends.LTIAuthBackend' to your BACKEND_CLASSES
+
+- configure the OAuth credentials - add something like this to your project configuration:
+
+OAUTH_CREDENTIALS = {
+    'test': 'secret',
+    'test2': 'reallysecret'
+}

 The LTIAuthMiddleware will ensure that all users of your app are authenticated before they can access any page.  Upon successful authentication, a Django user record is created (or updated) and the user is allowed to access the application. 


--- a/django_auth_lti/backends.py
+++ b/django_auth_lti/backends.py
-from os.path import abspath, dirname, join, normpath
 from django.contrib.auth import get_user_model
 from django.contrib.auth.backends import ModelBackend
 from django.core.exceptions import PermissionDenied
@@ -6,14 +5,15 @@ from django.core.exceptions import PermissionDenied
 #from django.db.models import Q
 #from icommons_common.models import *
 from ims_lti_py.tool_provider import DjangoToolProvider
-
-import gnupg
-import base64
+from time import time
 import logging
-from datetime import datetime

 logger = logging.getLogger(__name__)

+from django.conf import settings
+
+# get credentials from config
+oauth_creds = settings.LTI_OAUTH_CREDENTIALS

 class LTIAuthBackend(ModelBackend):
    """
@@ -27,14 +27,13 @@ class LTIAuthBackend(ModelBackend):
    ``False``.
    """

-    # move this to config
-    oauth_creds = {'test': 'secret'}
-
    # Create a User object if not already in the database?
    create_unknown_user = True

    def authenticate(self, request):

+        logger.info("about to begin authentication process")
+
        request_key = request.POST.get('oauth_consumer_key', None)

        if request_key is None:
@@ -49,13 +48,24 @@ class LTIAuthBackend(ModelBackend):

        tool_provider = DjangoToolProvider(request_key, secret, request.POST.dict())

+        logger.info("about to check the signature")
+
        if not tool_provider.is_valid_request(request):
            logger.error("Invalid request: signature check failed.")
            raise PermissionDenied

+        logger.info("done checking the signature")
+
+        print tool_provider.oauth_timestamp
+
+        logger.info("about to check the timestamp: %d" % int(tool_provider.oauth_timestamp))
        if time() - int(tool_provider.oauth_timestamp) > 60*60:
            logger.error("OAuth timestamp is too old.")
-            raise PermissionDenied
+            #raise PermissionDenied
+        else:
+            logger.info("timestamp looks good")
+
+        logger.info("done checking the timestamp")

        # (this is where we should check the nonce)

@@ -64,8 +74,11 @@ class LTIAuthBackend(ModelBackend):
        user = None

        username = self.clean_username(request.POST.get('lis_person_sourcedid'))
-        
+        email = request.POST.get('lis_person_contact_email_primary')
+        first_name = request.POST.get('lis_person_name_given')
+        last_name = request.POST.get('lis_person_name_family')

+        logger.info("We have a valid username: %s" % username)

        #logger.debug('authenticate using original/cleaned username: %s/%s' % (authen_userid,username))

@@ -77,15 +90,14 @@ class LTIAuthBackend(ModelBackend):
        if self.create_unknown_user:
           
            user, created = UserModel.objects.get_or_create(**{
-                UserModel.USERNAME_FIELD: username
+                UserModel.USERNAME_FIELD: username,
            })

            if created:
                logger.debug('authenticate created a new user for %s' % username)
-                user = self.configure_user(user)
            else:
-
                logger.debug('authenticate found an existing user for %s' % username)    
+
        else:
            logger.debug('automatic new user creation is turned OFF! just try to find and existing record')
            try:
@@ -95,9 +107,15 @@ class LTIAuthBackend(ModelBackend):
                # should return some kind of error here?
                pass

-        logger.debug('before configuring user')
-        user = self.configure_user(user) 
-        logger.debug('after configuring user')      
+        # update the user   
+        user.email = email
+        user.first_name = first_name
+        user.last_name = last_name
+        user.save()
+        logger.debug("updated the user record in the database")

        return user

+
+    def clean_username(self, username):
+        return username
--- a/django_auth_lti/middleware.py
+++ b/django_auth_lti/middleware.py
 from django.http import HttpResponse
 from django.contrib import auth

-from django.conf import settings
-
 #from django.contrib.auth.backends import RemoteUserBackend
 from django.core.exceptions import ImproperlyConfigured, PermissionDenied
 #from django.utils.functional import SimpleLazyObject
@@ -11,7 +9,7 @@ from django.core.exceptions import ImproperlyConfigured, PermissionDenied

 from icommons_common.models import *

-
+import logging
 logger = logging.getLogger(__name__)


@@ -66,10 +64,6 @@ class LTIAuthMiddleware(object):
                raise PermissionDenied()


-
-
-
-
    def clean_username(self, username, request):
        """
        Allows the backend to clean the username, if the backend defines a
@@ -81,7 +75,6 @@ class LTIAuthMiddleware(object):
            logger.debug('calling the backend %s clean_username with %s' % (backend,username))
            username = backend.clean_username(username)
            logger.debug('cleaned username is %s' % username)
-            #from pudb import set_trace; set_trace()
        except AttributeError:  # Backend has no clean_username method.
            pass
        return username
--- a/setup.py
+++ b/setup.py
@@ -35,4 +35,5 @@ setup(
        "cx-Oracle==5.1.2",
        "django-filter==0.5.4"
    ],
+    zip_safe = False,
 )