From 4d05f907d6e6ab93c5427a3b86461bc2e20aaa07 Mon Sep 17 00:00:00 2001 From: Matthijs Kooijman Date: Tue, 19 Oct 2010 10:38:15 +0200 Subject: [PATCH] settings: Enable (phpbb) authentication. This adds code for the phpbb authentication backend, enables the auth contrib application, adds /login and /logout urls and adds a login form template. --- auth.py | 107 +++++++++++++++++++++++++++ dbsettings.py.tmpl | 4 + settings.py | 10 +++ tickets/templates/tickets/login.html | 33 +++++++++ urls.py | 2 + 5 files changed, 156 insertions(+) create mode 100644 auth.py create mode 100644 tickets/templates/tickets/login.html diff --git a/auth.py b/auth.py new file mode 100644 index 0000000..00c106d --- /dev/null +++ b/auth.py @@ -0,0 +1,107 @@ +from django.conf import settings +from django.contrib.auth.models import User, check_password +import md5 +import MySQLdb + + +""" +This auth backend allows django to authenticate against an external phpbb +database. If authentication is successful, the corresponding User from the +normal django database is returned (linked on the username field). If no such +User exists, it is created automatically. + +This class uses the following variables from you django settings: + PHPBB_DATABASE_HOST + PHPBB_DATABASE_PORT + PHPBB_DATABASE_USER + PHPBB_DATABASE_PASSWORD + PHPBB_DATABASE_NAME + +If any of these settings are missing, the corresponding setting from Django's +own database settings are used. This means, that, usually, you only have to +specify the database name where phpbb lives. +""" +class PhpBBBackend: + def connect(self): + host = getattr(settings, 'PHPBB_DATABASE_HOST', settings.DATABASE_HOST) + port = getattr(settings, 'PHPBB_DATABASE_PORT', settings.DATABASE_PORT) + user = getattr(settings, 'PHPBB_DATABASE_USER', settings.DATABASE_USER) + password = getattr(settings, 'PHPBB_DATABASE_PASSWORD', settings.DATABASE_PASSWORD) + name = getattr(settings, 'PHPBB_DATABASE_NAME', settings.DATABASE_NAME) + + # This code was shamelessly stolen from + # django.db.backends.mysql.base.cursor + kwargs = { + #'conv': django_conversions, + 'charset': 'utf8', + 'use_unicode': False, + } + if user: + kwargs['user'] = user + if name: + kwargs['db'] = name + if password: + kwargs['passwd'] = password + if host.startswith('/'): + kwargs['unix_socket'] = host + elif host: + kwargs['host'] = host + if port: + kwargs['port'] = int(port) + + conn = MySQLdb.connect (**kwargs) + # End stolen code + + return conn + + def check_login(self, username, password): + conn = self.connect() + + # Get some data + cursor = conn.cursor () + cursor.execute ("SELECT user_password,user_email FROM users WHERE username=%s", username) + + # No data? No login. + if (cursor.rowcount == 0): + conn.close() + return False + + # Check password + row = cursor.fetchone() + conn.close() + + if (md5.new(password).hexdigest() == row[0]): + return row[1] + else: + return False + + + """ + Authenticate against a PhpBB database. + + Most of this code has been taken from Django's user auth tutorial. + """ + def authenticate(self, username=None, password=None): + email = self.check_login(username, password) + if email: + try: + user = User.objects.get(username=username) + except User.DoesNotExist: + # Create a new user. Note that we can set password + # to anything, because it won't be checked; the password + # from settings.py will. + user = User(username=username, password='get from settings.py') + user.email = email + user.set_unusable_password() + user.save() + return user + else: + return None + + def get_user(self, user_id): + try: + return User.objects.get(pk=user_id) + except User.DoesNotExist: + return None + +# vim: set sts=4 sw=4 expandtab: diff --git a/dbsettings.py.tmpl b/dbsettings.py.tmpl index bf6ae6e..566d2fd 100644 --- a/dbsettings.py.tmpl +++ b/dbsettings.py.tmpl @@ -7,3 +7,7 @@ DATABASE_USER = 'ee_bookings' # Not used with sqlite3. DATABASE_PASSWORD = '' # Not used with sqlite3. DATABASE_HOST = '' # Set to empty string for localhost. Not used with sqlite3. DATABASE_PORT = '' # Set to empty string for default. Not used with sqlite3. + +# Database to use for phpbb authentication. Other variables from above +# (except for ENGINE) can similarly be overridden. +PHPBB_DATABASE_NAME = 'ee_forum' diff --git a/settings.py b/settings.py index 7a10053..fbe3df4 100644 --- a/settings.py +++ b/settings.py @@ -74,10 +74,20 @@ TEMPLATE_DIRS = ( os.path.join(PROJECT_DIR, 'templates'), ) +LOGIN_URL = "/reserveren/login/" +LOGIN_REDIRECT_URL = "/reserveren/" + INSTALLED_APPS = ( + 'django.contrib.auth', 'tickets', ) +# Allow authentication against the phpb user accounts + +AUTHENTICATION_BACKENDS = ( + 'dorestad-bookings.auth.PhpBBBackend', +) + # Import local settings, that are specific to this installation. These # can override any settings specified here. try: diff --git a/tickets/templates/tickets/login.html b/tickets/templates/tickets/login.html new file mode 100644 index 0000000..74127b9 --- /dev/null +++ b/tickets/templates/tickets/login.html @@ -0,0 +1,33 @@ +{% extends "tickets/base.html" %} +{% load i18n %} + +{% block content %} +{% if form.errors %} +

{% trans "Your username and password didn't match. Please try again." %}

+{% endif %} + +{% if user.is_authenticated %} +

{% blocktrans with user.username as username %}You are currently logged in as {{ username }}{% endblocktrans %}

+

{% trans "Logout" %}

+{% endif %} + +

+{% blocktrans with "http://www.evolution-events.nl" as ee_url and "http://www.evolution-events.nl/forum" as forum_url and "http://www.evolution-events.nl/forum/phpbb/profile.php?mode=register" as register_url %} +You can login with your Evolution Events +forum account. If you don't have a forum +account yet, first register. +{% endblocktrans %} +

+
+{% csrf_token %} + + + +
{{ form.username }}
{{ form.password }}
+ + + + +
+ +{% endblock %} diff --git a/urls.py b/urls.py index b79f802..3770765 100644 --- a/urls.py +++ b/urls.py @@ -15,4 +15,6 @@ urlpatterns = patterns('', # Uncomment the next line to enable the admin: # (r'^admin/(.*)', admin.site.root), + url(r'^login/$', 'django.contrib.auth.views.login', {'template_name': 'tickets/login.html'}, name='login'), + url(r'^logout/$', 'django.contrib.auth.views.logout_then_login', name='logout'), ) -- 2.30.2