Merge pull request #33 from Dunedan/add-global-authentication

Add global authentication
2015-07-27 06:25:03 -04:00 · 2015-07-27 06:25:03 -04:00 · acb558b61c
parent c6484e1412 52ebb1e1b1
commit acb558b61c
6 changed files with 90 additions and 0 deletions
--- a/binder/middlewares.py
+++ b/binder/middlewares.py
@ -0,0 +1,23 @@
+from django.conf import settings
+from django.contrib.auth import REDIRECT_FIELD_NAME
+from django.http import HttpResponseRedirect
+
+class LoginRequiredMiddleware(object):
+    """Middleware to redirect to the login page if the user isn't authenticated
+
+    After successful authentication the user is redirected back to the page he
+    initially wanted to access.
+    """
+    def process_request(self, request):
+        # allow access to the login url
+        if request.path == settings.LOGIN_URL:
+            return
+        # redirect to the login url if the user isn't authenticated
+        if not request.user.is_authenticated():
+            if request.path not in (settings.LOGIN_URL,
+                                    settings.LOGIN_REDIRECT_URL):
+                return HttpResponseRedirect('%s?%s=%s' % (settings.LOGIN_URL,
+                                                          REDIRECT_FIELD_NAME,
+                                                          request.path))
+            else:
+                return HttpResponseRedirect(settings.LOGIN_URL)
--- a/binder/settings.py
+++ b/binder/settings.py
@ -67,6 +67,7 @@ MIDDLEWARE_CLASSES = (
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
+    'binder.middlewares.LoginRequiredMiddleware',
 )

 ROOT_URLCONF = 'binder.urls'
@ -96,6 +97,8 @@ TTL_CHOICES = ((300, "5 minutes"),
 RECORD_TYPE_CHOICES = (("A", "A"),
                       ("AAAA", "AAAA"))

+LOGIN_REDIRECT_URL = '/'
+
 try:
    from local_settings import *
 except ImportError:
--- a/binder/templates/base.html
+++ b/binder/templates/base.html
@ -23,6 +23,9 @@
      <li role="presentation" class="active">Actions</li>
      <li role="presentation"><a href="{% url "index" %}">Home</a></li>
      <li role="presentation"><a href="{% url "server_list" %}">Server List</a></li>
+      {% if user.is_authenticated %}
+      <li role="presentation"><a href="{% url "logout" %}">Logout</a></li>
+      {% endif %}
    </ul>
    {% endblock navigation %}
  </div>
--- a/binder/templates/registration/login.html
+++ b/binder/templates/registration/login.html
@ -0,0 +1,44 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<title>Binder DNS Admin – Login</title>
+<link rel="stylesheet" type="text/css" href="{{ STATIC_URL }}bootstrap/css/bootstrap.css" />
+</head>
+<body>
+<div class="container">
+  <div class="page-header text-center">
+    <h1>Binder DNS Admin</h1>
+  </div>
+
+  {% if form.errors %}
+  <div class="row">
+    <div class="col-md-4"></div>
+    <div class="col-md-4 alert alert-danger text-center" role="alert">Wrong username or password! Please try again.</div>
+  </div>
+  {% endif %}
+
+  <form method="post" action="{% url 'django.contrib.auth.views.login' %}{% if next %}?next={{ next }}{% endif %}" class="form-horizontal" >
+    {% csrf_token %}
+    <div class="form-group">
+      <label for="{{ form.username.id_for_label }}" class="control-label col-md-5">Username</label>
+      <div class="controls col-md-3">
+        <input type="text" id="{{ form.username.id_for_label }}" name="username" class="form-control" value="{{ form.username.value|default_if_none:"" }}">
+      </div>
+    </div>
+    <div class="form-group">
+      <label for="{{ form.password.id_for_label }}" class="control-label col-md-5">Password</label>
+      <div class="controls col-md-3">
+        <input type="password" id="{{ form.password.id_for_label }}" name="password" class="form-control">
+      </div>
+    </div>
+
+    <div class="form-group">
+      <div class="col-md-5"></div>
+      <div class="col-md-3">
+        <button type="submit" class="btn btn-default">Login</button>
+      </div>
+    </div>
+  </form>
+</div>
+</body>
+</html>
--- a/binder/tests/testViews.py
+++ b/binder/tests/testViews.py
@ -1,5 +1,6 @@
 from django.test import TestCase
 from django.test.client import Client
+from django.contrib.auth.models import User
 from django.core.urlresolvers import reverse

 from binder import models
@ -11,6 +12,12 @@ class GetTests(TestCase):

    def setUp(self):
        self.client = Client()
+        user = User.objects.create_user('testuser',
+                                        'testuser@example.com',
+                                        'testpassword')
+        response = self.client.login(username='testuser',
+                                     password='testpassword')
+

    def test_GetIndex(self):
        response = self.client.get(reverse("index"))
@ -49,6 +56,12 @@ class PostTests(TestCase):
        models.BindServer(hostname="testserver.test.net",
                          statistics_port=1234).save()

+        user = User.objects.create_user('testuser',
+                                        'testuser@example.com',
+                                        'testpassword')
+        response = self.client.login(username='testuser',
+                                     password='testpassword')
+
    def test_DeleteRecordInitial_Empty(self):
        """Ensure the initial deletion form works as expected with no RR list."""
        response = self.client.post(reverse("delete_record"),
--- a/binder/urls.py
+++ b/binder/urls.py
@ -4,6 +4,10 @@ admin.autodiscover()

 urlpatterns = patterns('',
    url(r'^admin/', include(admin.site.urls)),
+
+    url(r'^accounts/login/$', 'django.contrib.auth.views.login', name='login'),
+    url(r'^accounts/logout/$', 'django.contrib.auth.views.logout_then_login', name='logout'),
+
    url(r'^$', 'binder.views.home_index', name="index"),
    url(r'^server_list/$', 'binder.views.view_server_list', name="server_list"),