Initial Commit

Author: Austin Morton

.gitignore

@@ -0,0 +1,36 @@
+*.py[cod]
+
+# C extensions
+*.so
+
+# Packages
+*.egg
+*.egg-info
+dist
+build
+eggs
+parts
+bin
+var
+sdist
+develop-eggs
+.installed.cfg
+lib
+lib64
+__pycache__
+
+# Installer logs
+pip-log.txt
+
+# Unit test / coverage reports
+.coverage
+.tox
+nosetests.xml
+
+# Translations
+*.mo
+
+# Mr Developer
+.mr.developer.cfg
+.project
+.pydevproject

.travis.yml

@@ -0,0 +1 @@
+language: pythonpython:  - "2.7"  - "2.6"install:  - pip install -r requirements/tests.txt  - pip install -e .script:  - flake8 src  - python setup.py nosetests

README.md

@@ -0,0 +1,68 @@
+Django Remote Auth LDAP
+=========================
+
+[![Build Status](https://travis-ci.org/Juvenal1228/django-remote-auth-ldap.png?branch=master)](https://travis-ci.org/Juvenal1228/django-remote-auth-ldap)
+
+Purpose
+-------
+
+This app combines [django-auth-ldap](http://pythonhosted.org/django-auth-ldap/) with django's [RemoteUserBackend](https://docs.djangoproject.com/en/dev/howto/auth-remote-user/)
+It allows django applications hosted in IIS to take advantage of Windows Authentication in IIS (401 Challenge) while also having the advanced features offered in `django-auth-ldap`
+
+
+Features
+--------
+
+- [PEP 8](http://www.python.org/dev/peps/pep-0008/) compliance
+- [semver](http://semver.org/) compliance
+
+
+Installing
+----------
+
+Install with pip/easy_install from the pypi
+
+`pip install django-remote-auth-ldap`
+
+or clone the latest source
+
+    git clone https://github.com/Juvenal1228/django-remote-auth-ldap.git
+    cd django-remote-auth-ldap
+    python setup.py install
+
+
+Using
+-----
+
+In your django settings.py file configure django-auth-ldap normally, verify that the configuration is indeed working!
+
+Add the `RemoteUserMiddleware` class after the `AuthenticationMiddleware` class
+```python
+MIDDLEWARE_CLASSES = (
+    ...
+    'django.contrib.auth.middleware.AuthenticationMiddleware',
+    'django_remote_auth_ldap.middleware.RemoteUserMiddleware',
+    ...
+)
+```
+
+Set the RemoteUserLDAPBackend as the authentication backend
+```python
+AUTHENTICATION_BACKENDS = (
+    'django_remote_auth_ldap.backend.RemoteUserLDAPBackend',
+)
+```
+
+The application expects the remote user to be in the form `domain\user` (which is how IIS returns it)
+
+Settings
+--------
+
+There are a few settings you can use to control the behavior
+
+- `DRAL_CHECK_DOMAIN` - Boolean - whether or not to check the domain against a known list - default True
+- `DRAL_STRIP_DOMAIN` - Boolean - whether or not to strip the domain off the username before passing to django-auth-ldap - default True
+- `DRAL_DOMAINS` - List - list of domains to check against, should be lowercase! - default []
+- `DRAL_HEADER` - String - header to check for remote user in - default REMOTE_USER
+
+

requirements/tests.txt

@@ -0,0 +1,4 @@
+nose
+coverage
+flake8
+Django

setup.cfg

@@ -0,0 +1,8 @@
+[nosetests]
+with-coverage=1
+cover-package=django_remote_auth_ldap
+
+[flake8]
+max-complexity=10
+show-source=1
+statistics=1

setup.py

@@ -0,0 +1,39 @@
+from setuptools import setup, find_packages
+import os
+
+here = os.path.abspath(os.path.dirname(__file__))
+README = open(os.path.join(here, 'README.md')).read()
+
+
+version = '0.1.0'
+
+install_requires = [
+    'django-auth-ldap',
+    'django-appconf'
+]
+
+setup(
+    name='django-remote-auth-ldap',
+    version=version,
+    description="REMOTE_USER authentication using LDAP",
+    long_description=README,
+    classifiers=[
+        'Framework :: Django',
+        'Intended Audience :: Developers',
+        'License :: OSI Approved :: MIT License',
+        'Programming Language :: Python',
+        'Programming Language :: Python :: 2.6',
+        'Programming Language :: Python :: 2.7',
+        'Topic :: Internet :: WWW/HTTP',
+    ],
+    keywords='',
+    author='Austin Morton',
+    author_email='[email protected]',
+    url='https://github.com/Juvenal1228/django-remote-auth-ldap',
+    license='MIT',
+    packages=find_packages('src'),
+    package_dir={'': 'src'},
+    zip_safe=False,
+    install_requires=install_requires,
+    test_suite='nose.collector'
+)

src/django_remote_auth_ldap/__init__.py

@@ -0,0 +1,37 @@
+from django_auth_ldap.backend import LDAPBackend, _LDAPUser
+from django_remote_auth_ldap.conf import settings
+
+
+class RemoteUserLDAPBackend(LDAPBackend):
+    def authenticate(self, remote_user):
+        if not self.correct_domain(remote_user):
+            return None
+
+        username = self.clean_username(remote_user)
+        ldap_user = RemoteLDAPUser(self, username=username)
+        user = ldap_user.authenticate('')
+
+        return user
+
+    def correct_domain(self, username):
+        if not settings.CHECK_DOMAIN:
+            return True
+        if not '\\' in username:
+            return False
+        (dom, username) = username.split('\\', 1)
+        return dom.lower() in settings.DOMAINS
+
+    def clean_username(self, username):
+        if not settings.STRIP_DOMAIN:
+            return username
+        if not '\\' in username:
+            return username
+        (dom, username) = username.split('\\', 1)
+        return username
+
+
+class RemoteLDAPUser(_LDAPUser):
+    def _authenticate_user_dn(self, password):
+        if self.dn is None:
+            msg = "Failed to map the username to a DN."
+            raise self.AuthenticationFailed(msg)

src/django_remote_auth_ldap/backend.py

@@ -0,0 +1,12 @@
+from django.conf import settings  # noqa
+from appconf import AppConf
+
+
+class DjangoRemoteAuthLdapAppConf(AppConf):
+    CHECK_DOMAIN = True
+    STRIP_DOMAIN = True
+    DOMAINS = []
+    HEADER = 'REMOTE_USER'
+
+    class Meta:
+        prefix = 'DRAL'

src/django_remote_auth_ldap/conf.py

@@ -0,0 +1,8 @@
+from django.contrib.auth import middleware
+from django_remote_auth_ldap.conf import settings
+
+
+class RemoteUserMiddleware(middleware.RemoteUserMiddleware):
+    @property
+    def HEADER(self):
+        return settings.HEADER