o 3a@sddlmZddlmZddlmZddlmZddlm Z ddl m Z ddZ Gd d d e Z Gd d d e ZGd ddeZdS))auth) load_backend)RemoteUserBackend)ImproperlyConfigured)MiddlewareMixin)SimpleLazyObjectcCst|ds t||_|jS)N _cached_user)hasattrrget_userrrequestr @/usr/lib/python3/dist-packages/django/contrib/auth/middleware.pyr s  r c@seZdZddZdS)AuthenticationMiddlewarecs(tds Jdtfdd_dS)NsessionzThe Django authentication middleware requires session middleware to be installed. Edit your MIDDLEWARE setting to insert 'django.contrib.sessions.middleware.SessionMiddleware' before 'django.contrib.auth.middleware.AuthenticationMiddleware'.cstS)N)r r r r rsz:AuthenticationMiddleware.process_request..)r ruser)selfr r r rprocess_requests z(AuthenticationMiddleware.process_requestN)__name__ __module__ __qualname__rr r r rrs rc@s0eZdZdZdZdZddZddZdd Zd S) RemoteUserMiddlewarea Middleware for utilizing Web-server-provided authentication. If request.user is not authenticated, then this middleware attempts to authenticate the username passed in the ``REMOTE_USER`` request header. If authentication is successful, the user is automatically logged in to persist the user in the session. The header used is configurable and defaults to ``REMOTE_USER``. Subclass this class and change the ``header`` attribute if you need to use a different header. REMOTE_USERTcCst|ds tdz|j|j}Wnty'|jr$|jjr$||YdSw|jjr>|j | ||kr9dS||t j ||d}|rR||_t ||dSdS)NrzThe Django remote user auth middleware requires the authentication middleware to be installed. Edit your MIDDLEWARE setting to insert 'django.contrib.auth.middleware.AuthenticationMiddleware' before the RemoteUserMiddleware class.) remote_user)r rMETAheaderKeyErrorforce_logout_if_no_headerris_authenticated_remove_invalid_user get_usernameclean_usernamer authenticatelogin)rr usernamerr r rr.s(     z$RemoteUserMiddleware.process_requestcCs<|jtj}t|}z||}W|StyY|Sw)zr Allow the backend to clean the username, if the backend defines a clean_username method. )rrBACKEND_SESSION_KEYrr"AttributeError)rr%r backend_strbackendr r rr"Ts    z#RemoteUserMiddleware.clean_usernamecCsTz t|jtjd}Wntyt|YdSwt|tr(t|dSdS)z Remove the current authenticated user in the request which is invalid but only if the user is authenticated via the RemoteUserBackend. N) rrgetrr& ImportErrorlogout isinstancer)rr stored_backendr r rr as  z)RemoteUserMiddleware._remove_invalid_userN) rrr__doc__rrrr"r r r r rrs& rc@seZdZdZdZdS)PersistentRemoteUserMiddlewarea Middleware for Web-server provided authentication on logon pages. Like RemoteUserMiddleware but keeps the user authenticated even if the header (``REMOTE_USER``) is not found in the request. Useful for setups when the external authentication via ``REMOTE_USER`` is only expected to happen on some "logon" URL and the rest of the application wants to use Django's authentication mechanism. FN)rrrr0rr r r rr1ps r1N)django.contribrdjango.contrib.authrdjango.contrib.auth.backendsrdjango.core.exceptionsrdjango.utils.deprecationrdjango.utils.functionalrr rrr1r r r rs      V