mirror of
https://github.com/paperless-ngx/paperless-ngx.git
synced 2025-04-02 13:45:10 -05:00
426919fa9f
The `SessionOrBasicAuthMixin` and `StandardPagination` classes were living in the documents app and I needed them in the new `reminders` app, so this commit breaks them out of `documents` and puts them in the central `paperless` app instead.
47 lines
1.8 KiB
Python
47 lines
1.8 KiB
Python
from django.contrib.auth.mixins import AccessMixin
|
|
from django.contrib.auth import authenticate, login
|
|
import base64
|
|
|
|
|
|
class SessionOrBasicAuthMixin(AccessMixin):
|
|
"""
|
|
Session or Basic Authentication mixin for Django.
|
|
It determines if the requester is already logged in or if they have
|
|
provided proper http-authorization and returning the view if all goes
|
|
well, otherwise responding with a 401.
|
|
|
|
Base for mixin found here: https://djangosnippets.org/snippets/3073/
|
|
"""
|
|
|
|
def dispatch(self, request, *args, **kwargs):
|
|
|
|
# check if user is authenticated via the session
|
|
if request.user.is_authenticated:
|
|
|
|
# Already logged in, just return the view.
|
|
return super(SessionOrBasicAuthMixin, self).dispatch(
|
|
request, *args, **kwargs
|
|
)
|
|
|
|
# apparently not authenticated via session, maybe via HTTP Basic?
|
|
if 'HTTP_AUTHORIZATION' in request.META:
|
|
auth = request.META['HTTP_AUTHORIZATION'].split()
|
|
if len(auth) == 2:
|
|
# NOTE: Support for only basic authentication
|
|
if auth[0].lower() == "basic":
|
|
authString = base64.b64decode(auth[1]).decode('utf-8')
|
|
uname, passwd = authString.split(':')
|
|
user = authenticate(username=uname, password=passwd)
|
|
if user is not None:
|
|
if user.is_active:
|
|
login(request, user)
|
|
request.user = user
|
|
return super(
|
|
SessionOrBasicAuthMixin, self
|
|
).dispatch(
|
|
request, *args, **kwargs
|
|
)
|
|
|
|
# nope, really not authenticated
|
|
return self.handle_no_permission()
|