Comments on: Django Middleware Munging http://www.loggly.com/2009/12/django-middleware-munging/ Log Management in the Cloud Fri, 20 Aug 2010 18:37:57 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: zrlram http://www.loggly.com/2009/12/django-middleware-munging/comment-page-1/#comment-16 zrlram Mon, 07 Dec 2009 17:24:30 +0000 http://www.loggly.com/?p=293#comment-16 After investigating the middleware solution for rewriting the usernames a little more, I found a slightly cleaner solution that intercepts the login view. It is nicer because you are not monitoring each Web POST to see whether a username is submitted. Here is the basic idea: <ol><li>You redirect the login view to your own code.</LI> <LI>If you are not dealing with any POST data, you just show the authentication form from django.contrib.auth (auth.views.login())</LI> <LI>If you get POST data, you create the new username as a combination of the subdomain and the original username. Also extract the password from the post.</LI> <LI>Verify the authentication credentials through the authenticate() call. If you are dealing with correct credentials, you actually log the user in (auth.login()) and redirect the user to either the main page or the URL provided inside of the login call (redirect_to field).</LI> <LI>Upon a failed login, just log the failed login and call the auth.views.login() method.</LI> That's it. Here are the code snippets: <i>urls.py:</i> <code><pre>url(r'^login/$', login, #this is your own view. By default you used auth.views.login() here. {'template_name': 'templates/login.html'}, name='login'), </pre></code> <i>views.py:</i> <code><pre>def login(request, template_name, redirect_field_name=REDIRECT_FIELD_NAME): if request.method == "POST": subdomain = request.META['HTTP_HOST'].split('.')[0] authuser = "%s_%s" % (subdomain, request.POST['username']) password = request.POST['password'] user = authenticate(username=authuser, password=password) if user: auth.login(request, user) redirect_to = request.REQUEST.get(redirect_field_name, '') if not redirect_to or '//' in redirect_to or ' ' in redirect_to: redirect_to = settings.LOGIN_REDIRECT_URL return HttpResponseRedirect(redirect_to) else: logs.error('action=authentication,status=failure,user=' + authuser); return auth.views.login(request, template_name) </pre></code> Thanks to Seth for helping getting this to run. After investigating the middleware solution for rewriting the usernames a little more, I found a slightly cleaner solution that intercepts the login view. It is nicer because you are not monitoring each Web POST to see whether a username is submitted.
Here is the basic idea:

  1. You redirect the login view to your own code.
  2. If you are not dealing with any POST data, you just show the authentication form from django.contrib.auth (auth.views.login())
  3. If you get POST data, you create the new username as a combination of the subdomain and the original username. Also extract the password from the post.
  4. Verify the authentication credentials through the authenticate() call. If you are dealing with correct credentials, you actually log the user in (auth.login()) and redirect the user to either the main page or the URL provided inside of the login call (redirect_to field).
  5. Upon a failed login, just log the failed login and call the auth.views.login() method.

    6. That’s it. Here are the code snippets:

    urls.py:

    url(r'^login/$',
        login,          #this is your own view. By default you used auth.views.login() here.
       {'template_name': 'templates/login.html'}, name='login'),


    views.py:

    def login(request, template_name, redirect_field_name=REDIRECT_FIELD_NAME):

    if request.method == "POST":
        subdomain = request.META['HTTP_HOST'].split('.')[0]
        authuser = "%s_%s" % (subdomain, request.POST['username'])
        password = request.POST['password']
        user = authenticate(username=authuser, password=password)
        if user:
            auth.login(request, user)
            redirect_to = request.REQUEST.get(redirect_field_name, '')
            if not redirect_to or '//' in redirect_to or ' ' in redirect_to:
                redirect_to = settings.LOGIN_REDIRECT_URL
            return HttpResponseRedirect(redirect_to)
        else:
            logs.error('action=authentication,status=failure,user=' + authuser);

    return auth.views.login(request, template_name)

    Thanks to Seth for helping getting this to run.

]]>