Merge pull request #5 from starboarder2001/master

tarkatronic · web-flow · commit b2d48ced53b8 · 2019-12-17T14:51:53.000-05:00
add ability to use different login URL for SSL client auth
diff --git a/README.rst b/README.rst
@@ -69,6 +69,10 @@ There are two things you need to do in ``settings.py``
    ``AUTOCREATE_VALID_SSL_USERS = True``. Auto-created users will be set to
    inactive by default, consider using the `User.is_active`_ field in your
    `LOGIN_REDIRECT_URL`_ view to notifying the user of their status.
+3. If you want to use the standard login url, set `SSLCLIENT_LOGIN_URL = None` or leave it undefined.
+   For cases where you want a seperate login URL for SSL auth, set `SSLCLIENT_LOGIN_URL = "/YOUR_URL/"`.
+   `SSLCLIENT_LOGIN_URL` is designed for use cases where some users login via the regular Django login
+   without using SSLCLIENT auth, but you have a seperate login URL for users that login with SSLCLIENT auth.
 
 For details, see ``testapp/ssltest/settings.py``
 
diff --git a/django_ssl_auth/base.py b/django_ssl_auth/base.py
@@ -101,7 +101,8 @@ def process_request(self, request):
                 return
             logger.debug("REST API call, not logging user in")
             request.user = user
-        elif request.path_info == settings.LOGIN_URL:
+        elif request.path_info == settings.LOGIN_URL or \
+                (hasattr(settings, 'SSLCLIENT_LOGIN_URL') and request.path_info == settings.SSLCLIENT_LOGIN_URL):
             user = authenticate(request=request)
             if user is None or not check_user_auth(user):
                 return
diff --git a/testapp/settings.py b/testapp/settings.py
@@ -36,3 +36,5 @@
 SILENCED_SYSTEM_CHECKS = (
     '1_10.W001',
 )
+
+SSLCLIENT_LOGIN_URL = None
diff --git a/testapp/tests.py b/testapp/tests.py
@@ -21,3 +21,20 @@ def test_login_new_user(self):
         self.assertEqual(user.username, '42')
         self.assertEqual(user.first_name, 'John')
         self.assertEqual(user.last_name, 'Smith')
+
+    def test_login_new_user_sslurl(self):
+        """Ensure users are automatically created."""
+        # Simulate an SSL connection (of a new user)
+        with self.settings(SSLCLIENT_LOGIN_URL="/pivlogin"):
+            self.client.get(
+                settings.SSLCLIENT_LOGIN_URL,
+                HTTP_X_SSL_AUTHENTICATED='SUCCESS',
+                HTTP_X_SSL_USER_DN='C=FI/serialNumber=42/GN=John/SN=Smith/CN=John Smith',
+                HTTP_X_FORWARDED_PROTOCOL='https'
+            )
+
+            # Ensure the new user was created
+            user = User.objects.last()
+            self.assertEqual(user.username, '42')
+            self.assertEqual(user.first_name, 'John')
+            self.assertEqual(user.last_name, 'Smith')

Original file line number	Diff line number	Diff line change
`@@ -36,3 +36,5 @@`
`36`	`36`	`SILENCED_SYSTEM_CHECKS = (`
`37`	`37`	`'1_10.W001',`
`38`	`38`	`)`
	`39`	`+`
	`40`	`+SSLCLIENT_LOGIN_URL = None`