Establish simple SSL client certificate auth.

The auth is based on matching e-mail addresses from valid (and trusted)
certificates onto system users.

Whenever user requests SSL cert auth, he is redirected to a dedicated
vhost where the HTTP server requests the certificate. Once there,
ssl-auth view checks the verification result and obtains e-mail
addresses from the certificate. The e-mail addresses are compared to
system users and if a match occurs, an authentication token is created.

The ssl-auth view redirects back to login, passing either the token, or
error message. If a valid token is passed, ExternalBackend is used to
sucessfully authenticate the user. Otherwise, the error message is
printed alike regular login messages.

1 files changed, 2 insertions, 1 deletions

diff --git a/okupy/accounts/urls.py b/okupy/accounts/urls.py
index f9eb2dd..e700ade 100644
--- a/okupy/accounts/urls.py
+++ b/okupy/accounts/urls.py
@@ -1,13 +1,14 @@
 # vim:fileencoding=utf8:et:ts=4:sts=4:sw=4:ft=python
 from django.conf.urls import patterns, url
 
-from .views import (login, logout, index, signup, activate, devlist,
+from .views import (login, ssl_auth, logout, index, signup, activate, devlist,
                     formerdevlist, foundationlist, openid_endpoint, user_page,
                     openid_auth_site)
 
 accounts_urlpatterns = patterns('',
     url(r'^$', index),
     url(r'^login/$', login),
+    url(r'^ssl-auth/$', ssl_auth),
     url(r'^logout/$', logout),
     url(r'^devlist/$', devlist),
     url(r'^former-devlist/$', formerdevlist),