diff options
author | Michał Górny <mgorny@gentoo.org> | 2013-08-01 23:40:21 +0200 |
---|---|---|
committer | Michał Górny <mgorny@gentoo.org> | 2013-08-05 11:46:30 +0200 |
commit | ebd3d04d0aefa8680e434430a4745982fdc208f0 (patch) | |
tree | 10a3ba85ce19f00aa0eafc1586b6896f85b7172f /okupy/accounts/urls.py | |
parent | Introduce ExternalBackend for handling external auth. (diff) | |
download | identity.gentoo.org-ebd3d04d0aefa8680e434430a4745982fdc208f0.tar.gz identity.gentoo.org-ebd3d04d0aefa8680e434430a4745982fdc208f0.tar.bz2 identity.gentoo.org-ebd3d04d0aefa8680e434430a4745982fdc208f0.zip |
Establish simple SSL client certificate auth.
The auth is based on matching e-mail addresses from valid (and trusted)
certificates onto system users.
Whenever user requests SSL cert auth, he is redirected to a dedicated
vhost where the HTTP server requests the certificate. Once there,
ssl-auth view checks the verification result and obtains e-mail
addresses from the certificate. The e-mail addresses are compared to
system users and if a match occurs, an authentication token is created.
The ssl-auth view redirects back to login, passing either the token, or
error message. If a valid token is passed, ExternalBackend is used to
sucessfully authenticate the user. Otherwise, the error message is
printed alike regular login messages.
Diffstat (limited to 'okupy/accounts/urls.py')
-rw-r--r-- | okupy/accounts/urls.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/okupy/accounts/urls.py b/okupy/accounts/urls.py index f9eb2dd..e700ade 100644 --- a/okupy/accounts/urls.py +++ b/okupy/accounts/urls.py @@ -1,13 +1,14 @@ # vim:fileencoding=utf8:et:ts=4:sts=4:sw=4:ft=python from django.conf.urls import patterns, url -from .views import (login, logout, index, signup, activate, devlist, +from .views import (login, ssl_auth, logout, index, signup, activate, devlist, formerdevlist, foundationlist, openid_endpoint, user_page, openid_auth_site) accounts_urlpatterns = patterns('', url(r'^$', index), url(r'^login/$', login), + url(r'^ssl-auth/$', ssl_auth), url(r'^logout/$', logout), url(r'^devlist/$', devlist), url(r'^former-devlist/$', formerdevlist), |