From ebd3d04d0aefa8680e434430a4745982fdc208f0 Mon Sep 17 00:00:00 2001 From: Michał Górny Date: Thu, 1 Aug 2013 23:40:21 +0200 Subject: Establish simple SSL client certificate auth. The auth is based on matching e-mail addresses from valid (and trusted) certificates onto system users. Whenever user requests SSL cert auth, he is redirected to a dedicated vhost where the HTTP server requests the certificate. Once there, ssl-auth view checks the verification result and obtains e-mail addresses from the certificate. The e-mail addresses are compared to system users and if a match occurs, an authentication token is created. The ssl-auth view redirects back to login, passing either the token, or error message. If a valid token is passed, ExternalBackend is used to sucessfully authenticate the user. Otherwise, the error message is printed alike regular login messages. --- okupy/accounts/urls.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'okupy/accounts/urls.py') diff --git a/okupy/accounts/urls.py b/okupy/accounts/urls.py index f9eb2dd..e700ade 100644 --- a/okupy/accounts/urls.py +++ b/okupy/accounts/urls.py @@ -1,13 +1,14 @@ # vim:fileencoding=utf8:et:ts=4:sts=4:sw=4:ft=python from django.conf.urls import patterns, url -from .views import (login, logout, index, signup, activate, devlist, +from .views import (login, ssl_auth, logout, index, signup, activate, devlist, formerdevlist, foundationlist, openid_endpoint, user_page, openid_auth_site) accounts_urlpatterns = patterns('', url(r'^$', index), url(r'^login/$', login), + url(r'^ssl-auth/$', ssl_auth), url(r'^logout/$', logout), url(r'^devlist/$', devlist), url(r'^former-devlist/$', formerdevlist), -- cgit v1.2.3-65-gdbad