--- /dev/null
+"""CAS authentication middleware"""
+
+from urllib import urlencode
+
+from django.http import HttpResponseRedirect, HttpResponseForbidden
+from django.conf import settings
+from django.contrib.auth import REDIRECT_FIELD_NAME
+from django.contrib.auth.views import login, logout
+from django.core.urlresolvers import reverse
+
+from django_cas.views import login as cas_login, logout as cas_logout
+
+__all__ = ['CASMiddleware']
+
+class CASMiddleware(object):
+ """Middleware that allows CAS authentication on admin pages"""
+
+ def process_request(self, request):
+ """Checks that the authentication middleware is installed"""
+
+ error = ("The Django CAS middleware requires authentication "
+ "middleware to be installed. Edit your MIDDLEWARE_CLASSES "
+ "setting to insert 'django.contrib.auth.middleware."
+ "AuthenticationMiddleware'.")
+ assert hasattr(request, 'user'), error
+
+ def process_view(self, request, view_func, view_args, view_kwargs):
+ """Forwards unauthenticated requests to the admin page to the CAS
+ login URL, as well as calls to django.contrib.auth.views.login and
+ logout.
+ """
+
+ if view_func == login:
+ return cas_login(request, *view_args, **view_kwargs)
+ elif view_func == logout:
+ return cas_logout(request, *view_args, **view_kwargs)
+
+ if settings.CAS_ADMIN_PREFIX:
+ if not request.path.startswith(settings.CAS_ADMIN_PREFIX):
+ return None
+ elif not view_func.__module__.startswith('django.contrib.admin.'):
+ return None
+
+ if request.user.is_authenticated():
+ if request.user.is_staff:
+ return None
+ else:
+ error = ('<h1>Forbidden</h1><p>You do not have staff '
+ 'privileges.</p>')
+ return HttpResponseForbidden(error)
+ params = urlencode({REDIRECT_FIELD_NAME: request.get_full_path()})
+ return HttpResponseRedirect(reverse(cas_login) + '?' + params)