misc: add django-mellon support for SSO

welco/settings.py

@@ -100,6 +100,35 @@ TEMPLATE_DIRS = (
     os.path.join(BASE_DIR, 'welco', 'templates'),
 )
 
+# Authentication settings
+try:
+    import mellon
+except ImportError:
+    mellon = None
+
+if mellon is not None:
+    AUTHENTICATION_BACKENDS = (
+        'mellon.backends.SAMLBackend',
+        'django.contrib.auth.backends.ModelBackend',
+    )
+
+LOGIN_URL = '/login/'
+LOGIN_REDIRECT_URL = '/'
+LOGOUT_URL = '/logout/'
+
+MELLON_ATTRIBUTE_MAPPING = {
+    'email': '{attributes[email][0]}',
+    'first_name': '{attributes[first_name][0]}',
+    'last_name': '{attributes[last_name][0]}',
+}
+
+MELLON_SUPERUSER_MAPPING = {
+    'is_superuser': 'true',
+}
+
+MELLON_USERNAME_TEMPLATE = '{attributes[name_id_content]}'
+
+MELLON_IDENTITY_PROVIDERS = []
 
 local_settings_file = os.environ.get('WELCO_SETTINGS_FILE',
         os.path.join(os.path.dirname(__file__), 'local_settings.py'))

welco/templates/mellon/base.html

@@ -0,0 +1,11 @@
+{% extends "welco/base.html" %}
+
+{% block menu %}{% endblock %}
+
+{% block content %}
+{% block mellon_content %}
+{% endblock %}
+{% endblock %}
+
+{% block footer %}
+{% endblock %}

welco/urls.py

@@ -14,15 +14,20 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-from django.conf.urls import patterns, url
+from django.conf.urls import patterns, include, url
 from django.conf import settings
 
 from . import apps
 
 urlpatterns = patterns('',
     url(r'^$', 'welco.views.home', name='home'),
+    url(r'^logout/$', 'welco.views.logout', name='auth_logout'),
+    url(r'^login/$', 'welco.views.login', name='auth_login'),
 )
 
+if 'mellon' in settings.INSTALLED_APPS:
+    urlpatterns += patterns('', url(r'^accounts/mellon/', include('mellon.urls')))
+
 # static and media files
 from django.contrib.staticfiles.urls import staticfiles_urlpatterns
 urlpatterns += staticfiles_urlpatterns()

welco/views.py

@@ -14,10 +14,39 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+from django.contrib.auth import logout as auth_logout
+from django.contrib.auth import views as auth_views
+from django.http import HttpResponseRedirect
+from django.shortcuts import resolve_url
 from django.views.generic import TemplateView
 
+try:
+    from mellon.utils import get_idps
+except ImportError:
+    get_idps = lambda: []
+
 from sources.mail.views import Home as MailHome
 
+
+def login(request, *args, **kwargs):
+    if any(get_idps()):
+        if not 'next' in request.GET:
+            return HttpResponseRedirect(resolve_url('mellon_login'))
+        return HttpResponseRedirect(resolve_url('mellon_login') + '?next='
+                                    + urllib.quote(request.GET.get('next')))
+    return auth_views.login(request, *args, **kwargs)
+
+def logout(request, next_page=None):
+    if any(get_idps()):
+        return HttpResponseRedirect(resolve_url('mellon_logout'))
+    auth_logout(request)
+    if next_page is not None:
+        next_page = resolve_url(next_page)
+    else:
+        next_page = '/'
+    return HttpResponseRedirect(next_page)
+
+
 class Home(TemplateView):
     template_name = 'welco/home.html'