Bypass authentication using a settings param

b673cfd8 · Georgios Gousios · 88935da0 · b673cfd8 · b673cfd8
Commit b673cfd8 authored Jun 01, 2011 by Georgios Gousios
--- a/aai/middleware.py
+++ b/aai/middleware.py
@@ -19,9 +19,10 @@ class SynnefoAuthMiddleware(object):

        # Special case for testing purposes, delivers the cookie for the
        # test user on first access
-        # TODO: REMOVE THE FOLLOWING BEFORE DEPLOYMENT
-        if request.GET.get('test') is not None:
-            u = SynnefoUser.objects.get(auth_token='46e427d657b20defe352804f0eb6f8a2')
+        if settings.BYPASS_AUTHENTICATION and \
+           request.GET.get('test') is not None:
+            u = SynnefoUser.objects.get(
+                auth_token='46e427d657b20defe352804f0eb6f8a2')
            return self._redirect_shib_auth_user(user = u)

        token = None

--- a/settings.py.dist
+++ b/settings.py.dist
@@ -260,3 +260,8 @@ SMTP_SERVER="127.0.0.1"
 #Email account to use for system emails
 SYSTEM_EMAIL_ADDR="noreply@grnet.gr"

+#Enable receiving a temporary auth token (using the ?test URL parameter) that
+#bypasses the authentication mechanism
+#WARNING, ACHTUNG, README, XXX ,etc: DO NOT ENABLE THIS ON DEPLOYED VERSIONS
+BYPASS_AUTHENTICATION = False
+