Make shared secret auth set up a user

2013-04-04 18:42:43 -07:00 · 2013-04-04 18:42:43 -07:00 · 4040db355d
--- a/mkt/api/authentication.py
+++ b/mkt/api/authentication.py
@ -4,7 +4,7 @@ import json
 from urlparse import urljoin

 from django.conf import settings
-from django.contrib.auth.models import AnonymousUser
+from django.contrib.auth.models import AnonymousUser, User

 import commonware.log
 import oauth2
@ -167,8 +167,17 @@ class SharedSecretAuthentication(Authentication):
                email + settings.SECRET_KEY).hexdigest()
            matches = hmac.new(unique_id + settings.SECRET_KEY,
                               consumer_id, hashlib.sha512).hexdigest() == hm
-            if not matches:
+            if matches:
+                try:
+                    request.user = User.objects.get(email=email)
+                except User.DoesNotExist:
+                    log.info('Auth token matches absent user (%s)' % email)
+                    return False
+
+                ACLMiddleware().process_request(request)
+            else:
                log.info('Shared-secret auth token does not match')
+
            return matches
        except Exception, e:
            log.info('Bad shared-secret auth data: %s (%s)', auth, e)
--- a/mkt/api/tests/test_authentication.py
+++ b/mkt/api/tests/test_authentication.py
@ -165,10 +165,12 @@ class TestSharedSecretAuthentication(TestCase):
                                   '121c5c165f3515838d4d6c60c4,165d631d3c3045'
                                   '458b4516242dad7ae')
        ok_(self.auth.is_authenticated(req))
+        eq_(self.profile.user.pk, req.amo_user.pk)

    def test_failed_session_auth(self):
        req = RequestFactory().get('/?_user=bogus')
        ok_(not self.auth.is_authenticated(req))
+        assert not getattr(req, 'amo_user', None)

    def test_session_auth_no_post(self):
        req = RequestFactory().post('/')
@ -207,6 +209,7 @@ class TestMultipleAuthentication(TestCase):
        self.resource._meta.authentication = (
                authentication.SharedSecretAuthentication())
        eq_(self.resource.is_authenticated(req), None)
+        eq_(self.profile.user.pk, req.amo_user.pk)

    def test_multiple_passes(self):
        req = RequestFactory().get('/')