reviewboard.accounts.backends.x509¶

X.509 authentication backend.

class X509Backend[source]¶

Bases: BaseAuthBackend

Authenticate a user from a X.509 client certificate.

The certificate is passed in by the browser. This backend relies on the X509AuthMiddleware to extract a username field from the client certificate.

backend_id: Optional[str] = 'x509'[source]¶

The unique ID for the authentication backend.

Type:

str

name: Optional[StrOrPromise] = 'X.509 Public Key'[source]¶

The display name for the authentication backend.

This will be shown in the list of backends in the administration UI.

Type:

str

settings_form[source]¶

alias of X509SettingsForm

supports_change_password: bool = True[source]¶

Whether this backend supports changing the user’s password.

Type:

bool

authenticate(request: Optional[HttpRequest] = None, *, x509_field: str = '', **kwargs) → Optional[User][source]¶

Authenticate the user.

This will extract the username from the provided certificate and return the appropriate User object.

Changed in version 6.0:

• request is now optional.

• username and password are technically optional, to aid in consistency for type hints, but will result in a None result.

Changed in version 4.0: The request argument is now mandatory as the first positional argument, as per requirements in Django.

Parameters:

• request (django.http.HttpRequest) – The HTTP request from the caller. This may be None.

• x509_field (str, optional) – The value of the field containing the username.

• **kwargs (dict, unused) – Additional keyword arguments supplied by the caller.

Returns:

The authenticated user, or None if the user could not be authenticated for any reason.

Return type:

django.contrib.auth.models.User

clean_username(username: str) → str[source]¶

Validate the ‘username’ field.

This checks to make sure that the contents of the username field are valid for X509 authentication.

Parameters:

username (str) – The username to validate.

Returns:

The resulting username.

Return type:

str

get_or_create_user(username: str, request: Optional[HttpRequest] = None) → Optional[User][source]¶

Return an existing user or create one if it doesn’t exist.

This does not authenticate the user.

If the user does not exist in the database, but does in the backend, its information will be stored in the database for later lookup.

Parameters:

• username (str) – The username to fetch or create.

• request (django.http.HttpRequest, optional) – The HTTP request from the client.

Returns:

The resulting user, or None if one could not be found.

Return type:

django.contrib.auth.models.User

__annotations__ = {'INVALID_USERNAME_CHAR_REGEX': 're.Pattern', 'backend_id': 'Optional[str]', 'login_instructions': 'Optional[StrOrPromise]', 'name': 'Optional[StrOrPromise]', 'settings_form': 'Optional[Type[SiteSettingsForm]]', 'supports_change_email': 'bool', 'supports_change_name': 'bool', 'supports_change_password': 'bool', 'supports_registration': 'bool'}¶