1 | ## $Id: authentication.py 13394 2015-11-06 05:43:37Z henrik $ |
---|
2 | ## |
---|
3 | ## Copyright (C) 2011 Uli Fouquet & Henrik Bettermann |
---|
4 | ## This program is free software; you can redistribute it and/or modify |
---|
5 | ## it under the terms of the GNU General Public License as published by |
---|
6 | ## the Free Software Foundation; either version 2 of the License, or |
---|
7 | ## (at your option) any later version. |
---|
8 | ## |
---|
9 | ## This program is distributed in the hope that it will be useful, |
---|
10 | ## but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
11 | ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
---|
12 | ## GNU General Public License for more details. |
---|
13 | ## |
---|
14 | ## You should have received a copy of the GNU General Public License |
---|
15 | ## along with this program; if not, write to the Free Software |
---|
16 | ## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
---|
17 | ## |
---|
18 | """ |
---|
19 | Authenticate applicants. |
---|
20 | """ |
---|
21 | import grok |
---|
22 | from zope.component import getUtility |
---|
23 | from zope.password.interfaces import IPasswordManager |
---|
24 | from zope.pluggableauth.interfaces import IAuthenticatorPlugin |
---|
25 | from waeup.kofa.interfaces import IAuthPluginUtility, IUserAccount |
---|
26 | from waeup.kofa.applicants.interfaces import IApplicant |
---|
27 | from waeup.kofa.students.authentication import ( |
---|
28 | StudentAccount, StudentsAuthenticatorPlugin) |
---|
29 | |
---|
30 | class ApplicantAccount(StudentAccount): |
---|
31 | """An adapter to turn applicant objects into accounts on-the-fly. |
---|
32 | """ |
---|
33 | grok.context(IApplicant) |
---|
34 | grok.implements(IUserAccount) |
---|
35 | |
---|
36 | @property |
---|
37 | def name(self): |
---|
38 | return self.context.applicant_id |
---|
39 | |
---|
40 | @property |
---|
41 | def title(self): |
---|
42 | return self.context.display_fullname |
---|
43 | |
---|
44 | @property |
---|
45 | def user_type(self): |
---|
46 | return u'applicant' |
---|
47 | |
---|
48 | def checkPassword(self, password): |
---|
49 | """Check whether the given `password` matches the one stored by |
---|
50 | students. We additionally check if applicant account has been suspended |
---|
51 | or if the portal is blocked. |
---|
52 | """ |
---|
53 | try: |
---|
54 | blocker = grok.getSite()['configuration'].maintmode_enabled_by |
---|
55 | if blocker: |
---|
56 | return False |
---|
57 | except TypeError: # in unit tests |
---|
58 | pass |
---|
59 | if not isinstance(password, basestring): |
---|
60 | return False |
---|
61 | passwordmanager = getUtility(IPasswordManager, 'SSHA') |
---|
62 | if not getattr(self.context, 'password', None): |
---|
63 | # unset/empty passwords do never match |
---|
64 | return False |
---|
65 | if self.context.suspended == True: |
---|
66 | return False |
---|
67 | return passwordmanager.checkPassword(self.context.password, password) |
---|
68 | |
---|
69 | class ApplicantsAuthenticatorPlugin(StudentsAuthenticatorPlugin): |
---|
70 | grok.implements(IAuthenticatorPlugin) |
---|
71 | grok.provides(IAuthenticatorPlugin) |
---|
72 | grok.name('applicants') |
---|
73 | |
---|
74 | def getAccount(self, login): |
---|
75 | """Look up a applicant identified by `login`. Returns an account. |
---|
76 | |
---|
77 | First we split the login name into the container part and |
---|
78 | the application number part. Then we simply look up the key under which |
---|
79 | the applicant is stored in the respective applicants cointainer of |
---|
80 | the portal. |
---|
81 | |
---|
82 | Returns not an applicant but an account object adapted from any |
---|
83 | applicant found. |
---|
84 | |
---|
85 | If no such applicant exists, ``None`` is returned. |
---|
86 | """ |
---|
87 | site = grok.getSite() |
---|
88 | if site is None: |
---|
89 | return None |
---|
90 | applicantsroot = site.get('applicants', None) |
---|
91 | if applicantsroot is None: |
---|
92 | return None |
---|
93 | try: |
---|
94 | container, application_number = login.split('_') |
---|
95 | except ValueError: |
---|
96 | return None |
---|
97 | applicantscontainer = applicantsroot.get(container,None) |
---|
98 | if applicantscontainer is None: |
---|
99 | return None |
---|
100 | applicant = applicantscontainer.get(application_number, None) |
---|
101 | if applicant is None: |
---|
102 | return None |
---|
103 | return IUserAccount(applicant) |
---|
104 | |
---|
105 | class ApplicantsAuthenticatorSetup(grok.GlobalUtility): |
---|
106 | """Register or unregister applicant authentication for a PAU. |
---|
107 | |
---|
108 | This piece is called when a new site is created. |
---|
109 | """ |
---|
110 | grok.implements(IAuthPluginUtility) |
---|
111 | grok.name('applicants_auth_setup') |
---|
112 | |
---|
113 | def register(self, pau): |
---|
114 | plugins = list(pau.authenticatorPlugins) |
---|
115 | plugins.append('applicants') |
---|
116 | pau.authenticatorPlugins = tuple(plugins) |
---|
117 | return pau |
---|
118 | |
---|
119 | def unregister(self, pau): |
---|
120 | plugins = [x for x in pau.authenticatorPlugins |
---|
121 | if x != 'applicants'] |
---|
122 | pau.authenticatorPlugins = tuple(plugins) |
---|
123 | return pau |
---|