source: main/waeup.sirp/branches/ulif-images/src/waeup/sirp/authentication.py @ 10009

Last change on this file since 10009 was 5055, checked in by uli, 15 years ago

BBB imports.
File size: 5.0 KB
Line 
1"""Authentication for WAeUP portals.
2"""
3import grok
4import waeup.sirp.permissions
5from zope.component import getUtility
6try:
7    from zope.pluggableauth.plugins.session import SessionCredentialsPlugin
8except ImportError:
9    # BBB
10    from zope.app.authentication.session import SessionCredentialsPlugin
11try:
12    from zope.pluggableauth.interfaces import (
13        ICredentialsPlugin, IAuthenticatorPlugin, IPrincipalInfo)
14    from zope.password.interfaces import IPasswordManager
15except ImportError:
16    # BBB
17    from zope.app.authentication.interfaces import (
18        ICredentialsPlugin, IAuthenticatorPlugin, IPrincipalInfo,
19        IPasswordManager)
20from zope.securitypolicy.interfaces import IPrincipalRoleManager
21from zope.securitypolicy.principalrole import principalRoleManager
22from waeup.sirp.interfaces import IUserAccount
23
24def setup_authentication(pau):
25    """Set up plugguble authentication utility.
26
27    Sets up an IAuthenticatorPlugin and
28    ICredentialsPlugin (for the authentication mechanism)
29    """
30    pau.credentialsPlugins = ['No Challenge if Authenticated', 'credentials']
31    pau.authenticatorPlugins = ['users']
32
33class WAeUPSessionCredentialsPlugin(grok.GlobalUtility,
34                                    SessionCredentialsPlugin):
35    grok.provides(ICredentialsPlugin)
36    grok.name('credentials')
37
38    loginpagename = 'login'
39    loginfield = 'form.login'
40    passwordfield = 'form.password'
41
42class PrincipalInfo(object):
43    grok.implements(IPrincipalInfo)
44
45    def __init__(self, id, title, description):
46        self.id = id
47        self.title = title
48        self.description = description
49        self.credentialsPlugin = None
50        self.authenticatorPlugin = None
51
52class Account(grok.Model):
53    grok.implements(IUserAccount)
54
55    def __init__(self, name, password, title=None, description=None,
56                 roles = []):
57        self.name = name
58        if title is None:
59            title = name
60        if description is None:
61            description = title
62        self.title = title
63        self.description = description
64        self.setPassword(password)
65        self.setRoles(roles)
66
67    def setPassword(self, password):
68        passwordmanager = getUtility(IPasswordManager, 'SHA1')
69        self.password = passwordmanager.encodePassword(password)
70
71    def checkPassword(self, password):
72        passwordmanager = getUtility(IPasswordManager, 'SHA1')
73        return passwordmanager.checkPassword(self.password, password)
74
75    def getRoles(self):
76        prm = self._getPrincipalRoleManager()
77        roles = [x[0] for x in prm.getRolesForPrincipal(self.name)
78                 if x[0].startswith('waeup.')]
79        return roles
80
81    def setRoles(self, roles):
82        prm = self._getPrincipalRoleManager()
83
84        old_roles = self.getRoles()
85        for role in old_roles:
86            # Remove old roles, not to be set now...
87            if role.startswith('waeup.') and role not in roles:
88                prm.unsetRoleForPrincipal(role, self.name)
89
90        for role in roles:
91            prm.assignRoleToPrincipal(role, self.name)
92
93    roles = property(getRoles, setRoles)
94
95    def _getPrincipalRoleManager(self):
96        portal = grok.getSite()
97        if portal is not None:
98            return IPrincipalRoleManager(portal)
99        return principalRoleManager
100
101class UserAuthenticatorPlugin(grok.GlobalUtility):
102    grok.provides(IAuthenticatorPlugin)
103    grok.name('users')
104
105    def authenticateCredentials(self, credentials):
106        if not isinstance(credentials, dict):
107            return None
108        if not ('login' in credentials and 'password' in credentials):
109            return None
110        account = self.getAccount(credentials['login'])
111
112        if account is None:
113            return None
114        if not account.checkPassword(credentials['password']):
115            return None
116        return PrincipalInfo(id=account.name,
117                             title=account.title,
118                             description=account.description)
119
120    def principalInfo(self, id):
121        account = self.getAccount(id)
122        if account is None:
123            return None
124        return PrincipalInfo(id=account.name,
125                             title=account.title,
126                             description=account.description)
127
128    def getAccount(self, login):
129        # ... look up the account object and return it ...
130        usercontainer = self.getUserContainer()
131        if usercontainer is None:
132            return
133        return usercontainer.get(login, None)
134
135    def addAccount(self, account):
136        usercontainer = self.getUserContainer()
137        if usercontainer is None:
138            return
139        # XXX: complain if name already exists...
140        usercontainer.addAccount(account)
141
142    def addUser(self, name, password, title=None, description=None):
143        usercontainer = self.getUserContainer()
144        if usercontainer is None:
145            return
146        usercontainer.addUser(name, password, title, description)
147
148    def getUserContainer(self):
149        site = grok.getSite()
150        return site['users']
Note: See TracBrowser for help on using the repository browser.