Context navigation

source: main/waeup.sirp/trunk/src/waeup/sirp/applicants/authentication.py @ 5806

Last change on this file since 5806 was 5806, checked in by uli, 14 years ago
Fix imports of moved helper functions.
File size: 9.2 KB

Rev	Line
[5431]	1	##
	2	## authentication.py
	3	## Login : <uli@pu.smp.net>
	4	## Started on Tue Jul 27 14:26:35 2010 Uli Fouquet
	5	## $Id$
	6	##
	7	## Copyright (C) 2010 Uli Fouquet
	8	## This program is free software; you can redistribute it and/or modify
	9	## it under the terms of the GNU General Public License as published by
	10	## the Free Software Foundation; either version 2 of the License, or
	11	## (at your option) any later version.
	12	##
	13	## This program is distributed in the hope that it will be useful,
	14	## but WITHOUT ANY WARRANTY; without even the implied warranty of
	15	## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	16	## GNU General Public License for more details.
	17	##
	18	## You should have received a copy of the GNU General Public License
	19	## along with this program; if not, write to the Free Software
	20	## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
	21	##
	22	"""Special authentication for applicants.
	23
	24	XXX: This is work in progress, experimental code! Don't do that at home!
	25	"""
	26	import grok
	27	from zope.event import notify
	28	from zope.pluggableauth.factories import Principal
	29	from zope.pluggableauth.interfaces import (
	30	ICredentialsPlugin, IAuthenticatorPlugin, IPrincipalInfo,
	31	IAuthenticatedPrincipalFactory, AuthenticatedPrincipalCreated)
	32	from zope.pluggableauth.plugins.session import SessionCredentialsPlugin
	33	from zope.publisher.interfaces import IRequest
	34	from zope.publisher.interfaces.http import IHTTPRequest
	35	from zope.session.interfaces import ISession
	36	from waeup.sirp.authentication import Account, PrincipalInfo
[5762]	37	from waeup.sirp.applicants.interfaces import (
[5440]	38	IApplicantPrincipalInfo, IApplicantPrincipal, IApplicantSessionCredentials,
	39	IJAMBApplicantSessionCredentials)
[5806]	40	from waeup.sirp.applicants import (
[5689]	41	get_applicant_data, application_exists,
	42	)
[5447]	43	from waeup.sirp.accesscodes import get_access_code
[5431]	44
	45	class PortalUser(grok.Role):
	46	"""A role for applicants.
	47	"""
	48	grok.name('waeup.Applicant')
	49	grok.permissions('waeup.Public')
	50
	51	class ApplicantPrincipalInfo(object):
[5441]	52	"""Infos about an applicant principal.
	53	"""
[5431]	54	grok.implements(IApplicantPrincipalInfo)
	55
[5441]	56	def __init__(self, access_code, jamb_reg_no=None):
[5444]	57	self.id = principal_id(access_code, jamb_reg_no)
[5431]	58	self.title = u'Applicant'
	59	self.description = u'An Applicant'
	60	self.credentialsPlugin = None
	61	self.authenticatorPlugin = None
[5441]	62	self.reg_no = jamb_reg_no
[5431]	63	self.access_code = access_code
	64
	65	class ApplicantPrincipal(Principal):
[5441]	66	"""An applicant principal.
[5431]	67
[5441]	68	Applicant principals provide an extra `access_code` and `reg_no`
	69	attribute extending ordinary principals.
	70	"""
	71
[5431]	72	grok.implements(IApplicantPrincipal)
	73
[5464]	74	def __init__(self, access_code, reg_no, prefix=None):
	75	self.id = principal_id(access_code, reg_no)
	76	if prefix is not None:
	77	self.id = '%s.%s' % (prefix, self.id)
[5431]	78	self.title = u'Applicant'
	79	self.description = u'An applicant'
	80	self.groups = []
	81	self.reg_no = reg_no
	82	self.access_code = access_code
	83
	84	def __repr__(self):
	85	return 'ApplicantPrincipal(%r)' % self.id
	86
	87	class AuthenticatedApplicantPrincipalFactory(grok.MultiAdapter):
	88	"""Creates 'authenticated' applicant principals.
[5441]	89
	90	Adapts (principal info, request) to an ApplicantPrincipal instance.
	91
	92	This adapter is used by the standard PAU to transform
	93	PrincipalInfos into Principal instances.
[5431]	94	"""
	95	grok.adapts(IApplicantPrincipalInfo, IRequest)
	96	grok.implements(IAuthenticatedPrincipalFactory)
	97
	98	def __init__(self, info, request):
	99	self.info = info
	100	self.request = request
	101
	102	def __call__(self, authentication):
	103	principal = ApplicantPrincipal(
[5464]	104	self.info.access_code,
	105	self.info.reg_no,
	106	authentication.prefix,
[5431]	107	)
	108	notify(
	109	AuthenticatedPrincipalCreated(
	110	authentication, principal, self.info, self.request))
	111	return principal
	112
[5440]	113
	114	#
	115	# Credentials plugins and related....
	116	#
	117
	118	class ApplicantCredentials(object):
	119	"""Credentials class for ordinary applicants.
	120	"""
	121	grok.implements(IApplicantSessionCredentials)
	122
	123	def __init__(self, access_code):
	124	self.access_code = access_code
	125
	126	def getAccessCode(self):
	127	"""Get the access code.
	128	"""
	129	return self.access_code
	130
[5444]	131	def getLogin(self):
	132	"""Stay compatible with non-applicant authenticators.
	133	"""
	134	return None
	135
	136	def getPassword(self):
	137	"""Stay compatible with non-applicant authenticators.
	138	"""
	139	return None
	140
[5440]	141	class JAMBApplicantCredentials(ApplicantCredentials):
	142	"""Credentials class for JAMB-screened applicants.
	143	"""
	144	grok.implements(IJAMBApplicantSessionCredentials)
	145
	146	def __init__(self, access_code, jamb_reg_no):
	147	self.access_code = access_code
	148	self.jamb_reg_no = jamb_reg_no
	149
	150	def getJAMBRegNo(self):
	151	"""Get the JAMB registration no.
	152	"""
	153	return self.jamb_reg_no
	154
[5431]	155	class WAeUPApplicantCredentialsPlugin(grok.GlobalUtility,
	156	SessionCredentialsPlugin):
[5440]	157	"""A credentials plugin that scans requests for applicant credentials.
	158	"""
[5431]	159	grok.provides(ICredentialsPlugin)
	160	grok.name('applicant_credentials')
	161
	162	loginpagename = 'login'
[5444]	163	accesscode_prefix_field = 'form.prefix'
	164	accesscode_series_field = 'form.ac_series'
	165	accesscode_number_field = 'form.ac_number'
[5440]	166	jamb_reg_no_field = 'form.jamb_reg_no'
[5431]	167
	168	def extractCredentials(self, request):
	169	"""Extracts credentials from a session if they exist.
	170	"""
	171	if not IHTTPRequest.providedBy(request):
	172	return None
	173	session = ISession(request)
	174	sessionData = session.get(
	175	'zope.pluggableauth.browserplugins')
[5444]	176	access_code_prefix = request.get(self.accesscode_prefix_field, None)
	177	access_code_series = request.get(self.accesscode_series_field, None)
	178	access_code_no = request.get(self.accesscode_number_field, None)
[5440]	179	jamb_reg_no = request.get(self.jamb_reg_no_field, None)
[5444]	180	access_code = '%s-%s-%s' % (
	181	access_code_prefix, access_code_series, access_code_no)
	182	if None in [access_code_prefix, access_code_series, access_code_no]:
	183	access_code = None
[5431]	184	credentials = None
	185
[5440]	186	if access_code and jamb_reg_no:
	187	credentials = JAMBApplicantCredentials(
	188	access_code, jamb_reg_no)
	189	elif access_code:
	190	credentials = ApplicantCredentials(access_code)
[5431]	191	elif not sessionData:
	192	return None
	193	sessionData = session[
	194	'zope.pluggableauth.browserplugins']
	195	if credentials:
	196	sessionData['credentials'] = credentials
	197	else:
	198	credentials = sessionData.get('credentials', None)
	199	if not credentials:
	200	return None
[5497]	201	if not IApplicantSessionCredentials.providedBy(credentials):
	202	# If credentials were stored in session from another
	203	# credentials plugin then we cannot make assumptions about
	204	# its structure.
	205	return None
[5452]	206	if not IJAMBApplicantSessionCredentials.providedBy(credentials):
	207	# Entered credentials are ordinary applicant credentials,
	208	# not JAMB-screened applicant credentials
	209	return {'accesscode': credentials.getAccessCode()}
	210	return {'accesscode': credentials.getAccessCode(),
	211	'jambregno': credentials.getJAMBRegNo()}
[5431]	212
	213
[5452]	214
[5431]	215	class ApplicantsAuthenticatorPlugin(grok.GlobalUtility):
	216	"""Authenticate applicants.
	217
	218	XXX: This plugin currently accepts any input and authenticates the
	219	user as applicant.
	220	"""
	221	grok.provides(IAuthenticatorPlugin)
	222	grok.name('applicants')
	223
	224	def authenticateCredentials(self, credentials):
	225	if not isinstance(credentials, dict):
	226	return None
[5460]	227	accesscode = credentials.get('accesscode', None)
	228	jambregno = credentials.get('jambregno', None)
	229	if accesscode is None:
[5431]	230	return None
[5460]	231	applicant_data, ac = get_applicant_data(jambregno, accesscode)
	232	appl_ac = getattr(applicant_data, 'access_code', None)
	233	#print "AUTH", accesscode, jambregno
[5446]	234	if ac is None:
	235	return None
[5460]	236	if jambregno is not None and applicant_data is None:
	237	return None
	238	if ac.invalidation_date is not None and appl_ac != ac.representation:
	239	return None
	240	if appl_ac is not None and appl_ac != ac.representation:
	241	return None
	242	return ApplicantPrincipalInfo(accesscode, jambregno)
[5431]	243
	244	def principalInfo(self, id):
	245	"""Returns an IPrincipalInfo object for the specified principal id.
	246
[5441]	247	This method is used by the stadard PAU to lookup for instance
	248	groups. If a principal belongs to a group, the group is looked
	249	up by the id. Currently we always return ``None``,
	250	indicating, that the principal could not be found. This also
	251	means, that is has no effect if applicant users belong to a
	252	certain group. They can not gain extra-permissions this way.
[5431]	253	"""
	254	return None
[5435]	255
	256	def principal_id(access_code, jamb_reg_no=None):
	257	"""Get a principal ID for applicants.
	258
	259	We need unique principal ids for appliants. As access codes must
	260	be unique we simply return them.
	261	"""
	262	return access_code

Note: See TracBrowser for help on using the repository browser.

Download in other formats: