1 | ## |
---|
2 | ## authentication.py |
---|
3 | ## Login : <uli@pu.smp.net> |
---|
4 | ## Started on Tue Jul 27 14:26:35 2010 Uli Fouquet |
---|
5 | ## $Id$ |
---|
6 | ## |
---|
7 | ## Copyright (C) 2010 Uli Fouquet |
---|
8 | ## This program is free software; you can redistribute it and/or modify |
---|
9 | ## it under the terms of the GNU General Public License as published by |
---|
10 | ## the Free Software Foundation; either version 2 of the License, or |
---|
11 | ## (at your option) any later version. |
---|
12 | ## |
---|
13 | ## This program is distributed in the hope that it will be useful, |
---|
14 | ## but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
15 | ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
---|
16 | ## GNU General Public License for more details. |
---|
17 | ## |
---|
18 | ## You should have received a copy of the GNU General Public License |
---|
19 | ## along with this program; if not, write to the Free Software |
---|
20 | ## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
---|
21 | ## |
---|
22 | """Special authentication for applicants. |
---|
23 | |
---|
24 | XXX: This is work in progress, experimental code! Don't do that at home! |
---|
25 | """ |
---|
26 | import grok |
---|
27 | from zope.event import notify |
---|
28 | from zope.pluggableauth.factories import Principal |
---|
29 | from zope.pluggableauth.interfaces import ( |
---|
30 | ICredentialsPlugin, IAuthenticatorPlugin, IPrincipalInfo, |
---|
31 | IAuthenticatedPrincipalFactory, AuthenticatedPrincipalCreated) |
---|
32 | from zope.pluggableauth.plugins.session import SessionCredentialsPlugin |
---|
33 | from zope.publisher.interfaces import IRequest |
---|
34 | from zope.publisher.interfaces.http import IHTTPRequest |
---|
35 | from zope.session.interfaces import ISession |
---|
36 | from waeup.sirp.authentication import Account, PrincipalInfo |
---|
37 | from waeup.sirp.applicants.interfaces import ( |
---|
38 | IApplicantPrincipalInfo, IApplicantPrincipal, IApplicantSessionCredentials, |
---|
39 | IJAMBApplicantSessionCredentials) |
---|
40 | from waeup.sirp.applicants import ( |
---|
41 | get_applicant_data, application_exists, |
---|
42 | ) |
---|
43 | from waeup.sirp.accesscodes import get_access_code |
---|
44 | |
---|
45 | class PortalUser(grok.Role): |
---|
46 | """A role for applicants. |
---|
47 | """ |
---|
48 | grok.name('waeup.Applicant') |
---|
49 | grok.permissions('waeup.Public') |
---|
50 | |
---|
51 | class ApplicantPrincipalInfo(object): |
---|
52 | """Infos about an applicant principal. |
---|
53 | """ |
---|
54 | grok.implements(IApplicantPrincipalInfo) |
---|
55 | |
---|
56 | def __init__(self, access_code, jamb_reg_no=None): |
---|
57 | self.id = principal_id(access_code, jamb_reg_no) |
---|
58 | self.title = u'Applicant' |
---|
59 | self.description = u'An Applicant' |
---|
60 | self.credentialsPlugin = None |
---|
61 | self.authenticatorPlugin = None |
---|
62 | self.reg_no = jamb_reg_no |
---|
63 | self.access_code = access_code |
---|
64 | |
---|
65 | class ApplicantPrincipal(Principal): |
---|
66 | """An applicant principal. |
---|
67 | |
---|
68 | Applicant principals provide an extra `access_code` and `reg_no` |
---|
69 | attribute extending ordinary principals. |
---|
70 | """ |
---|
71 | |
---|
72 | grok.implements(IApplicantPrincipal) |
---|
73 | |
---|
74 | def __init__(self, access_code, reg_no, prefix=None): |
---|
75 | self.id = principal_id(access_code, reg_no) |
---|
76 | if prefix is not None: |
---|
77 | self.id = '%s.%s' % (prefix, self.id) |
---|
78 | self.title = u'Applicant' |
---|
79 | self.description = u'An applicant' |
---|
80 | self.groups = [] |
---|
81 | self.reg_no = reg_no |
---|
82 | self.access_code = access_code |
---|
83 | |
---|
84 | def __repr__(self): |
---|
85 | return 'ApplicantPrincipal(%r)' % self.id |
---|
86 | |
---|
87 | class AuthenticatedApplicantPrincipalFactory(grok.MultiAdapter): |
---|
88 | """Creates 'authenticated' applicant principals. |
---|
89 | |
---|
90 | Adapts (principal info, request) to an ApplicantPrincipal instance. |
---|
91 | |
---|
92 | This adapter is used by the standard PAU to transform |
---|
93 | PrincipalInfos into Principal instances. |
---|
94 | """ |
---|
95 | grok.adapts(IApplicantPrincipalInfo, IRequest) |
---|
96 | grok.implements(IAuthenticatedPrincipalFactory) |
---|
97 | |
---|
98 | def __init__(self, info, request): |
---|
99 | self.info = info |
---|
100 | self.request = request |
---|
101 | |
---|
102 | def __call__(self, authentication): |
---|
103 | principal = ApplicantPrincipal( |
---|
104 | self.info.access_code, |
---|
105 | self.info.reg_no, |
---|
106 | authentication.prefix, |
---|
107 | ) |
---|
108 | notify( |
---|
109 | AuthenticatedPrincipalCreated( |
---|
110 | authentication, principal, self.info, self.request)) |
---|
111 | return principal |
---|
112 | |
---|
113 | |
---|
114 | # |
---|
115 | # Credentials plugins and related.... |
---|
116 | # |
---|
117 | |
---|
118 | class ApplicantCredentials(object): |
---|
119 | """Credentials class for ordinary applicants. |
---|
120 | """ |
---|
121 | grok.implements(IApplicantSessionCredentials) |
---|
122 | |
---|
123 | def __init__(self, access_code): |
---|
124 | self.access_code = access_code |
---|
125 | |
---|
126 | def getAccessCode(self): |
---|
127 | """Get the access code. |
---|
128 | """ |
---|
129 | return self.access_code |
---|
130 | |
---|
131 | def getLogin(self): |
---|
132 | """Stay compatible with non-applicant authenticators. |
---|
133 | """ |
---|
134 | return None |
---|
135 | |
---|
136 | def getPassword(self): |
---|
137 | """Stay compatible with non-applicant authenticators. |
---|
138 | """ |
---|
139 | return None |
---|
140 | |
---|
141 | class JAMBApplicantCredentials(ApplicantCredentials): |
---|
142 | """Credentials class for JAMB-screened applicants. |
---|
143 | """ |
---|
144 | grok.implements(IJAMBApplicantSessionCredentials) |
---|
145 | |
---|
146 | def __init__(self, access_code, jamb_reg_no): |
---|
147 | self.access_code = access_code |
---|
148 | self.jamb_reg_no = jamb_reg_no |
---|
149 | |
---|
150 | def getJAMBRegNo(self): |
---|
151 | """Get the JAMB registration no. |
---|
152 | """ |
---|
153 | return self.jamb_reg_no |
---|
154 | |
---|
155 | class WAeUPApplicantCredentialsPlugin(grok.GlobalUtility, |
---|
156 | SessionCredentialsPlugin): |
---|
157 | """A credentials plugin that scans requests for applicant credentials. |
---|
158 | """ |
---|
159 | grok.provides(ICredentialsPlugin) |
---|
160 | grok.name('applicant_credentials') |
---|
161 | |
---|
162 | loginpagename = 'login' |
---|
163 | accesscode_prefix_field = 'form.prefix' |
---|
164 | accesscode_series_field = 'form.ac_series' |
---|
165 | accesscode_number_field = 'form.ac_number' |
---|
166 | jamb_reg_no_field = 'form.jamb_reg_no' |
---|
167 | |
---|
168 | def extractCredentials(self, request): |
---|
169 | """Extracts credentials from a session if they exist. |
---|
170 | """ |
---|
171 | if not IHTTPRequest.providedBy(request): |
---|
172 | return None |
---|
173 | session = ISession(request) |
---|
174 | sessionData = session.get( |
---|
175 | 'zope.pluggableauth.browserplugins') |
---|
176 | access_code_prefix = request.get(self.accesscode_prefix_field, None) |
---|
177 | access_code_series = request.get(self.accesscode_series_field, None) |
---|
178 | access_code_no = request.get(self.accesscode_number_field, None) |
---|
179 | jamb_reg_no = request.get(self.jamb_reg_no_field, None) |
---|
180 | access_code = '%s-%s-%s' % ( |
---|
181 | access_code_prefix, access_code_series, access_code_no) |
---|
182 | if None in [access_code_prefix, access_code_series, access_code_no]: |
---|
183 | access_code = None |
---|
184 | credentials = None |
---|
185 | |
---|
186 | if access_code and jamb_reg_no: |
---|
187 | credentials = JAMBApplicantCredentials( |
---|
188 | access_code, jamb_reg_no) |
---|
189 | elif access_code: |
---|
190 | credentials = ApplicantCredentials(access_code) |
---|
191 | elif not sessionData: |
---|
192 | return None |
---|
193 | sessionData = session[ |
---|
194 | 'zope.pluggableauth.browserplugins'] |
---|
195 | if credentials: |
---|
196 | sessionData['credentials'] = credentials |
---|
197 | else: |
---|
198 | credentials = sessionData.get('credentials', None) |
---|
199 | if not credentials: |
---|
200 | return None |
---|
201 | if not IApplicantSessionCredentials.providedBy(credentials): |
---|
202 | # If credentials were stored in session from another |
---|
203 | # credentials plugin then we cannot make assumptions about |
---|
204 | # its structure. |
---|
205 | return None |
---|
206 | if not IJAMBApplicantSessionCredentials.providedBy(credentials): |
---|
207 | # Entered credentials are ordinary applicant credentials, |
---|
208 | # not JAMB-screened applicant credentials |
---|
209 | return {'accesscode': credentials.getAccessCode()} |
---|
210 | return {'accesscode': credentials.getAccessCode(), |
---|
211 | 'jambregno': credentials.getJAMBRegNo()} |
---|
212 | |
---|
213 | |
---|
214 | |
---|
215 | class ApplicantsAuthenticatorPlugin(grok.GlobalUtility): |
---|
216 | """Authenticate applicants. |
---|
217 | |
---|
218 | XXX: This plugin currently accepts any input and authenticates the |
---|
219 | user as applicant. |
---|
220 | """ |
---|
221 | grok.provides(IAuthenticatorPlugin) |
---|
222 | grok.name('applicants') |
---|
223 | |
---|
224 | def authenticateCredentials(self, credentials): |
---|
225 | if not isinstance(credentials, dict): |
---|
226 | return None |
---|
227 | accesscode = credentials.get('accesscode', None) |
---|
228 | jambregno = credentials.get('jambregno', None) |
---|
229 | if accesscode is None: |
---|
230 | return None |
---|
231 | applicant_data, ac = get_applicant_data(jambregno, accesscode) |
---|
232 | appl_ac = getattr(applicant_data, 'access_code', None) |
---|
233 | #print "AUTH", accesscode, jambregno |
---|
234 | if ac is None: |
---|
235 | return None |
---|
236 | if jambregno is not None and applicant_data is None: |
---|
237 | return None |
---|
238 | if ac.invalidation_date is not None and appl_ac != ac.representation: |
---|
239 | return None |
---|
240 | if appl_ac is not None and appl_ac != ac.representation: |
---|
241 | return None |
---|
242 | return ApplicantPrincipalInfo(accesscode, jambregno) |
---|
243 | |
---|
244 | def principalInfo(self, id): |
---|
245 | """Returns an IPrincipalInfo object for the specified principal id. |
---|
246 | |
---|
247 | This method is used by the stadard PAU to lookup for instance |
---|
248 | groups. If a principal belongs to a group, the group is looked |
---|
249 | up by the id. Currently we always return ``None``, |
---|
250 | indicating, that the principal could not be found. This also |
---|
251 | means, that is has no effect if applicant users belong to a |
---|
252 | certain group. They can not gain extra-permissions this way. |
---|
253 | """ |
---|
254 | return None |
---|
255 | |
---|
256 | def principal_id(access_code, jamb_reg_no=None): |
---|
257 | """Get a principal ID for applicants. |
---|
258 | |
---|
259 | We need unique principal ids for appliants. As access codes must |
---|
260 | be unique we simply return them. |
---|
261 | """ |
---|
262 | return access_code |
---|