source: main/waeup.sirp/trunk/src/waeup/sirp/authentication.py @ 6156

Last change on this file since 6156 was 6156, checked in by uli, 13 years ago

Remove obsolete import.

File size: 5.2 KB
Line 
1"""Authentication for WAeUP portals.
2"""
3import grok
4from zope.component import getUtility, getUtilitiesFor
5try:
6    from zope.pluggableauth.plugins.session import SessionCredentialsPlugin
7except ImportError:
8    # BBB
9    from zope.app.authentication.session import SessionCredentialsPlugin
10try:
11    from zope.pluggableauth.interfaces import (
12        ICredentialsPlugin, IAuthenticatorPlugin, IPrincipalInfo)
13    from zope.password.interfaces import IPasswordManager
14except ImportError:
15    # BBB
16    from zope.app.authentication.interfaces import (
17        ICredentialsPlugin, IAuthenticatorPlugin, IPrincipalInfo,
18        IPasswordManager)
19from zope.securitypolicy.interfaces import IPrincipalRoleManager
20from zope.securitypolicy.principalrole import principalRoleManager
21from waeup.sirp.interfaces import IUserAccount, IAuthPluginUtility
22
23def setup_authentication(pau):
24    """Set up plugguble authentication utility.
25
26    Sets up an IAuthenticatorPlugin and
27    ICredentialsPlugin (for the authentication mechanism)
28
29    Then looks for any external utilities that want to modify the PAU.
30    """
31    pau.credentialsPlugins = ['No Challenge if Authenticated', 'credentials']
32    pau.authenticatorPlugins = ['users']
33
34    # Give any third-party code and subpackages a chance to modify the PAU
35    auth_plugin_utilities = getUtilitiesFor(IAuthPluginUtility)
36    for name, util in auth_plugin_utilities:
37        util.register(pau)
38
39class WAeUPSessionCredentialsPlugin(grok.GlobalUtility,
40                                    SessionCredentialsPlugin):
41    grok.provides(ICredentialsPlugin)
42    grok.name('credentials')
43
44    loginpagename = 'login'
45    loginfield = 'form.login'
46    passwordfield = 'form.password'
47
48class PrincipalInfo(object):
49    grok.implements(IPrincipalInfo)
50
51    def __init__(self, id, title, description):
52        self.id = id
53        self.title = title
54        self.description = description
55        self.credentialsPlugin = None
56        self.authenticatorPlugin = None
57
58class Account(grok.Model):
59    grok.implements(IUserAccount)
60
61    def __init__(self, name, password, title=None, description=None,
62                 roles = []):
63        self.name = name
64        if title is None:
65            title = name
66        if description is None:
67            description = title
68        self.title = title
69        self.description = description
70        self.setPassword(password)
71        self.setRoles(roles)
72
73    def setPassword(self, password):
74        passwordmanager = getUtility(IPasswordManager, 'SHA1')
75        self.password = passwordmanager.encodePassword(password)
76
77    def checkPassword(self, password):
78        passwordmanager = getUtility(IPasswordManager, 'SHA1')
79        return passwordmanager.checkPassword(self.password, password)
80
81    def getRoles(self):
82        prm = self._getPrincipalRoleManager()
83        roles = [x[0] for x in prm.getRolesForPrincipal(self.name)
84                 if x[0].startswith('waeup.')]
85        return roles
86
87    def setRoles(self, roles):
88        prm = self._getPrincipalRoleManager()
89
90        old_roles = self.getRoles()
91        for role in old_roles:
92            # Remove old roles, not to be set now...
93            if role.startswith('waeup.') and role not in roles:
94                prm.unsetRoleForPrincipal(role, self.name)
95
96        for role in roles:
97            prm.assignRoleToPrincipal(role, self.name)
98
99    roles = property(getRoles, setRoles)
100
101    def _getPrincipalRoleManager(self):
102        portal = grok.getSite()
103        if portal is not None:
104            return IPrincipalRoleManager(portal)
105        return principalRoleManager
106
107class UserAuthenticatorPlugin(grok.GlobalUtility):
108    grok.provides(IAuthenticatorPlugin)
109    grok.name('users')
110
111    def authenticateCredentials(self, credentials):
112        if not isinstance(credentials, dict):
113            return None
114        if not ('login' in credentials and 'password' in credentials):
115            return None
116        account = self.getAccount(credentials['login'])
117
118        if account is None:
119            return None
120        if not account.checkPassword(credentials['password']):
121            return None
122        return PrincipalInfo(id=account.name,
123                             title=account.title,
124                             description=account.description)
125
126    def principalInfo(self, id):
127        account = self.getAccount(id)
128        if account is None:
129            return None
130        return PrincipalInfo(id=account.name,
131                             title=account.title,
132                             description=account.description)
133
134    def getAccount(self, login):
135        # ... look up the account object and return it ...
136        usercontainer = self.getUserContainer()
137        if usercontainer is None:
138            return
139        return usercontainer.get(login, None)
140
141    def addAccount(self, account):
142        usercontainer = self.getUserContainer()
143        if usercontainer is None:
144            return
145        # XXX: complain if name already exists...
146        usercontainer.addAccount(account)
147
148    def addUser(self, name, password, title=None, description=None):
149        usercontainer = self.getUserContainer()
150        if usercontainer is None:
151            return
152        usercontainer.addUser(name, password, title, description)
153
154    def getUserContainer(self):
155        site = grok.getSite()
156        return site['users']
Note: See TracBrowser for help on using the repository browser.