| [4073] | 1 | """Authentication for WAeUP portals. |
|---|
| 2 | """ |
|---|
| 3 | import grok |
|---|
| 4 | from zope import schema |
|---|
| 5 | from zope.app.authentication.session import SessionCredentialsPlugin |
|---|
| 6 | from zope.app.authentication.interfaces import (ICredentialsPlugin, |
|---|
| 7 | IAuthenticatorPlugin, |
|---|
| 8 | IPrincipalInfo, |
|---|
| 9 | IPasswordManager) |
|---|
| 10 | from zope.app.security.interfaces import (IAuthentication, |
|---|
| 11 | IUnauthenticatedPrincipal, |
|---|
| 12 | ILogout) |
|---|
| 13 | from zope.component import getUtility |
|---|
| 14 | from zope.interface import Interface |
|---|
| 15 | from waeup.interfaces import IWAeUPObject |
|---|
| 16 | from waeup.viewlets import Index, MainArea, LeftSidebar |
|---|
| 17 | |
|---|
| 18 | def setup_authentication(pau): |
|---|
| 19 | """Set up plugguble authentication utility. |
|---|
| 20 | |
|---|
| 21 | Sets up an IAuthenticatorPlugin and |
|---|
| 22 | ICredentialsPlugin (for the authentication mechanism) |
|---|
| 23 | """ |
|---|
| 24 | pau.credentialsPlugins = ['credentials'] |
|---|
| 25 | pau.authenticatorPlugins = ['users'] |
|---|
| 26 | |
|---|
| 27 | class WAeUPSessionCredentialsPlugin(grok.GlobalUtility, |
|---|
| 28 | SessionCredentialsPlugin): |
|---|
| 29 | grok.provides(ICredentialsPlugin) |
|---|
| 30 | grok.name('credentials') |
|---|
| 31 | |
|---|
| 32 | loginpagename = 'login' |
|---|
| 33 | loginfield = 'form.login' |
|---|
| 34 | passwordfield = 'form.password' |
|---|
| 35 | |
|---|
| 36 | class Login(grok.View): |
|---|
| 37 | grok.context(IWAeUPObject) |
|---|
| 38 | grok.require('zope.Public') |
|---|
| 39 | |
|---|
| 40 | def update(self, SUBMIT=None): |
|---|
| 41 | self.camefrom = self.request.form.get('camefrom', '') |
|---|
| 42 | if SUBMIT is not None: |
|---|
| 43 | self.redirect(self.camefrom) |
|---|
| 44 | |
|---|
| 45 | class LoginMain(grok.Viewlet): |
|---|
| 46 | grok.viewletmanager(MainArea) |
|---|
| 47 | grok.context(IWAeUPObject) |
|---|
| 48 | grok.view(Login) |
|---|
| 49 | |
|---|
| 50 | class Logout(grok.Viewlet): |
|---|
| 51 | grok.viewletmanager(LeftSidebar) |
|---|
| 52 | grok.context(IWAeUPObject) |
|---|
| 53 | grok.order(3) |
|---|
| 54 | grok.require('zope.Public') |
|---|
| 55 | |
|---|
| 56 | def update(self): |
|---|
| 57 | if 'form.logout' not in self.request.form.keys(): |
|---|
| 58 | return |
|---|
| 59 | if not IUnauthenticatedPrincipal.providedBy(self.request.principal): |
|---|
| 60 | auth = getUtility(IAuthentication) |
|---|
| 61 | ILogout(auth).logout(self.request) |
|---|
| 62 | # We redirect to ourself, as we want this page be loaded |
|---|
| 63 | # without authentication (updating other viewlets on the |
|---|
| 64 | # page) |
|---|
| 65 | self.view.redirect(self.view.url()) |
|---|
| 66 | |
|---|
| 67 | class PrincipalInfo(object): |
|---|
| 68 | grok.implements(IPrincipalInfo) |
|---|
| 69 | |
|---|
| 70 | def __init__(self, id, title, description): |
|---|
| 71 | self.id = id |
|---|
| 72 | self.title = title |
|---|
| 73 | self.description = description |
|---|
| 74 | self.credentialsPlugin = None |
|---|
| 75 | self.authenticatorPlugin = None |
|---|
| 76 | |
|---|
| 77 | class Account(grok.Model): |
|---|
| 78 | def __init__(self, name, password): |
|---|
| 79 | self.name = name |
|---|
| 80 | self.setPassword(password) |
|---|
| 81 | |
|---|
| 82 | def setPassword(self, password): |
|---|
| 83 | passwordmanager = getUtility(IPasswordManager, 'SHA1') |
|---|
| 84 | self.password = passwordmanager.encodePassword(password) |
|---|
| 85 | |
|---|
| 86 | def checkPassword(self, password): |
|---|
| 87 | passwordmanager = getUtility(IPasswordManager, 'SHA1') |
|---|
| 88 | return passwordmanager.checkPassword(self.password, password) |
|---|
| 89 | |
|---|
| 90 | |
|---|
| 91 | class UserAuthenticatorPlugin(grok.GlobalUtility): |
|---|
| 92 | grok.provides(IAuthenticatorPlugin) |
|---|
| 93 | grok.name('users') |
|---|
| 94 | |
|---|
| 95 | def authenticateCredentials(self, credentials): |
|---|
| 96 | if not isinstance(credentials, dict): |
|---|
| 97 | return None |
|---|
| 98 | if not ('login' in credentials and 'password' in credentials): |
|---|
| 99 | return None |
|---|
| 100 | account = self.getAccount(credentials['login']) |
|---|
| 101 | |
|---|
| 102 | if account is None: |
|---|
| 103 | return None |
|---|
| 104 | if not account.checkPassword(credentials['password']): |
|---|
| 105 | return None |
|---|
| 106 | return PrincipalInfo(id=account.name, |
|---|
| 107 | title=account.name, |
|---|
| 108 | description=account.name) |
|---|
| 109 | |
|---|
| 110 | def principalInfo(self, id): |
|---|
| 111 | account = self.getAccount(id) |
|---|
| 112 | if account is None: |
|---|
| 113 | return None |
|---|
| 114 | return PrincipalInfo(id=account.name, |
|---|
| 115 | title=account.name, |
|---|
| 116 | description=account.name) |
|---|
| 117 | |
|---|
| 118 | def getAccount(self, login): |
|---|
| 119 | # XXX: while developing, we only support a single user. |
|---|
| 120 | if login == 'grok': |
|---|
| 121 | return Account('grok', 'grok') |
|---|
| 122 | return |
|---|
| 123 | #... look up the account object and return it ... |
|---|
