Changeset 10509 for main/waeup.cas

Timestamp:

19 Aug 2013, 09:14:04 (11 years ago)

Author:

Henrik Bettermann

Message:

Add authenticator which authenticate against a running Kofa instance and transfer data to Moodle. No test available. sample4.ini serves as an example configuration file and isn't used by any test.

Location:

main/waeup.cas/trunk

Files:

• setup.py (modified) (1 diff)
• waeup/cas/authenticators.py (modified) (1 diff)
• waeup/cas/tests/sample4.ini (added)

main/waeup.cas/trunk/setup.py

@@ -69 +69 @@
     dummy = waeup.cas.authenticators:DummyAuthenticator
     kofa1 = waeup.cas.authenticators:KofaAuthenticator
+    kofa_moodle1 = waeup.cas.authenticators:KofaMoodleAuthenticator
     """,
 )

main/waeup.cas/trunk/waeup/cas/authenticators.py

@@ -170 +170 @@
                 return (True, '')
         return (False, 'Invalid username or password.')
+
+class KofaMoodleAuthenticator(KofaAuthenticator):
+    """Authenticate against a running Kofa instance and transfer
+    data to Moodle.
+
+    Configuration of Moodle:
+    1. Set 'passwordpolicy' to No
+    2. Create external web service 'Kofa' with the following functions:
+      core_user_create_users, core_user_get_users,
+      core_user_update_users, enrol_manual_enrol_users
+    3. Create token for the admin user (no special web service user needed)
+      and for service 'Kofa'
+    4. Enable and configure CAS server authentication.
+      CAS protocol version is 1.0. Moodle expects SSL/TLS protocol.
+    """
+
+    name = 'kofa_moodle1'
+
+    def check_credentials(self, username='', password=''):
+        """Do the real check.
+        """
+        for backend_name, backend in self.backends.items():
+            if not re.match(backend['marker'], username):
+                continue
+            # remove school marker
+            username = RE_SCHOOL_MARKER.sub('', username)
+            proxy = xmlrpclib.ServerProxy(
+                backend['url'], allow_none=True)
+            moodle = xmlrpclib.ServerProxy(
+                backend['moodle_url'], allow_none=True)
+            principal = proxy.check_applicant_credentials(username, password)
+            if principal is None:
+                principal = proxy.check_student_credentials(username, password)
+            if principal is not None:
+                if principal['type'] == 'student':
+                    student = proxy.get_moodle_data(username)
+                    try:
+                        # Usernames in Moodle must not contain uppercase
+                        # letters even if extendedusernamechars is set True.
+                        result = moodle.core_user_create_users([
+                            {'username':username.lower(),
+                             'password':'dummy',
+                             'firstname':student['firstname'],
+                             'lastname':student['lastname'],
+                             'email':student['email']}])
+                    except xmlrpclib.Fault:
+                        # user exists
+                        pass
+                    result = moodle.core_user_get_users([
+                        {'key':'username', 'value':username}])
+                    user_id = result['users'][0]['id']
+                    # Due to a lack of Moodle (Moodle requires an LDAP
+                    # connection) the authentication method can't
+                    # be set when the user is created. It must be updated
+                    # after creation.
+                    result = moodle.core_user_update_users([
+                        {'id':user_id,'auth':'cas'}])
+                return (True, '')
+        return (False, 'Invalid username or password.')