Changeset 14669 for main/waeup.kofa/trunk/src/waeup/kofa/authentication.py
- Timestamp:
- 6 Apr 2017, 10:37:01 (8 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
main/waeup.kofa/trunk/src/waeup/kofa/authentication.py
r14667 r14669 30 30 from zope.pluggableauth.plugins.session import SessionCredentialsPlugin 31 31 from zope.pluggableauth.plugins.httpplugins import ( 32 32 HTTPBasicAuthCredentialsPlugin) 33 33 from zope.pluggableauth.interfaces import ( 34 ICredentialsPlugin, IAuthenticatorPlugin,35 IAuthenticatedPrincipalFactory,AuthenticatedPrincipalCreated)34 ICredentialsPlugin, IAuthenticatorPlugin, IAuthenticatedPrincipalFactory, 35 AuthenticatedPrincipalCreated) 36 36 from zope.publisher.interfaces import IRequest 37 37 from zope.password.interfaces import IPasswordManager 38 38 from zope.securitypolicy.principalrole import principalRoleManager 39 from waeup.kofa.interfaces import ( ILocalRoleSetEvent,40 I UserAccount, IAuthPluginUtility, IPasswordValidator,41 IKofaPrincipal, IKofaPrincipalInfo, IKofaPluggable, 42 I BatchProcessor, IGNORE_MARKER, IFailedLoginInfo)39 from waeup.kofa.interfaces import ( 40 ILocalRoleSetEvent, IUserAccount, IAuthPluginUtility, IPasswordValidator, 41 IKofaPrincipal, IKofaPrincipalInfo, IKofaPluggable, IBatchProcessor, 42 IGNORE_MARKER, IFailedLoginInfo) 43 43 from waeup.kofa.utils.batching import BatchProcessor 44 44 from waeup.kofa.permissions import get_all_roles 45 45 46 46 47 def setup_authentication(pau): 47 48 """Set up plugguble authentication utility. … … 53 54 """ 54 55 pau.credentialsPlugins = ( 55 56 57 56 'No Challenge if Authenticated', 57 'xmlrpc-credentials', 58 'credentials') 58 59 pau.authenticatorPlugins = ('users',) 59 60 … … 63 64 util.register(pau) 64 65 66 65 67 def get_principal_role_manager(): 66 68 """Get a role manager for principals. … … 74 76 return principalRoleManager 75 77 76 class KofaSessionCredentialsPlugin(grok.GlobalUtility, 77 SessionCredentialsPlugin): 78 79 class KofaSessionCredentialsPlugin( 80 grok.GlobalUtility, SessionCredentialsPlugin): 78 81 """Session plugin that picks usernames/passwords from fields in webforms. 79 82 """ … … 143 146 getattr(self, name) == getattr(obj, name, default)) 144 147 return False not in result 148 145 149 146 150 class KofaPrincipal(Principal): … … 168 172 def __repr__(self): 169 173 return 'KofaPrincipal(%r)' % self.id 174 170 175 171 176 class AuthenticatedKofaPrincipalFactory(grok.MultiAdapter): … … 200 205 return principal 201 206 207 202 208 class FailedLoginInfo(grok.Model): 203 209 grok.implements(IFailedLoginInfo) … … 224 230 pass 225 231 232 226 233 class Account(grok.Model): 227 234 """Kofa user accounts store infos about a user. … … 237 244 238 245 def __init__(self, name, password, title=None, description=None, 239 email=None, phone=None, public_name=None, roles =[]):246 email=None, phone=None, public_name=None, roles=[]): 240 247 self.name = name 241 248 if title is None: … … 270 277 # unset/empty passwords do never match 271 278 return False 272 if self.suspended == True:279 if self.suspended: 273 280 return False 274 281 passwordmanager = getUtility(IPasswordManager, 'SSHA') … … 312 319 self._p_changed = True 313 320 return 321 314 322 315 323 class UserAuthenticatorPlugin(grok.GlobalUtility): … … 387 395 return site['users'] 388 396 397 389 398 class PasswordValidator(grok.GlobalUtility): 390 399 391 grok.implements(IPasswordValidator) 392 393 def validate_password(self, pw, pw_repeat): 394 errors = [] 395 if len(pw) < 3: 396 errors.append('Password must have at least 3 chars.') 397 if pw != pw_repeat: 398 errors.append('Passwords do not match.') 399 return errors 400 grok.implements(IPasswordValidator) 401 402 def validate_password(self, pw, pw_repeat): 403 errors = [] 404 if len(pw) < 3: 405 errors.append('Password must have at least 3 chars.') 406 if pw != pw_repeat: 407 errors.append('Passwords do not match.') 408 return errors 409 400 410 401 411 class LocalRoleSetEvent(object): … … 408 418 self.principal_id = principal_id 409 419 self.granted = granted 420 410 421 411 422 @grok.subscribe(IUserAccount, grok.IObjectRemovedEvent) … … 430 441 role_manager.unsetRoleForPrincipal(role_id, principal) 431 442 return 443 432 444 433 445 @grok.subscribe(IUserAccount, grok.IObjectAddedEvent) … … 451 463 return 452 464 465 453 466 @grok.subscribe(Interface, ILocalRoleSetEvent) 454 467 def handle_local_role_changed(obj, event): … … 464 477 user.notifyLocalRoleChanged(event.object, event.role_id, event.granted) 465 478 return 479 466 480 467 481 @grok.subscribe(Interface, grok.IObjectRemovedEvent) … … 474 488 for local_role, user_name, setting in role_map.getPrincipalsAndRoles(): 475 489 notify(LocalRoleSetEvent( 476 490 obj, local_role, user_name, granted=False)) 477 491 return 492 478 493 479 494 class UserAccountFactory(grok.GlobalUtility): … … 493 508 return implementedBy(Account) 494 509 510 495 511 class UserProcessor(BatchProcessor): 496 """The User Processor processes user accounts, i.e. `Account` objects in the497 ``users`` container.512 """The User Processor processes user accounts, i.e. `Account` objects in 513 the ``users`` container. 498 514 499 515 The `roles` columns must contain Python list … … 512 528 iface = IUserAccount 513 529 514 location_fields = ['name', ]530 location_fields = ['name', ] 515 531 factory_name = 'waeup.UserAccount' 516 532 … … 541 557 if user is not None: 542 558 parent = self.getParent(row, site) 543 grok.getSite().logger.info( '%s - %s - User removed'544 % (self.name, row['name']))559 grok.getSite().logger.info( 560 '%s - %s - User removed' % (self.name, row['name'])) 545 561 del parent[user.name] 546 562 pass … … 551 567 changed = [] 552 568 for key, value in row.items(): 553 if 569 if key == 'roles': 554 570 # We cannot simply set the roles attribute here because 555 571 # we can't assure that the name attribute is set before … … 571 587 # Log actions... 572 588 items_changed = ', '.join(changed) 573 grok.getSite().logger.info('%s - %s - %s - updated: %s' 574 % (self.name, filename, row['name'], items_changed)) 589 grok.getSite().logger.info( 590 '%s - %s - %s - updated: %s' % ( 591 self.name, filename, row['name'], items_changed)) 575 592 return 576 593 … … 587 604 for role in evalvalue: 588 605 if role not in all_roles: 589 errs.append(('roles', 'invalid role'))606 errs.append(('roles', 'invalid role')) 590 607 return errs, inv_errs, conv_dict 608 591 609 592 610 class UsersPlugin(grok.GlobalUtility): … … 607 625 # Add new attributes 608 626 for i in items: 609 if not hasattr(user, i[0]):610 setattr(user, i[0],i[1].missing_value)627 if not hasattr(user, i[0]): 628 setattr(user, i[0], i[1].missing_value) 611 629 logger.info( 612 630 'UsersPlugin: %s attribute %s added.' % ( 613 user.name,i[0]))631 user.name, i[0])) 614 632 if not hasattr(user, 'failed_logins'): 615 633 # add attribute `failed_logins`... … … 620 638 for i in self.deprecated_attributes: 621 639 try: 622 delattr(user, i)640 delattr(user, i) 623 641 logger.info( 624 642 'UsersPlugin: %s attribute %s deleted.' % ( 625 user.name,i))643 user.name, i)) 626 644 except AttributeError: 627 645 pass
Note: See TracChangeset for help on using the changeset viewer.