Changeset 5909

Timestamp:

1 Apr 2011, 14:21:41 (13 years ago)

Author:

uli

Message:

Extend docs and respect possibly set disabled attribute of
accesscodes.

File:

• main/waeup.sirp/trunk/src/waeup/sirp/applicants/authentication.py (modified) (3 diffs)

main/waeup.sirp/trunk/src/waeup/sirp/applicants/authentication.py

@@ -187 +187 @@
 class ApplicantsAuthenticatorPlugin(grok.GlobalUtility):
     """Authenticate applicants.
-
-    XXX: This plugin currently accepts any input and authenticates the
-    user as applicant.
     """
     grok.provides(IAuthenticatorPlugin)
@@ -195 +192 @@
 
     def authenticateCredentials(self, credentials):
+        """Validate the given `credentials`
+
+        Credentials for applicants have to be passed as a regular
+        dictionary with a key ``accesscode``. This access code is the
+        password and username of an applicant.
+
+        Returns a :class:`ApplicantPrincipalInfo` in case of
+        successful validation, ``None`` else.
+
+        Credentials are not valid if:
+
+        - The passed accesscode does not exist (i.e. was not generated
+          by the :mod:`waeup.sirp.accesscode` module).
+
+        or
+
+        - the accesscode was disabled
+
+        or
+        
+        - the accesscode was already used and a dataset for this
+          applicant was already generated with a different accesscode
+          (currently impossible, as applicant datasets are indexed by
+          accesscode)
+
+        or
+
+        - a dataset for the applicant already exists with an
+          accesscode set and this accesscode does not match the given
+          one.
+          
+        """
         if not isinstance(credentials, dict):
             return None
@@ -204 +233 @@
         appl_ac = getattr(applicant_data, 'access_code', None)
         if ac is None:
+            return None
+        if ac.disabled is not False:
             return None
         if ac.invalidation_date is not None and appl_ac != ac.representation: