- Timestamp:
- 14 Oct 2012, 21:02:31 (12 years ago)
- Location:
- main/waeup.kofa/trunk/src/waeup/kofa
- Files:
-
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
main/waeup.kofa/trunk/src/waeup/kofa/browser/pages.py
r9326 r9334 23 23 import re 24 24 import sys 25 from datetime import datetime, timedelta 25 26 from urllib import urlencode 26 27 from zope import schema … … 230 231 return 231 232 # Display appropriate flash message if credentials are correct 232 # but student has been deactivated. 233 # but student has been deactivated or a temporary password 234 # has been set. 233 235 login = self.request.form['form.login'] 234 236 if len(login) == 8 and grok.getSite()['students'].has_key(login): … … 238 240 if student.password is not None and \ 239 241 passwordmanager.checkPassword(student.password, password): 242 # The student entered valid credentials. 243 # First we check if a temporary password has been set. 244 delta = timedelta(minutes=10) 245 now = datetime.utcnow() 246 temp_password_dict = getattr(student, 'temp_password', None) 247 if temp_password_dict is not None and \ 248 now < temp_password_dict.get('timestamp', now) + delta: 249 self.flash( 250 _('Your account has been temporarily deactivated.')) 251 return 252 # Now we know that the student is suspended. 240 253 self.flash(_('Your account has been deactivated.')) 241 254 return 242 255 self.flash(_('You entered invalid credentials.')) 256 return 243 257 244 258 … … 919 933 ${e} 920 934 921 """, mapping = {'a':normalized_filename,935 Comment by Import Manager:""", mapping = {'a':normalized_filename, 922 936 'b':importer, 923 937 'c':import_mode, -
main/waeup.kofa/trunk/src/waeup/kofa/students/authentication.py
r8983 r9334 101 101 102 102 def checkPassword(self, password): 103 """Check whether the given `password` matches the one stored. 103 """Check whether the given `password` matches the one stored by 104 students or the temporary password set by officers. 104 105 105 106 We additionally check if student account has been suspended. … … 107 108 if not isinstance(password, basestring): 108 109 return False 110 passwordmanager = getUtility(IPasswordManager, 'SSHA') 111 temp_password = self.context.getTempPassword() 112 if temp_password: 113 return passwordmanager.checkPassword(temp_password, password) 109 114 if not getattr(self.context, 'password', None): 110 115 # unset/empty passwords do never match … … 112 117 if self.context.suspended == True: 113 118 return False 114 passwordmanager = getUtility(IPasswordManager, 'SSHA') 115 return passwordmanager.checkPassword( 116 self.context.password, password) 119 return passwordmanager.checkPassword(self.context.password, password) 117 120 118 121 class StudentsAuthenticatorPlugin(grok.GlobalUtility): -
main/waeup.kofa/trunk/src/waeup/kofa/students/interfaces.py
r9320 r9334 150 150 state = Attribute('Returns the registration state of a student') 151 151 password = Attribute('Encrypted password of a student') 152 temp_password = Attribute( 153 'Dictionary with user name, timestamp and encrypted password') 152 154 certcode = Attribute('The certificate code of any chosen study course') 153 155 depcode = Attribute('The department code of any chosen study course') … … 224 226 ) 225 227 228 def setTempPassword(user, password): 229 """Set a temporary password (LDAP-compatible) SSHA encoded for 230 officers. 231 232 """ 233 234 def getTempPassword(): 235 """Check if a temporary password has been set and if it 236 is not expired. 237 238 Return the temporary password if valid, 239 None otherwise. Unset the temporary password if expired. 240 """ 241 226 242 def transfer(certificate, current_session, 227 243 current_level, current_verdict): -
main/waeup.kofa/trunk/src/waeup/kofa/students/student.py
r9183 r9334 23 23 import shutil 24 24 import grok 25 from datetime import datetime, timedelta 25 26 from hurry.workflow.interfaces import IWorkflowState, IWorkflowInfo 27 from zope.password.interfaces import IPasswordManager 26 28 from zope.component import getUtility, createObject 27 29 from zope.component.interfaces import IFactory … … 52 54 grok.provides(IStudent) 53 55 56 temp_password_minutes = 10 57 54 58 def __init__(self): 55 59 super(Student, self).__init__() … … 60 64 self.student_id = u'Z654321' 61 65 self.password = None 62 return 66 self.temp_password = None 67 return 68 69 def setTempPassword(self, user, password): 70 """Set a temporary password (LDAP-compatible) SSHA encoded for 71 officers. 72 73 """ 74 passwordmanager = getUtility(IPasswordManager, 'SSHA') 75 self.temp_password = {} 76 self.temp_password[ 77 'password'] = passwordmanager.encodePassword(password) 78 self.temp_password['user'] = user 79 self.temp_password['timestamp'] = datetime.utcnow() # offset-naive datetime 80 81 def getTempPassword(self): 82 """Check if a temporary password has been set and if it 83 is not expired. 84 85 Return the temporary password if valid, 86 None otherwise. Unset the temporary password if expired. 87 """ 88 temp_password_dict = getattr(self, 'temp_password', None) 89 if temp_password_dict is not None: 90 delta = timedelta(minutes=self.temp_password_minutes) 91 now = datetime.utcnow() 92 if now < temp_password_dict.get('timestamp') + delta: 93 return temp_password_dict.get('password') 94 else: 95 # Unset temporary password if expired 96 self.temp_password = None 97 return None 63 98 64 99 def writeLogMessage(self, view, message): -
main/waeup.kofa/trunk/src/waeup/kofa/students/tests/test_authentication.py
r8983 r9334 17 17 ## 18 18 import unittest 19 from datetime import datetime, timedelta 19 20 from zope.authentication.interfaces import IAuthentication 20 21 from zope.component import provideUtility, queryUtility, getGlobalSiteManager … … 66 67 phone = None 67 68 suspended = False 69 temp_password_minutes = 10 70 71 def setTempPassword(self, user, password): 72 passwordmanager = queryUtility(IPasswordManager, 'SSHA') 73 self.temp_password = {} 74 self.temp_password[ 75 'password'] = passwordmanager.encodePassword(password) 76 self.temp_password['user'] = user 77 self.temp_password['timestamp'] = datetime.utcnow() 78 79 def getTempPassword(self): 80 temp_password_dict = getattr(self, 'temp_password', None) 81 if temp_password_dict is not None: 82 delta = timedelta(minutes=self.temp_password_minutes) 83 now = datetime.utcnow() 84 if now < temp_password_dict.get('timestamp') + delta: 85 return temp_password_dict.get('password') 86 else: 87 # Unset temporary password if expired 88 self.temp_password = None 89 return None 68 90 69 91 … … 138 160 return 139 161 162 def test_check_temp_password(self): 163 # make sure that, if a temp password is set, 164 # this password is used for authentication 165 self.account.setPassword('secret') 166 self.fake_stud.setTempPassword(user='beate', password='temp_secret') 167 result1 = self.account.checkPassword('secret') 168 result2 = self.account.checkPassword(None) 169 result3 = self.account.checkPassword('nonsense') 170 result4 = self.account.checkPassword('temp_secret') 171 self.assertEqual(result1, False) 172 self.assertEqual(result2, False) 173 self.assertEqual(result3, False) 174 self.assertEqual(result4, True) 175 # if the temp password is expired, the original password 176 # is used again 177 delta = timedelta(minutes=11) 178 self.fake_stud.temp_password['timestamp'] = datetime.utcnow() - delta 179 result5 = self.account.checkPassword('temp_secret') 180 result6 = self.account.checkPassword('secret') 181 self.assertEqual(result5, False) 182 self.assertEqual(result6, True) 183 return 184 140 185 def test_check_unset_password(self): 141 186 # empty and unset passwords do not match anything -
main/waeup.kofa/trunk/src/waeup/kofa/students/tests/test_browser.py
r9332 r9334 1183 1183 return 1184 1184 1185 def test_student_ access(self):1185 def test_student_login(self): 1186 1186 # Student cant login if their password is not set 1187 1187 self.student.password = None … … 1195 1195 IUserAccount( 1196 1196 self.app['students'][self.student_id]).setPassword('spwd') 1197 IWorkflowInfo(self.student).fireTransition('admit')1198 1197 # Students can't login if their account is suspended/deactivated 1199 1198 self.student.suspended = True … … 1202 1201 self.browser.getControl(name="form.password").value = 'spwd' 1203 1202 self.browser.getControl("Login").click() 1204 self.assert True(1205 ' Your account has been deactivated.' inself.browser.contents)1203 self.assertMatches( 1204 '...Your account has been deactivated...', self.browser.contents) 1206 1205 self.student.suspended = False 1206 # Students can't login if a temporary password has been set and 1207 # is not expired 1208 self.app['students'][self.student_id].setTempPassword( 1209 'anybody', 'temp_spwd') 1210 self.browser.open(self.login_path) 1211 self.browser.getControl(name="form.login").value = self.student_id 1212 self.browser.getControl(name="form.password").value = 'spwd' 1207 1213 self.browser.getControl("Login").click() 1208 self.assertTrue( 1209 'You logged in.' in self.browser.contents) 1214 self.assertMatches( 1215 '...Your account has been temporarily deactivated...', 1216 self.browser.contents) 1217 # The student can login with the temporary password 1218 self.browser.open(self.login_path) 1219 self.browser.getControl(name="form.login").value = self.student_id 1220 self.browser.getControl(name="form.password").value = 'temp_spwd' 1221 self.browser.getControl("Login").click() 1222 self.assertMatches( 1223 '...You logged in...', self.browser.contents) 1224 # Student can view the base data 1225 self.browser.open(self.student_path) 1226 self.assertEqual(self.browser.headers['Status'], '200 Ok') 1227 self.assertEqual(self.browser.url, self.student_path) 1228 # When the password expires ... 1229 delta = timedelta(minutes=11) 1230 self.app['students'][self.student_id].temp_password[ 1231 'timestamp'] = datetime.utcnow() - delta 1232 self.app['students'][self.student_id]._p_changed = True 1233 # ... the student will be automatically logged out 1234 self.assertRaises( 1235 Unauthorized, self.browser.open, self.student_path) 1236 # Then the student can login with the original password 1237 self.browser.open(self.login_path) 1238 self.browser.getControl(name="form.login").value = self.student_id 1239 self.browser.getControl(name="form.password").value = 'spwd' 1240 self.browser.getControl("Login").click() 1241 self.assertMatches( 1242 '...You logged in...', self.browser.contents) 1243 1244 def test_student_access(self): 1245 # Student cant login if their password is not set 1246 IWorkflowInfo(self.student).fireTransition('admit') 1247 self.browser.open(self.login_path) 1248 self.browser.getControl(name="form.login").value = self.student_id 1249 self.browser.getControl(name="form.password").value = 'spwd' 1250 self.browser.getControl("Login").click() 1251 self.assertMatches( 1252 '...You logged in...', self.browser.contents) 1210 1253 # Admitted student can upload a passport picture 1211 1254 self.browser.open(self.student_path + '/change_portrait')
Note: See TracChangeset for help on using the changeset viewer.