annotate MoinMoin/auth/__init__.py @ 948:28ea5b3802b1

whitespace-only cleanup
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Mon, 17 Jul 2006 03:43:33 +0200
parents ab9cd47eb066
children b180f047d918
rev   line source
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
1 # -*- coding: iso-8859-1 -*-
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
2 """
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
3 MoinMoin - modular authentication code
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
4
265
2cbc7dc436d7 auth changes: added u.auth_method, u.auth_attribs and some debug code. Support for switching off some form fields.
Thomas Waldmann <tw@waldmann-edv.de>
parents: 238
diff changeset
5 Here are some methods moin can use in cfg.auth authentication method list.
268
130bd0403e21 auth methods now return tuple (user_obj, continue_flag)
Thomas Waldmann <tw@waldmann-edv.de>
parents: 265
diff changeset
6 The methods from that list get called (from request.py) in that sequence.
295
91d47ebee530 make posted UserPreferences form values easily available for auth methods
Thomas Waldmann <tw@waldmann-edv.de>
parents: 268
diff changeset
7 They get request as first argument and also some more kw arguments:
91d47ebee530 make posted UserPreferences form values easily available for auth methods
Thomas Waldmann <tw@waldmann-edv.de>
parents: 268
diff changeset
8 name: the value we did get from a POST of the UserPreferences page
91d47ebee530 make posted UserPreferences form values easily available for auth methods
Thomas Waldmann <tw@waldmann-edv.de>
parents: 268
diff changeset
9 in the "name" form field (or None)
91d47ebee530 make posted UserPreferences form values easily available for auth methods
Thomas Waldmann <tw@waldmann-edv.de>
parents: 268
diff changeset
10 password: the value of the password form field (or None)
91d47ebee530 make posted UserPreferences form values easily available for auth methods
Thomas Waldmann <tw@waldmann-edv.de>
parents: 268
diff changeset
11 login: True if user has clicked on Login button
91d47ebee530 make posted UserPreferences form values easily available for auth methods
Thomas Waldmann <tw@waldmann-edv.de>
parents: 268
diff changeset
12 logout: True if user has clicked on Logout button
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
13 user_obj: the user_obj we have until now (user_obj returned from
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
14 previous auth method or None for first auth method)
295
91d47ebee530 make posted UserPreferences form values easily available for auth methods
Thomas Waldmann <tw@waldmann-edv.de>
parents: 268
diff changeset
15 (we maybe add some more here)
91d47ebee530 make posted UserPreferences form values easily available for auth methods
Thomas Waldmann <tw@waldmann-edv.de>
parents: 268
diff changeset
16
91d47ebee530 make posted UserPreferences form values easily available for auth methods
Thomas Waldmann <tw@waldmann-edv.de>
parents: 268
diff changeset
17 Use code like this to get them:
91d47ebee530 make posted UserPreferences form values easily available for auth methods
Thomas Waldmann <tw@waldmann-edv.de>
parents: 268
diff changeset
18 name = kw.get('name') or ''
91d47ebee530 make posted UserPreferences form values easily available for auth methods
Thomas Waldmann <tw@waldmann-edv.de>
parents: 268
diff changeset
19 password = kw.get('password') or ''
91d47ebee530 make posted UserPreferences form values easily available for auth methods
Thomas Waldmann <tw@waldmann-edv.de>
parents: 268
diff changeset
20 login = kw.get('login')
91d47ebee530 make posted UserPreferences form values easily available for auth methods
Thomas Waldmann <tw@waldmann-edv.de>
parents: 268
diff changeset
21 logout = kw.get('logout')
91d47ebee530 make posted UserPreferences form values easily available for auth methods
Thomas Waldmann <tw@waldmann-edv.de>
parents: 268
diff changeset
22 request.log("got name=%s len(password)=%d login=%r logout=%r" % (name, len(password), login, logout))
91d47ebee530 make posted UserPreferences form values easily available for auth methods
Thomas Waldmann <tw@waldmann-edv.de>
parents: 268
diff changeset
23
91d47ebee530 make posted UserPreferences form values easily available for auth methods
Thomas Waldmann <tw@waldmann-edv.de>
parents: 268
diff changeset
24 The called auth method then must return a tuple (user_obj, continue_flag).
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
25 user_obj can be one of:
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
26 * a (newly created) User object
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
27 * None if we want to inhibit log in from previous auth methods
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
28 * what we got as kw argument user_obj (meaning: no change).
268
130bd0403e21 auth methods now return tuple (user_obj, continue_flag)
Thomas Waldmann <tw@waldmann-edv.de>
parents: 265
diff changeset
29 continue_flag is a boolean indication whether the auth loop shall continue
130bd0403e21 auth methods now return tuple (user_obj, continue_flag)
Thomas Waldmann <tw@waldmann-edv.de>
parents: 265
diff changeset
30 trying other auth methods (or not).
130bd0403e21 auth methods now return tuple (user_obj, continue_flag)
Thomas Waldmann <tw@waldmann-edv.de>
parents: 265
diff changeset
31
265
2cbc7dc436d7 auth changes: added u.auth_method, u.auth_attribs and some debug code. Support for switching off some form fields.
Thomas Waldmann <tw@waldmann-edv.de>
parents: 238
diff changeset
32 The methods give a kw arg "auth_attribs" to User.__init__ that tells
2cbc7dc436d7 auth changes: added u.auth_method, u.auth_attribs and some debug code. Support for switching off some form fields.
Thomas Waldmann <tw@waldmann-edv.de>
parents: 238
diff changeset
33 which user attribute names are DETERMINED and set by this auth method and
2cbc7dc436d7 auth changes: added u.auth_method, u.auth_attribs and some debug code. Support for switching off some form fields.
Thomas Waldmann <tw@waldmann-edv.de>
parents: 238
diff changeset
34 must not get changed by the user using the UserPreferences form.
2cbc7dc436d7 auth changes: added u.auth_method, u.auth_attribs and some debug code. Support for switching off some form fields.
Thomas Waldmann <tw@waldmann-edv.de>
parents: 238
diff changeset
35 It also gives a kw arg "auth_method" that tells the name of the auth
2cbc7dc436d7 auth changes: added u.auth_method, u.auth_attribs and some debug code. Support for switching off some form fields.
Thomas Waldmann <tw@waldmann-edv.de>
parents: 238
diff changeset
36 method that authentified the user.
769
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
37
770
1c76112a5ff6 removed some unneeded configurability, default value for cfg.cookie_secret
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 769
diff changeset
38 TODO: check against other cookie work (see wiki)
769
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
39 reduce amount of XXX
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
40
774
ca827a12c524 replaced moin_cookie by moin_login, MOIN_ID by MOIN_SESSION cookie
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 770
diff changeset
41 @copyright: 2005-2006 Bastian Blank, Florian Festi, MoinMoin:ThomasWaldmann,
775
0e3327b36bc5 move cookie hash code to own function, add random string generator, src cosmetics
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 774
diff changeset
42 MoinMoin:AlexanderSchremmer, Nick Phillips,
0e3327b36bc5 move cookie hash code to own function, add random string generator, src cosmetics
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 774
diff changeset
43 MoinMoin:FrankieChow, MoinMoin:NirSoffer
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
44 @license: GNU GPL, see COPYING for details.
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
45 """
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
46
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
47 import time, Cookie
129
f0e84aeb51dc sslclientcert auth method, untested
Thomas Waldmann <tw@waldmann-edv.de>
parents: 17
diff changeset
48 from MoinMoin import user
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
49
770
1c76112a5ff6 removed some unneeded configurability, default value for cfg.cookie_secret
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 769
diff changeset
50 # cookie names
1c76112a5ff6 removed some unneeded configurability, default value for cfg.cookie_secret
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 769
diff changeset
51 MOIN_SESSION = 'MOIN_SESSION'
1c76112a5ff6 removed some unneeded configurability, default value for cfg.cookie_secret
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 769
diff changeset
52
775
0e3327b36bc5 move cookie hash code to own function, add random string generator, src cosmetics
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 774
diff changeset
53 import hmac, random
0e3327b36bc5 move cookie hash code to own function, add random string generator, src cosmetics
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 774
diff changeset
54
0e3327b36bc5 move cookie hash code to own function, add random string generator, src cosmetics
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 774
diff changeset
55 def generate_security_string(length):
0e3327b36bc5 move cookie hash code to own function, add random string generator, src cosmetics
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 774
diff changeset
56 """ generate a random length (length/2 .. length) string with random content """
0e3327b36bc5 move cookie hash code to own function, add random string generator, src cosmetics
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 774
diff changeset
57 random_length = random.randint(length/2, length)
0e3327b36bc5 move cookie hash code to own function, add random string generator, src cosmetics
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 774
diff changeset
58 safe = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-'
0e3327b36bc5 move cookie hash code to own function, add random string generator, src cosmetics
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 774
diff changeset
59 return ''.join([random.choice(safe) for i in range(random_length)])
0e3327b36bc5 move cookie hash code to own function, add random string generator, src cosmetics
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 774
diff changeset
60
0e3327b36bc5 move cookie hash code to own function, add random string generator, src cosmetics
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 774
diff changeset
61 def make_security_hash(request, data, securitystring=''):
776
ab9cd47eb066 teared auth code into single files, basic built-in moin_login method and also session handling code is still in auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 775
diff changeset
62 """ generate a hash string based on site configuration's cfg.cookie_secret,
775
0e3327b36bc5 move cookie hash code to own function, add random string generator, src cosmetics
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 774
diff changeset
63 securitystring and the data.
0e3327b36bc5 move cookie hash code to own function, add random string generator, src cosmetics
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 774
diff changeset
64 """
776
ab9cd47eb066 teared auth code into single files, basic built-in moin_login method and also session handling code is still in auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 775
diff changeset
65 return hmac.new(request.cfg.cookie_secret + securitystring, data).hexdigest()
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
66
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
67 def makeCookie(request, cookie_name, cookie_string, maxage, expires):
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
68 """ create an appropriate cookie """
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
69 c = Cookie.SimpleCookie()
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
70 cfg = request.cfg
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
71 c[cookie_name] = cookie_string
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
72 c[cookie_name]['max-age'] = maxage
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
73 if cfg.cookie_domain:
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
74 c[cookie_name]['domain'] = cfg.cookie_domain
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
75 if cfg.cookie_path:
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
76 c[cookie_name]['path'] = cfg.cookie_path
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
77 else:
482
3c08c0657dad fix cookie path for root url wikis
Thomas Waldmann <tw@waldmann-edv.de>
parents: 460
diff changeset
78 path = request.getScriptname()
3c08c0657dad fix cookie path for root url wikis
Thomas Waldmann <tw@waldmann-edv.de>
parents: 460
diff changeset
79 if not path:
3c08c0657dad fix cookie path for root url wikis
Thomas Waldmann <tw@waldmann-edv.de>
parents: 460
diff changeset
80 path = '/'
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
81 c[cookie_name]['path'] = path
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
82 # Set expires for older clients
948
28ea5b3802b1 whitespace-only cleanup
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 776
diff changeset
83 c[cookie_name]['expires'] = request.httpDate(when=expires, rfc='850')
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
84 return c.output()
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
85
774
ca827a12c524 replaced moin_cookie by moin_login, MOIN_ID by MOIN_SESSION cookie
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 770
diff changeset
86 def setCookie(request, u, cookie_name, cookie_string):
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
87 """ Set cookie for the user obj u
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
88
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
89 cfg.cookie_lifetime and the user 'remember_me' setting set the
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
90 lifetime of the cookie. lifetime in int hours, see table:
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
91
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
92 value cookie lifetime
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
93 ----------------------------------------------------------------
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
94 = 0 forever, ignoring user 'remember_me' setting
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
95 > 0 n hours, or forever if user checked 'remember_me'
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
96 < 0 -n hours, ignoring user 'remember_me' setting
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
97 """
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
98 # Calculate cookie maxage and expires
948
28ea5b3802b1 whitespace-only cleanup
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 776
diff changeset
99 lifetime = int(request.cfg.cookie_lifetime) * 3600
769
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
100 forever = 10 * 365 * 24 * 3600 # 10 years
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
101 now = time.time()
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
102 if not lifetime:
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
103 maxage = forever
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
104 elif lifetime > 0:
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
105 if u.remember_me:
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
106 maxage = forever
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
107 else:
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
108 maxage = lifetime
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
109 elif lifetime < 0:
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
110 maxage = (-lifetime)
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
111 expires = now + maxage
948
28ea5b3802b1 whitespace-only cleanup
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 776
diff changeset
112
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
113 cookie = makeCookie(request, cookie_name, cookie_string, maxage, expires)
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
114 # Set cookie
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
115 request.setHttpHeader(cookie)
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
116 # IMPORTANT: Prevent caching of current page and cookie
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
117 request.disableHttpCaching()
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
118
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
119 def setSessionCookie(request, u):
774
ca827a12c524 replaced moin_cookie by moin_login, MOIN_ID by MOIN_SESSION cookie
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 770
diff changeset
120 """ Set moin_session cookie for user obj u """
775
0e3327b36bc5 move cookie hash code to own function, add random string generator, src cosmetics
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 774
diff changeset
121 import base64
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
122 cfg = request.cfg
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
123 enc_username = base64.encodestring(u.auth_username)
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
124 enc_id = base64.encodestring(u.id)
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
125 # XXX - should include expiry!
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
126 cookie_body = "username=%s:id=%s" % (enc_username, enc_id)
775
0e3327b36bc5 move cookie hash code to own function, add random string generator, src cosmetics
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 774
diff changeset
127 cookie_hash = make_security_hash(request, cookie_body)
0e3327b36bc5 move cookie hash code to own function, add random string generator, src cosmetics
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 774
diff changeset
128 cookie_string = ':'.join([cookie_hash, cookie_body])
774
ca827a12c524 replaced moin_cookie by moin_login, MOIN_ID by MOIN_SESSION cookie
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 770
diff changeset
129 setCookie(request, u, MOIN_SESSION, cookie_string)
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
130
774
ca827a12c524 replaced moin_cookie by moin_login, MOIN_ID by MOIN_SESSION cookie
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 770
diff changeset
131 def deleteCookie(request, cookie_name):
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
132 """ Delete the user cookie by sending expired cookie with null value
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
133
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
134 According to http://www.cse.ohio-state.edu/cgi-bin/rfc/rfc2109.html#sec-4.2.2
769
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
135 Deleted cookie should have Max-Age=0. We also have expires attribute,
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
136 which is probably needed for older browsers.
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
137
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
138 Finally, delete the saved cookie and create a new user based on the new settings.
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
139 """
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
140 cookie_string = ''
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
141 maxage = 0
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
142 # Set expires to one year ago for older clients
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
143 expires = time.time() - (3600 * 24 * 365) # 1 year ago
948
28ea5b3802b1 whitespace-only cleanup
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 776
diff changeset
144 cookie = makeCookie(request, cookie_name, cookie_string, maxage, expires)
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
145 # Set cookie
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
146 request.setHttpHeader(cookie)
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
147 # IMPORTANT: Prevent caching of current page and cookie
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
148 request.disableHttpCaching()
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
149
774
ca827a12c524 replaced moin_cookie by moin_login, MOIN_ID by MOIN_SESSION cookie
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 770
diff changeset
150 def moin_login(request, **kw):
ca827a12c524 replaced moin_cookie by moin_login, MOIN_ID by MOIN_SESSION cookie
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 770
diff changeset
151 """ handle login from moin login form, session has to be established later by moin_session """
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
152 username = kw.get('name')
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
153 password = kw.get('password')
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
154 login = kw.get('login')
774
ca827a12c524 replaced moin_cookie by moin_login, MOIN_ID by MOIN_SESSION cookie
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 770
diff changeset
155 #logout = kw.get('logout')
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
156 user_obj = kw.get('user_obj')
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
157
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
158 cfg = request.cfg
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
159 verbose = False
774
ca827a12c524 replaced moin_cookie by moin_login, MOIN_ID by MOIN_SESSION cookie
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 770
diff changeset
160 if hasattr(cfg, 'moin_login_verbose'):
ca827a12c524 replaced moin_cookie by moin_login, MOIN_ID by MOIN_SESSION cookie
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 770
diff changeset
161 verbose = cfg.moin_login_verbose
948
28ea5b3802b1 whitespace-only cleanup
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 776
diff changeset
162
774
ca827a12c524 replaced moin_cookie by moin_login, MOIN_ID by MOIN_SESSION cookie
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 770
diff changeset
163 #request.log("auth.moin_login: name=%s login=%r logout=%r user_obj=%r" % (username, login, logout, user_obj))
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
164
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
165 if login:
774
ca827a12c524 replaced moin_cookie by moin_login, MOIN_ID by MOIN_SESSION cookie
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 770
diff changeset
166 if verbose: request.log("moin_login performing login action")
ca827a12c524 replaced moin_cookie by moin_login, MOIN_ID by MOIN_SESSION cookie
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 770
diff changeset
167 u = user.User(request, name=username, password=password, auth_method='moin_login')
298
6c74345f4d55 cleaned up and moved moin's cookie stuff to auth.moin_cookie
Thomas Waldmann <tw@waldmann-edv.de>
parents: 295
diff changeset
168 if u.valid:
774
ca827a12c524 replaced moin_cookie by moin_login, MOIN_ID by MOIN_SESSION cookie
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 770
diff changeset
169 if verbose: request.log("moin_login got valid user...")
ca827a12c524 replaced moin_cookie by moin_login, MOIN_ID by MOIN_SESSION cookie
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 770
diff changeset
170 user_obj = u
ca827a12c524 replaced moin_cookie by moin_login, MOIN_ID by MOIN_SESSION cookie
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 770
diff changeset
171 else:
ca827a12c524 replaced moin_cookie by moin_login, MOIN_ID by MOIN_SESSION cookie
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 770
diff changeset
172 if verbose: request.log("moin_login not valid, previous valid=%d." % user_obj.valid)
298
6c74345f4d55 cleaned up and moved moin's cookie stuff to auth.moin_cookie
Thomas Waldmann <tw@waldmann-edv.de>
parents: 295
diff changeset
173
456
12b6367214e3 feed current user_obj to auth methods, continue auth list in most cases, moved cookie code to auth module
Thomas Waldmann <tw@waldmann-edv.de>
parents: 450
diff changeset
174 return user_obj, True
0
77665d8e2254 tag of nonpublic@localhost--archive/moin--enterprise--1.5--base-0
Thomas Waldmann <tw-public@gmx.de>
parents:
diff changeset
175
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
176 def moin_session(request, **kw):
769
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
177 """ Authenticate via cookie.
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
178
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
179 We don't handle initial logins (except to set the appropriate cookie), just
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
180 ongoing sessions, and logout. Use another method for initial login.
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
181 """
775
0e3327b36bc5 move cookie hash code to own function, add random string generator, src cosmetics
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 774
diff changeset
182 import base64
948
28ea5b3802b1 whitespace-only cleanup
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 776
diff changeset
183
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
184 username = kw.get('name')
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
185 login = kw.get('login')
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
186 logout = kw.get('logout')
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
187 user_obj = kw.get('user_obj')
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
188
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
189 cfg = request.cfg
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
190 verbose = False
769
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
191 if hasattr(cfg, 'moin_session_verbose'):
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
192 verbose = cfg.moin_session_verbose
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
193
770
1c76112a5ff6 removed some unneeded configurability, default value for cfg.cookie_secret
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 769
diff changeset
194 cookie_name = MOIN_SESSION
948
28ea5b3802b1 whitespace-only cleanup
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 776
diff changeset
195
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
196 if verbose: request.log("auth.moin_session: name=%s login=%r logout=%r user_obj=%r" % (username, login, logout, user_obj))
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
197
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
198 if login:
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
199 if verbose: request.log("moin_session performing login action")
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
200
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
201 # Has any other method successfully authenticated?
769
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
202 if user_obj is not None and user_obj.valid:
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
203 # Yes - set up session cookie
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
204 if verbose: request.log("moin_session got valid user from previous auth method, setting cookie...")
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
205 if verbose: request.log("moin_session got auth_username %s." % user_obj.auth_username)
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
206 setSessionCookie(request, user_obj)
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
207 return user_obj, True # we make continuing possible, e.g. for smbmount
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
208 else:
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
209 # No other method succeeded, so allow continuation...
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
210 # XXX Cookie clear here???
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
211 if verbose: request.log("moin_session did not get valid user from previous auth method, doing nothing")
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
212 return user_obj, True
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
213
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
214 try:
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
215 if verbose: request.log("trying to get cookie...")
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
216 cookie = Cookie.SimpleCookie(request.saved_cookie)
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
217 except Cookie.CookieError:
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
218 # ignore invalid cookies, else user can't relogin
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
219 if verbose: request.log("caught Cookie.CookieError")
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
220 cookie = None
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
221
769
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
222 if not (cookie is not None and cookie.has_key(cookie_name)):
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
223 # No valid cookie
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
224 if verbose: request.log("either no cookie or no %s key" % cookie_name)
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
225 return user_obj, True
948
28ea5b3802b1 whitespace-only cleanup
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 776
diff changeset
226
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
227 try:
775
0e3327b36bc5 move cookie hash code to own function, add random string generator, src cosmetics
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 774
diff changeset
228 cookie_hash, cookie_body = cookie[cookie_name].value.split(':', 1)
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
229 except ValueError:
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
230 # Invalid cookie
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
231 if verbose: request.log("invalid cookie format: (%s)" % cookie[cookie_name].value)
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
232 return user_obj, True
948
28ea5b3802b1 whitespace-only cleanup
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 776
diff changeset
233
775
0e3327b36bc5 move cookie hash code to own function, add random string generator, src cosmetics
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 774
diff changeset
234 if cookie_hash != make_security_hash(request, cookie_body):
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
235 # Invalid cookie
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
236 # XXX Cookie clear here???
775
0e3327b36bc5 move cookie hash code to own function, add random string generator, src cosmetics
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 774
diff changeset
237 if verbose: request.log("cookie recovered had invalid hash")
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
238 return user_obj, True
769
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
239
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
240 # We can trust the cookie
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
241 if verbose: request.log("Cookie OK, authenticated.")
948
28ea5b3802b1 whitespace-only cleanup
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 776
diff changeset
242 params = {'username': '', 'id': '', }
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
243 cookie_pairs = cookie_body.split(":")
769
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
244 for key, value in [pair.split("=", 1) for pair in cookie_pairs]:
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
245 params[key] = base64.decodestring(value) # assuming all values are base64 encoded
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
246 # XXX Should check expiry from cookie
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
247 # XXX Should name be in auth_attribs?
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
248 u = user.User(request,
769
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
249 id=params['id'],
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
250 auth_username=params['username'],
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
251 auth_method='moin_session',
769
66945b567d0e added TODO, PEP8 and other cosmetic fixes
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 768
diff changeset
252 auth_attribs=(),
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
253 )
948
28ea5b3802b1 whitespace-only cleanup
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 776
diff changeset
254
768
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
255 if logout:
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
256 if verbose: request.log("Logout requested, setting u invalid and 'deleting' cookie")
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
257 u.valid = 0 # just make user invalid, but remember him
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
258 deleteCookie(request, cookie_name)
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
259 return u, True # we return a invalidated user object, so that
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
260 # following auth methods can get the name of
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
261 # the user who logged out
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
262 setSessionCookie(request, u) # refreshes cookie lifetime
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
263 return u, True # use True to get other methods called, too
a463b24b01e3 move auth.py changes to new location auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 752
diff changeset
264