annotate MoinMoin/auth/http.py @ 4183:fc20a076aad0

Accomodate for consolidation of Request/Response
author Florian Krupicka <florian.krupicka@googlemail.com>
date Sat, 21 Jun 2008 16:57:20 +0200
parents 632696c3c78d
children 424800cd9596
rev   line source
776
ab9cd47eb066 teared auth code into single files, basic built-in moin_login method and also session handling code is still in auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
1 # -*- coding: iso-8859-1 -*-
ab9cd47eb066 teared auth code into single files, basic built-in moin_login method and also session handling code is still in auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
2 """
ab9cd47eb066 teared auth code into single files, basic built-in moin_login method and also session handling code is still in auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
3 MoinMoin - http authentication
ab9cd47eb066 teared auth code into single files, basic built-in moin_login method and also session handling code is still in auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
4
ab9cd47eb066 teared auth code into single files, basic built-in moin_login method and also session handling code is still in auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
5 You need either your webserver configured for doing HTTP auth (like Apache
ab9cd47eb066 teared auth code into single files, basic built-in moin_login method and also session handling code is still in auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
6 reading some .htpasswd file) or Twisted (will accept HTTP auth against
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
7 password stored in moin user profile, but currently will NOT ask for auth)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
8 or Standalone (in which case it will ask for auth and accept auth against
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
9 stored user profile.)
776
ab9cd47eb066 teared auth code into single files, basic built-in moin_login method and also session handling code is still in auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
10
1918
bb2e053067fb fixing copyright headers: remove umlauts (encoding troubles), make epydoc compatible, reformat
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 1606
diff changeset
11 @copyright: 2006 MoinMoin:ThomasWaldmann
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
12 2007 MoinMoin:JohannesBerg
776
ab9cd47eb066 teared auth code into single files, basic built-in moin_login method and also session handling code is still in auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
13 @license: GNU GPL, see COPYING for details.
ab9cd47eb066 teared auth code into single files, basic built-in moin_login method and also session handling code is still in auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
14 """
2338
b902f2397c68 rename server and request Implementations by adding a prefix server_, request_
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 2286
diff changeset
15
1606
ae56d79ae076 http auth / ssl clientcert auth: correctly decode name/password/email to unicode (ported from 1.5)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 948
diff changeset
16 from MoinMoin import config, user
2338
b902f2397c68 rename server and request Implementations by adding a prefix server_, request_
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 2286
diff changeset
17 from MoinMoin.request import request_twisted, request_cli, request_standalone
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
18 from MoinMoin.auth import BaseAuth
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
19 from base64 import decodestring
776
ab9cd47eb066 teared auth code into single files, basic built-in moin_login method and also session handling code is still in auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
20
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
21 class HTTPAuth(BaseAuth):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
22 """ authenticate via http basic/digest/ntlm auth """
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
23 name = 'http'
776
ab9cd47eb066 teared auth code into single files, basic built-in moin_login method and also session handling code is still in auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
24
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
25 def request(self, request, user_obj, **kw):
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
26 u = None
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
27 _ = request.getText
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
28 # always revalidate auth
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
29 if user_obj and user_obj.auth_method == self.name:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
30 user_obj = None
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
31 # something else authenticated before us
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
32 if user_obj:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
33 return user_obj, True
776
ab9cd47eb066 teared auth code into single files, basic built-in moin_login method and also session handling code is still in auth/__init__.py
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
34
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
35 # for standalone, request authorization and verify it,
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
36 # deny access if it isn't verified
2338
b902f2397c68 rename server and request Implementations by adding a prefix server_, request_
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 2286
diff changeset
37 if isinstance(request, request_standalone.Request):
4183
fc20a076aad0 Accomodate for consolidation of Request/Response
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4177
diff changeset
38 request.www_authenticate.set_basic(realm="MoinMoin")
4177
632696c3c78d Replaced calls to setHttpHeader
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 2338
diff changeset
39
632696c3c78d Replaced calls to setHttpHeader
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 2338
diff changeset
40 auth = request.authorization
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
41 if auth:
4177
632696c3c78d Replaced calls to setHttpHeader
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 2338
diff changeset
42 u = user.User(request, auth_username=auth.username,
632696c3c78d Replaced calls to setHttpHeader
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 2338
diff changeset
43 password=auth.password,
632696c3c78d Replaced calls to setHttpHeader
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 2338
diff changeset
44 auth_method=self.name, auth_attribs=[])
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
45 if not u:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
46 request.makeForbidden(401, _('You need to log in.'))
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
47 # for Twisted, just check
2338
b902f2397c68 rename server and request Implementations by adding a prefix server_, request_
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 2286
diff changeset
48 elif isinstance(request, request_twisted.Request):
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
49 username = request.twistd.getUser().decode(config.charset)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
50 password = request.twistd.getPassword().decode(config.charset)
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
51 # when using Twisted http auth, we use username and password from
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
52 # the moin user profile, so both can be changed by user.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
53 u = user.User(request, auth_username=username, password=password,
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
54 auth_method=self.name, auth_attribs=())
2338
b902f2397c68 rename server and request Implementations by adding a prefix server_, request_
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 2286
diff changeset
55 elif not isinstance(request, request_cli.Request):
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
56 env = request.env
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
57 auth_type = env.get('AUTH_TYPE', '')
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
58 if auth_type in ['Basic', 'Digest', 'NTLM', 'Negotiate', ]:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
59 username = env.get('REMOTE_USER', '').decode(config.charset)
2286
01f05e74aa9c Big PEP8 and whitespace cleanup
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2009
diff changeset
60 if auth_type in ('NTLM', 'Negotiate', ):
2009
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
61 # converting to standard case so the user can even enter wrong case
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
62 # (added since windows does not distinguish between e.g.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
63 # "Mike" and "mike")
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
64 username = username.split('\\')[-1] # split off domain e.g.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
65 # from DOMAIN\user
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
66 # this "normalizes" the login name from {meier, Meier, MEIER} to Meier
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
67 # put a comment sign in front of next line if you don't want that:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
68 username = username.title()
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
69 # when using http auth, we have external user name and password,
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
70 # we don't use the moin user profile for those attributes.
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
71 u = user.User(request, auth_username=username,
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
72 auth_method=self.name, auth_attribs=('name', 'password'))
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
73
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
74 if u:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
75 u.create_or_update()
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
76 if u and u.valid:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
77 return u, True # True to get other methods called, too
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
78 else:
1b14cc05a54a refactor authentication and split out session handling
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 1918
diff changeset
79 return user_obj, True