comparison MoinMoin/auth/sslclientcert.py @ 4276:95decb0aeadd

Remove special cases for removed request/server code
author Florian Krupicka <florian.krupicka@googlemail.com>
date Thu, 07 Aug 2008 00:16:53 +0200
parents b902f2397c68
children 62177a952833
comparison
equal deleted inserted replaced
4275:50d37349a9aa 4276:95decb0aeadd
9 2006 MoinMoin:ThomasWaldmann 9 2006 MoinMoin:ThomasWaldmann
10 @license: GNU GPL, see COPYING for details. 10 @license: GNU GPL, see COPYING for details.
11 """ 11 """
12 12
13 from MoinMoin import config, user 13 from MoinMoin import config, user
14 from MoinMoin.request import request_twisted
15 from MoinMoin.auth import BaseAuth 14 from MoinMoin.auth import BaseAuth
16 15
17 class SSLClientCertAuth(BaseAuth): 16 class SSLClientCertAuth(BaseAuth):
18 """ authenticate via SSL client certificate """ 17 """ authenticate via SSL client certificate """
19 18
31 BaseAuth.__init__(self) 30 BaseAuth.__init__(self)
32 31
33 def request(self, request, user_obj, **kw): 32 def request(self, request, user_obj, **kw):
34 u = None 33 u = None
35 changed = False 34 changed = False
36 # check if we are running Twisted
37 if isinstance(request, request_twisted.Request):
38 return user_obj, True # not supported if we run twisted
39 # Addendum: this seems to need quite some twisted insight and coding.
40 # A pointer i got on #twisted: divmod's vertex.sslverify
41 # If you really need this, feel free to implement and test it and
42 # submit a patch if it works.
43 else:
44 env = request.env
45 if env.get('SSL_CLIENT_VERIFY', 'FAILURE') == 'SUCCESS':
46 35
47 # check authority list if given 36 env = request.environ
48 if self.authorities and env.get('SSL_CLIENT_I_DN_OU') in self.authorities: 37 if env.get('SSL_CLIENT_VERIFY', 'FAILURE') == 'SUCCESS':
49 return user_obj, True
50 38
51 email_lower = None 39 # check authority list if given
52 if self.email_key: 40 if self.authorities and env.get('SSL_CLIENT_I_DN_OU') in self.authorities:
53 email = env.get('SSL_CLIENT_S_DN_Email', '').decode(config.charset) 41 return user_obj, True
54 email_lower = email.lower() 42
55 commonname_lower = None 43 email_lower = None
56 if self.name_key: 44 if self.email_key:
57 commonname = env.get('SSL_CLIENT_S_DN_CN', '').decode(config.charset) 45 email = env.get('SSL_CLIENT_S_DN_Email', '').decode(config.charset)
58 commonname_lower = commonname.lower() 46 email_lower = email.lower()
59 if email_lower or commonname_lower: 47 commonname_lower = None
60 for uid in user.getUserList(request): 48 if self.name_key:
61 u = user.User(request, uid, 49 commonname = env.get('SSL_CLIENT_S_DN_CN', '').decode(config.charset)
62 auth_method=self.name, auth_attribs=()) 50 commonname_lower = commonname.lower()
63 if self.email_key and email_lower and u.email.lower() == email_lower: 51 if email_lower or commonname_lower:
64 u.auth_attribs = ('email', 'password') 52 for uid in user.getUserList(request):
65 if self.use_name and commonname_lower != u.name.lower(): 53 u = user.User(request, uid,
66 u.name = commonname 54 auth_method=self.name, auth_attribs=())
67 changed = True 55 if self.email_key and email_lower and u.email.lower() == email_lower:
68 u.auth_attribs = ('email', 'name', 'password') 56 u.auth_attribs = ('email', 'password')
69 break 57 if self.use_name and commonname_lower != u.name.lower():
70 if self.name_key and commonname_lower and u.name.lower() == commonname_lower: 58 u.name = commonname
71 u.auth_attribs = ('name', 'password') 59 changed = True
72 if self.use_email and email_lower != u.email.lower(): 60 u.auth_attribs = ('email', 'name', 'password')
73 u.email = email 61 break
74 changed = True 62 if self.name_key and commonname_lower and u.name.lower() == commonname_lower:
75 u.auth_attribs = ('name', 'email', 'password')
76 break
77 else:
78 u = None
79 if u is None:
80 # user wasn't found, so let's create a new user object
81 u = user.User(request, name=commonname_lower, auth_username=commonname_lower,
82 auth_method=self.name)
83 u.auth_attribs = ('name', 'password') 63 u.auth_attribs = ('name', 'password')
84 if self.use_email: 64 if self.use_email and email_lower != u.email.lower():
85 u.email = email 65 u.email = email
66 changed = True
86 u.auth_attribs = ('name', 'email', 'password') 67 u.auth_attribs = ('name', 'email', 'password')
87 elif user_obj and user_obj.auth_method == self.name: 68 break
88 user_obj.valid = False 69 else:
89 return user_obj, False 70 u = None
71 if u is None:
72 # user wasn't found, so let's create a new user object
73 u = user.User(request, name=commonname_lower, auth_username=commonname_lower,
74 auth_method=self.name)
75 u.auth_attribs = ('name', 'password')
76 if self.use_email:
77 u.email = email
78 u.auth_attribs = ('name', 'email', 'password')
79 elif user_obj and user_obj.auth_method == self.name:
80 user_obj.valid = False
81 return user_obj, False
90 if u: 82 if u:
91 u.create_or_update(changed) 83 u.create_or_update(changed)
92 if u and u.valid: 84 if u and u.valid:
93 return u, True 85 return u, True
94 else: 86 else: