changeset 2181:340ae0e7529e

replace xmlrpc getUser by getUserProfile, auth can be done by getAuthToken/applyAuthToken in the same multicall, use for interwiki auth
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Wed, 20 Jun 2007 22:14:14 +0200
parents 80fc914af5c8
children 261d406b560f
files MoinMoin/auth/interwiki.py MoinMoin/xmlrpc/__init__.py docs/CHANGES
diffstat 3 files changed, 44 insertions(+), 20 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/auth/interwiki.py	Wed Jun 20 18:02:10 2007 +0200
+++ b/MoinMoin/auth/interwiki.py	Wed Jun 20 22:14:14 2007 +0200
@@ -30,18 +30,36 @@
             return ContinueLogin(user_obj)
 
         if verbose: request.log("interwiki auth: trying to auth %r" % username)
-        username = username.replace(' ', ':', 1) # Hack because ':' is not allowed in name field
+        username = username.replace(' ', ':', 1) # XXX Hack because ':' is not allowed in name field
         wikitag, wikiurl, name, err = wikiutil.resolve_wiki(request, username)
 
         if verbose: request.log("interwiki auth: resolve wiki returned: %r %r %r %r" % (wikitag, wikiurl, name, err))
         if err or wikitag not in self.trusted_wikis:
             return ContinueLogin(user_obj)
 
-        homewiki = xmlrpclib.Server(wikiurl + "?action=xmlrpc2")
-        account_data = homewiki.getUser(name, password)
-        if isinstance(account_data, str):
-            if verbose: request.log("interwiki auth: %r wiki said: %s" % (wikitag, account_data))
-            return ContinueLogin(None, account_data)
+        homewiki = xmlrpclib.ServerProxy(wikiurl + "?action=xmlrpc2")
+        auth_token = homewiki.getAuthToken(name, password)
+        if not auth_token:
+            if verbose: request.log("interwiki auth: %r wiki did not return an auth token." % wikitag)
+            return ContinueLogin(user_obj)
+
+        if verbose: request.log("interwiki: successfully got an auth token for %r" % name)
+        if verbose: request.log("interwiki: trying to get user profile data for %r" % name)
+
+        mc = xmlrpclib.MultiCall(homewiki)
+        mc.applyAuthToken(auth_token)
+        mc.getUserProfile()
+        result, account_data = mc()
+
+        if result != "SUCCESS":
+            if verbose: request.log("interwiki auth: %r wiki did not accept auth token." % wikitag)
+            return ContinueLogin(None)
+
+        if not account_data:
+            if verbose: request.log("interwiki auth: %r wiki did not return a user profile." % wikitag)
+            return ContinueLogin(None)
+
+        if verbose: request.log("interwiki auth: %r wiki returned a user profile." % wikitag)
 
         # TODO: check remote auth_attribs
         u = user.User(request, name=name, auth_method=self.name, auth_attribs=('name', 'aliasname', 'password', 'email', ))
@@ -50,5 +68,7 @@
                 setattr(u, key, value)
         u.valid = True
         u.create_or_update(True)
-        if verbose: request.log("interwiki: successful auth for %r" % name)
+        if verbose: request.log("interwiki: successful interwiki auth for %r" % name)
         return ContinueLogin(u)
+
+
--- a/MoinMoin/xmlrpc/__init__.py	Wed Jun 20 18:02:10 2007 +0200
+++ b/MoinMoin/xmlrpc/__init__.py	Wed Jun 20 22:14:14 2007 +0200
@@ -575,23 +575,24 @@
         from MoinMoin import version
         return (version.project, version.release, version.revision)
 
-    def xmlrpc_getUser(self, username, password):
-        """ Tries to authenticate username/password.
-            If it succeeds, it returns a dict of items from user profile.
-            If it fails, it returns a str with an error msg.
+
+    # user profile data transfer
+
+    def xmlrpc_getUserProfile(self):
+        """ Return the user profile data for the current user.
+            Use this in a single multicall after applyAuthToken.
+            If we have a valid user, returns a dict of items from user profile.
+            Otherwise, return an empty dict.
         """
-        u = self.request.handle_auth(None, username=username,
-                                     password=password, login=True)
-        if u is None:
-            return "Authentication failed"
+        u = self.request.user
+        if not u.valid:
+            userdata = {}
         else:
             userdata = dict(u.persistent_items())
-            del userdata['enc_password']
-            del userdata['last_saved']
-            return userdata
+        return userdata
 
     # authorization methods
-    
+
     def _cleanup_stale_tokens(request):
         items = caching.get_cache_list(request, 'xmlrpc-session', 'farm')
         tnow = time.time()
--- a/docs/CHANGES	Wed Jun 20 18:02:10 2007 +0200
+++ b/docs/CHANGES	Wed Jun 20 22:14:14 2007 +0200
@@ -261,7 +261,10 @@
       * interwikiName -- method to get the IWID and the interwiki moniker
       * getAllPagesEx -- method to get the pagelist in a special way (revnos,
         no system pages etc.)
-      * getUser -- method to remotely authenticate a user and get profile data
+      * getAuthToken -- make and authentication token by supplying username/password
+      * applyAuthToken -- set request.user for following xmlrpc calls (within the
+                          same multicall)
+      * getUserProfile -- method to get user profile data for request.user
     * IWID support - i.e. every wiki instance has a unique ID
     * The list of InterWiki sites is editable in the wiki (page InterWikiMap),
       it is getting reloaded every minute