changeset 4537:f8bf8de778f2

move auth.http.HTTPAuth to auth.GivenAuth, see details below old name was not reflecting what it really did (just use REMOTE_USER env var) compatibility and deprecation warning code added as auth.http.HTTPAuth extended GivenAuth so env_var can give another env. var. name extended GivenAuth so a fixed user_name can be given that is considered authenticated trusted_auth_methods default now includes 'http' and 'given' for compatibility
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Tue, 03 Feb 2009 15:04:21 +0100
parents 9b4c9f73b632
children d0afc869ab36
files MoinMoin/auth/__init__.py MoinMoin/auth/http.py MoinMoin/config/multiconfig.py
diffstat 3 files changed, 76 insertions(+), 41 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/auth/__init__.py	Tue Feb 03 05:42:52 2009 +0100
+++ b/MoinMoin/auth/__init__.py	Tue Feb 03 15:04:21 2009 +0100
@@ -128,7 +128,7 @@
     @copyright: 2005-2006 Bastian Blank, Florian Festi,
                           MoinMoin:AlexanderSchremmer, Nick Phillips,
                           MoinMoin:FrankieChow, MoinMoin:NirSoffer,
-                2005-2008 MoinMoin:ThomasWaldmann,
+                2005-2009 MoinMoin:ThomasWaldmann,
                 2007      MoinMoin:JohannesBerg
 
     @license: GNU GPL, see COPYING for details.
@@ -255,6 +255,56 @@
                'userprefslink': userprefslink,
                'sendmypasswordlink': sendmypasswordlink}
 
+
+class GivenAuth(BaseAuth):
+    """ reuse a given authentication, e.g. http basic auth (or any other auth)
+        done by the web server, that sets REMOTE_USER environment variable.
+        This is the default behaviour.
+        You can also specify to read another environment variable (env_var).
+        Alternatively you can directly give a fixed user name (user_name)
+        that will be considered as authenticated.
+    """
+    name = 'given' # was 'http' in 1.8.x and before
+
+    def __init__(self, env_var=None, user_name=None, autocreate=False):
+        self.env_var = env_var
+        self.user_name = user_name
+        self.autocreate = autocreate
+        BaseAuth.__init__(self)
+
+    def request(self, request, user_obj, **kw):
+        u = None
+        _ = request.getText
+        # always revalidate auth
+        if user_obj and user_obj.auth_method == self.name:
+            user_obj = None
+        # something else authenticated before us
+        if user_obj:
+            logging.debug("already authenticated, doing nothing")
+            return user_obj, True
+
+        if self.user_name is not None:
+            auth_username = self.user_name
+        elif self.env_var is None:
+            auth_username = request.remote_user
+        else:
+            auth_username = request.environ.get(self.env_var)
+
+        logging.debug("auth_username = %r" % auth_username)
+        if auth_username:
+            if isinstance(auth_username, str):
+                auth_username = auth_username.decode('utf-8') # XXX correct?
+            u = user.User(request, auth_username=auth_username,
+                          auth_method=self.name, auth_attribs=('name', 'password'))
+
+        if u and self.autocreate:
+            u.create_or_update()
+        if u and u.valid:
+            return u, True # True to get other methods called, too
+        else:
+            return user_obj, True
+
+
 def handle_login(request, userobj=None, username=None, password=None,
                  attended=True, openid_identifier=None, stage=None):
     """
--- a/MoinMoin/auth/http.py	Tue Feb 03 05:42:52 2009 +0100
+++ b/MoinMoin/auth/http.py	Tue Feb 03 15:04:21 2009 +0100
@@ -1,51 +1,36 @@
 # -*- coding: iso-8859-1 -*-
 """
-    MoinMoin - http authentication
+    MoinMoin - http authentication (or rather: using REMOTE_USER)
 
-    You need your webserver configured for doing authentication (like Apache
-    reading some .htpasswd file and requesting http basic auth) and pass the
-    authenticated username as REMOTE_USER environment var.
+    This is just a dummy redirecting to MoinMoin.auth.GivenAuth for backwards
+    compatibility.
+    
+    Please fix your setup, this dummy will be removed soon:
 
-    @copyright: 2006-2009 MoinMoin:ThomasWaldmann
-                2007 MoinMoin:JohannesBerg
+    Old (1.8.x):
+    ------------
+    from MoinMoin.auth.http import HTTPAuth
+    auth = [HTTPAuth(autocreate=True)]
+    # any presence (or absence) of 'http' auth name, e.g.:
+    auth_methods_trusted = ['http', 'xmlrpc_applytoken']
+
+    New (1.9.x):
+    ------------
+    from MoinMoin.auth import GivenAuth
+    auth = [GivenAuth(autocreate=True)]
+    # presence (or absence) of 'given' auth name, e.g.:
+    auth_methods_trusted = ['given', 'xmlrpc_applytoken']
+
+    @copyright: 2009 MoinMoin:ThomasWaldmann
     @license: GNU GPL, see COPYING for details.
 """
 
 from MoinMoin import log
 logging = log.getLogger(__name__)
 
-from MoinMoin import config, user
-from MoinMoin.auth import BaseAuth
-
-class HTTPAuth(BaseAuth):
-    """ authenticate via http basic/digest/ntlm auth """
-    name = 'http'
-
-    def __init__(self, autocreate=False):
-        self.autocreate = autocreate
-        BaseAuth.__init__(self)
+from MoinMoin.auth import GivenAuth
 
-    def request(self, request, user_obj, **kw):
-        u = None
-        _ = request.getText
-        # always revalidate auth
-        if user_obj and user_obj.auth_method == self.name:
-            user_obj = None
-        # something else authenticated before us
-        if user_obj:
-            logging.debug("already authenticated, doing nothing")
-            return user_obj, True
+class HTTPAuth(GivenAuth):
+    name = 'http'  # GivenAuth uses 'given'
+    logging.warning("DEPRECATED use of MoinMoin.auth.http, please read instructions there or docs/CHANGES!")
 
-        auth_username = request.remote_user
-        logging.debug("REMOTE_USER = %r" % auth_username)
-        if auth_username:
-            u = user.User(request, auth_username=auth_username.decode('utf-8'), # XXX correct?
-                          auth_method=self.name, auth_attribs=('name', 'password'))
-
-        if u and self.autocreate:
-            u.create_or_update()
-        if u and u.valid:
-            return u, True # True to get other methods called, too
-        else:
-            return user_obj, True
-
--- a/MoinMoin/config/multiconfig.py	Tue Feb 03 05:42:52 2009 +0100
+++ b/MoinMoin/config/multiconfig.py	Tue Feb 03 15:04:21 2009 +0100
@@ -720,7 +720,7 @@
      "List of trusted user names with wiki system administration super powers (not to be confused with ACL admin rights!). Used for e.g. software installation, language installation via SystemPagesSetup and more. See also HelpOnSuperUser."),
     ('auth', DefaultExpression('[MoinAuth()]'),
      "list of auth objects, to be called in this order (see HelpOnAuthentication)"),
-    ('auth_methods_trusted', ['http', 'xmlrpc_applytoken'],
+    ('auth_methods_trusted', ['http', 'given', 'xmlrpc_applytoken'], # Note: 'http' auth method is currently just a redirect to 'given'
      'authentication methods for which users should be included in the special "Trusted" ACL group.'),
     ('secrets', None, """Either a long shared secret string used for multiple purposes or a dict {"purpose": "longsecretstring", ...} for setting up different shared secrets for different purposes. If you don't setup own secret(s), a secret string will be auto-generated from other config settings."""),
     ('DesktopEdition',