cubicweb: pyramid_cubicweb/authplugin.py@151b8a4b9f3f (annotated)

11482 151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	1	"""
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	2	Special authentifiers.
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	3
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	4	:license: GNU Lesser General Public License, v2.1 - http://www.gnu.org/licenses
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	5
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	6	"""
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	7	__docformat__ = "restructuredtext en"
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	8
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	9	from cubicweb import AuthenticationError
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	10	from cubicweb.server.sources import native
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	11
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	12
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	13	class Token(object):
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	14	pass
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	15
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	16	EXT_TOKEN = Token()
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	17
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	18
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	19	class DirectAuthentifier(native.BaseAuthentifier):
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	20	"""return CWUser eid for the given login.
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	21
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	22	Before doing so, it makes sure the authentication request comes from
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	23	xxx by checking the special '__externalauth_directauth' kwarg.
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	24
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	25	"""
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	26
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	27	auth_rql = (
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	28	'Any U WHERE U is CWUser, '
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	29	'U eid %(eid)s'
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	30	)
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	31
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	32	def authenticate(self, session, login, **kwargs):
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	33	"""Return the CWUser eid for the given login.
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	34
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	35	Make sure the request comes from inside pyramid by
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	36	checking the special '__pyramid_directauth' kwarg.
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	37
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	38	"""
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	39	session.debug('authentication by %s', self.__class__.__name__)
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	40	directauth = kwargs.get('__pyramid_directauth', None)
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	41	try:
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	42	if directauth == EXT_TOKEN:
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	43	rset = session.execute(self.auth_rql, {'eid': int(login)})
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	44	if rset:
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	45	session.debug('Successfully identified %s', login)
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	46	return rset[0][0]
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	47	except Exception, exc:
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	48	session.debug('authentication failure (%s)', exc)
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	49
151b8a4b9f3f Integration pyramid and cubicweb authentication. Christophe de Vienne <christophe@unlish.com> parents: diff changeset	50	raise AuthenticationError('user is not registered')

author	Christophe de Vienne <christophe@unlish.com>
	Sun, 06 Jul 2014 18:06:10 +0200
changeset 11482	151b8a4b9f3f
child 11537	caf268942436
permissions	-rw-r--r--