author | Sylvain Thénault <sylvain.thenault@logilab.fr> |
Wed, 14 Apr 2010 10:29:38 +0200 | |
changeset 5244 | 5467674ad101 |
parent 5223 | 6abd6e3599f4 |
child 5251 | b675edd05c19 |
permissions | -rw-r--r-- |
0 | 1 |
"""user authentication component |
2 |
||
3 |
:organization: Logilab |
|
4212
ab6573088b4a
update copyright: welcome 2010
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
2267
diff
changeset
|
4 |
:copyright: 2001-2010 LOGILAB S.A. (Paris, FRANCE), license is LGPL v2. |
0 | 5 |
:contact: http://www.logilab.fr/ -- mailto:contact@logilab.fr |
1977
606923dff11b
big bunch of copyright / docstring update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1690
diff
changeset
|
6 |
:license: GNU Lesser General Public License, v2.1 - http://www.gnu.org/licenses |
0 | 7 |
""" |
8 |
__docformat__ = "restructuredtext en" |
|
9 |
||
10 |
from logilab.common.decorators import clear_cache |
|
11 |
||
12 |
from cubicweb import AuthenticationError, BadConnectionId |
|
3658
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
13 |
from cubicweb.view import Component |
0 | 14 |
from cubicweb.dbapi import repo_connect, ConnectionProperties |
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
15 |
from cubicweb.web import InvalidSession |
0 | 16 |
from cubicweb.web.application import AbstractAuthenticationManager |
1668 | 17 |
|
3658
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
18 |
class NoAuthInfo(Exception): pass |
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
19 |
|
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
20 |
|
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
21 |
class WebAuthInfoRetreiver(Component): |
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
22 |
__registry__ = 'webauth' |
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
23 |
order = None |
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
24 |
|
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
25 |
def authentication_information(self, req): |
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
26 |
"""retreive authentication information from the given request, raise |
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
27 |
NoAuthInfo if expected information is not found. |
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
28 |
""" |
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
29 |
raise NotImplementedError() |
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
30 |
|
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
31 |
def authenticated(self, retreiver, req, cnx, login, authinfo): |
3658
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
32 |
"""callback when return authentication information have opened a |
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
33 |
repository connection successfully. Take care req has no session |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
34 |
attached yet, hence req.execute isn't available. |
3658
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
35 |
""" |
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
36 |
pass |
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
37 |
|
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
38 |
|
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
39 |
class LoginPasswordRetreiver(WebAuthInfoRetreiver): |
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
40 |
__regid__ = 'loginpwdauth' |
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
41 |
order = 10 |
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
42 |
|
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
43 |
def authentication_information(self, req): |
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
44 |
"""retreive authentication information from the given request, raise |
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
45 |
NoAuthInfo if expected information is not found. |
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
46 |
""" |
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
47 |
login, password = req.get_authorization() |
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
48 |
if not login: |
4910
f40fddaa79ad
[web auth] fix authentication pb when anonymous are allowed, avoiding the first authentifier to return an anon connection while a following one may find correct authentication info. This make things simpler (eventually)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4856
diff
changeset
|
49 |
raise NoAuthInfo() |
3658
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
50 |
return login, {'password': password} |
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
51 |
|
0 | 52 |
|
53 |
class RepositoryAuthenticationManager(AbstractAuthenticationManager): |
|
54 |
"""authenticate user associated to a request and check session validity""" |
|
1668 | 55 |
|
2887
1282dc6525c5
give vreg where we need it (eg no bound request)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2267
diff
changeset
|
56 |
def __init__(self, vreg): |
1282dc6525c5
give vreg where we need it (eg no bound request)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2267
diff
changeset
|
57 |
super(RepositoryAuthenticationManager, self).__init__(vreg) |
1282dc6525c5
give vreg where we need it (eg no bound request)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2267
diff
changeset
|
58 |
self.repo = vreg.config.repository(vreg) |
1282dc6525c5
give vreg where we need it (eg no bound request)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2267
diff
changeset
|
59 |
self.log_queries = vreg.config['query-log-file'] |
3658
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
60 |
self.authinforetreivers = sorted(vreg['webauth'].possible_objects(vreg), |
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
61 |
key=lambda x: x.order) |
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
62 |
assert self.authinforetreivers |
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
63 |
# 2-uple login / password, login is None when no anonymous access |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
64 |
# configured |
4910
f40fddaa79ad
[web auth] fix authentication pb when anonymous are allowed, avoiding the first authentifier to return an anon connection while a following one may find correct authentication info. This make things simpler (eventually)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4856
diff
changeset
|
65 |
self.anoninfo = vreg.config.anonymous_user() |
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
66 |
if self.anoninfo[0]: |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
67 |
self.anoninfo = (self.anoninfo[0], {'password': self.anoninfo[1]}) |
0 | 68 |
|
69 |
def validate_session(self, req, session): |
|
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
70 |
"""check session validity, reconnecting it to the repository if the |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
71 |
associated connection expired in the repository side (hence the |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
72 |
necessity for this method). Return the connected user on success. |
0 | 73 |
|
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
74 |
raise :exc:`InvalidSession` if session is corrupted for a reason or |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
75 |
another and should be closed |
0 | 76 |
""" |
77 |
# with this authentication manager, session is actually a dbapi |
|
78 |
# connection |
|
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
79 |
cnx = session.cnx |
0 | 80 |
login = req.get_authorization()[0] |
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
81 |
# check cnx.login and not user.login, since in case of login by |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
82 |
# email, login and cnx.login are the email while user.login is the |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
83 |
# actual user login |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
84 |
if login and session.login != login: |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
85 |
raise InvalidSession('login mismatch') |
0 | 86 |
try: |
87 |
# calling cnx.user() check connection validity, raise |
|
88 |
# BadConnectionId on failure |
|
89 |
user = cnx.user(req) |
|
90 |
except BadConnectionId: |
|
91 |
# check if a connection should be automatically restablished |
|
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
92 |
if (login is None or login == session.login): |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
93 |
cnx = self._authenticate(session.login, session.authinfo) |
0 | 94 |
user = cnx.user(req) |
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
95 |
session.cnx = cnx |
0 | 96 |
else: |
97 |
raise InvalidSession('bad connection id') |
|
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
98 |
return user |
1488
6da89a703c5a
add ability to login with a primary email address - no tests for now are unittest_application.py are now broken
Florent <florent@secondweb.fr>
parents:
0
diff
changeset
|
99 |
|
3658
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
100 |
def authenticate(self, req): |
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
101 |
"""authenticate user using connection information found in the request, |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
102 |
and return corresponding a :class:`~cubicweb.dbapi.Connection` instance, |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
103 |
as well as login and authentication information dictionary used to open |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
104 |
the connection. |
1488
6da89a703c5a
add ability to login with a primary email address - no tests for now are unittest_application.py are now broken
Florent <florent@secondweb.fr>
parents:
0
diff
changeset
|
105 |
|
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
106 |
raise :exc:`cubicweb.AuthenticationError` if authentication failed |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
107 |
(no authentication info found or wrong user/password) |
0 | 108 |
""" |
3658
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
109 |
for retreiver in self.authinforetreivers: |
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
110 |
try: |
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
111 |
login, authinfo = retreiver.authentication_information(req) |
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
112 |
except NoAuthInfo: |
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
113 |
continue |
4855
e69b2f2f2d61
when some authentication plugin fail, we may try another one
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4252
diff
changeset
|
114 |
try: |
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
115 |
cnx = self._authenticate(login, authinfo) |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
116 |
except AuthenticationError: |
4855
e69b2f2f2d61
when some authentication plugin fail, we may try another one
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4252
diff
changeset
|
117 |
continue # the next one may succeed |
4910
f40fddaa79ad
[web auth] fix authentication pb when anonymous are allowed, avoiding the first authentifier to return an anon connection while a following one may find correct authentication info. This make things simpler (eventually)
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4856
diff
changeset
|
118 |
for retreiver_ in self.authinforetreivers: |
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
119 |
retreiver_.authenticated(retreiver, req, cnx, login, authinfo) |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
120 |
return cnx, login, authinfo |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
121 |
# false if no authentication info found, eg this is not an |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
122 |
# authentication failure |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
123 |
if 'login' in locals(): |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
124 |
req.set_message(req._('authentication failure')) |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
125 |
login, authinfo = self.anoninfo |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
126 |
if login: |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
127 |
cnx = self._authenticate(login, authinfo) |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
128 |
cnx.anonymous_connection = True |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
129 |
return cnx, login, authinfo |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
130 |
raise AuthenticationError() |
3658
d8f2ec7e91fa
pluggable authentication information retreiver
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3647
diff
changeset
|
131 |
|
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
132 |
def _authenticate(self, login, authinfo): |
0 | 133 |
cnxprops = ConnectionProperties(self.vreg.config.repo_method, |
134 |
close=False, log=self.log_queries) |
|
5223
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
135 |
cnx = repo_connect(self.repo, login, cnxprops=cnxprops, **authinfo) |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
136 |
# decorate connection |
6abd6e3599f4
#773448: refactor session and 'no connection' handling, by introducing proper web session. We should now be able to see page even when no anon is configured, and be redirected to the login form as soon as one tries to do a query.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4916
diff
changeset
|
137 |
cnx.vreg = self.vreg |
0 | 138 |
return cnx |
139 |