pyramid_cubicweb/authplugin.py
author Christophe de Vienne <christophe@unlish.com>
Thu, 31 Jul 2014 17:48:32 +0200
changeset 11492 b0b8942cdb80
parent 11482 151b8a4b9f3f
child 11537 caf268942436
permissions -rw-r--r--
Separate into 4 modules * init_instance: load the cubicweb repository from the `pyramid_cubicweb.instance` configuration key * defaults: provides cw-like defaults for the authentication and session management * core: make cubicweb use the authentication and session management of pyramid. It assumes the application provides the auth policies and session factory, and that the `cubicweb.*` registry entries are correctly initialised. This is this only required module or pyramid_cubicweb, the other ones are optional if the application provides its own versions of what they do. * bwcompat: provides a catchall route that delegate the request handling to an old-fashion cubicweb publisher (ie using url_resolver and controllers). Related to #4291173
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
11482
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
     1
"""
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
     2
Special authentifiers.
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
     3
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
     4
:license: GNU Lesser General Public License, v2.1 - http://www.gnu.org/licenses
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
     5
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
     6
"""
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
     7
__docformat__ = "restructuredtext en"
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
     8
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
     9
from cubicweb import AuthenticationError
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    10
from cubicweb.server.sources import native
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    11
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    12
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    13
class Token(object):
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    14
    pass
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    15
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    16
EXT_TOKEN = Token()
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    17
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    18
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    19
class DirectAuthentifier(native.BaseAuthentifier):
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    20
    """return CWUser eid for the given login.
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    21
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    22
    Before doing so, it makes sure the authentication request comes from
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    23
    xxx by checking the special '__externalauth_directauth' kwarg.
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    24
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    25
    """
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    26
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    27
    auth_rql = (
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    28
        'Any U WHERE U is CWUser, '
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    29
        'U eid %(eid)s'
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    30
    )
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    31
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    32
    def authenticate(self, session, login, **kwargs):
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    33
        """Return the CWUser eid for the given login.
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    34
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    35
        Make sure the request comes from inside pyramid by
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    36
        checking the special '__pyramid_directauth' kwarg.
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    37
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    38
        """
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    39
        session.debug('authentication by %s', self.__class__.__name__)
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    40
        directauth = kwargs.get('__pyramid_directauth', None)
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    41
        try:
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    42
            if directauth == EXT_TOKEN:
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    43
                rset = session.execute(self.auth_rql, {'eid': int(login)})
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    44
                if rset:
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    45
                    session.debug('Successfully identified %s', login)
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    46
                    return rset[0][0]
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    47
        except Exception, exc:
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    48
            session.debug('authentication failure (%s)', exc)
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    49
151b8a4b9f3f Integration pyramid and cubicweb authentication.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    50
        raise AuthenticationError('user is not registered')