416 break |
416 break |
417 except AuthenticationError: |
417 except AuthenticationError: |
418 continue |
418 continue |
419 else: |
419 else: |
420 raise AuthenticationError('authentication failed with all sources') |
420 raise AuthenticationError('authentication failed with all sources') |
421 euser = self._build_user(session, eid) |
421 cwuser = self._build_user(session, eid) |
422 if self.config.consider_user_state and \ |
422 if self.config.consider_user_state and \ |
423 not euser.state in euser.AUTHENTICABLE_STATES: |
423 not cwuser.state in cwuser.AUTHENTICABLE_STATES: |
424 raise AuthenticationError('user is not in authenticable state') |
424 raise AuthenticationError('user is not in authenticable state') |
425 return euser |
425 return cwuser |
426 |
426 |
427 def _build_user(self, session, eid): |
427 def _build_user(self, session, eid): |
428 """return a CWUser entity for user with the given eid""" |
428 """return a CWUser entity for user with the given eid""" |
429 cls = self.vreg.etype_class('CWUser') |
429 cls = self.vreg.etype_class('CWUser') |
430 rql = cls.fetch_rql(session.user, ['X eid %(x)s']) |
430 rql = cls.fetch_rql(session.user, ['X eid %(x)s']) |
431 rset = session.execute(rql, {'x': eid}, 'x') |
431 rset = session.execute(rql, {'x': eid}, 'x') |
432 assert len(rset) == 1, rset |
432 assert len(rset) == 1, rset |
433 euser = rset.get_entity(0, 0) |
433 cwuser = rset.get_entity(0, 0) |
434 # pylint: disable-msg=W0104 |
434 # pylint: disable-msg=W0104 |
435 # prefetch / cache euser's groups and properties. This is especially |
435 # prefetch / cache cwuser's groups and properties. This is especially |
436 # useful for internal sessions to avoid security insertions |
436 # useful for internal sessions to avoid security insertions |
437 euser.groups |
437 cwuser.groups |
438 euser.properties |
438 cwuser.properties |
439 return euser |
439 return cwuser |
440 |
440 |
441 # public (dbapi) interface ################################################ |
441 # public (dbapi) interface ################################################ |
442 |
442 |
443 def get_schema(self): |
443 def get_schema(self): |
444 """return the application schema. This is a public method, not |
444 """return the application schema. This is a public method, not |