125 # check session.login and not user.login, since in case of login by |
125 # check session.login and not user.login, since in case of login by |
126 # email, login and cnx.login are the email while user.login is the |
126 # email, login and cnx.login are the email while user.login is the |
127 # actual user login |
127 # actual user login |
128 if login and session.login != login: |
128 if login and session.login != login: |
129 raise InvalidSession('login mismatch') |
129 raise InvalidSession('login mismatch') |
130 try: |
|
131 # calling cnx.user() check connection validity, raise |
|
132 # BadConnectionId on failure |
|
133 user = session.cnx.user(req) |
|
134 except BadConnectionId: |
|
135 raise InvalidSession('bad connection id') |
|
136 return user |
|
137 |
130 |
138 def authenticate(self, req): |
131 def authenticate(self, req): |
139 """authenticate user using connection information found in the request, |
132 """authenticate user using connection information found in the request, |
140 and return corresponding a :class:`~cubicweb.dbapi.Connection` instance, |
133 and return corresponding a :class:`~cubicweb.dbapi.Connection` instance, |
141 as well as login used to open the connection. |
134 as well as login used to open the connection. |
147 try: |
140 try: |
148 login, authinfo = retriever.authentication_information(req) |
141 login, authinfo = retriever.authentication_information(req) |
149 except NoAuthInfo: |
142 except NoAuthInfo: |
150 continue |
143 continue |
151 try: |
144 try: |
152 cnx = self._authenticate(login, authinfo) |
145 session = self._authenticate(login, authinfo) |
153 except AuthenticationError: |
146 except AuthenticationError: |
154 retriever.cleanup_authentication_information(req) |
147 retriever.cleanup_authentication_information(req) |
155 continue # the next one may succeed |
148 continue # the next one may succeed |
156 for retriever_ in self.authinforetrievers: |
149 for retriever_ in self.authinforetrievers: |
157 retriever_.authenticated(retriever, req, cnx, login, authinfo) |
150 retriever_.authenticated(retriever, req, session, login, authinfo) |
158 return cnx, login |
151 return session, login |
159 # false if no authentication info found, eg this is not an |
152 # false if no authentication info found, eg this is not an |
160 # authentication failure |
153 # authentication failure |
161 if 'login' in locals(): |
154 if 'login' in locals(): |
162 req.set_message(req._('authentication failure')) |
155 req.set_message(req._('authentication failure')) |
163 login, authinfo = self.anoninfo |
156 login, authinfo = self.anoninfo |
164 if login: |
157 if login: |
165 cnx = self._authenticate(login, authinfo) |
158 session = self._authenticate(login, authinfo) |
166 return cnx, login |
159 return session, login |
167 raise AuthenticationError() |
160 raise AuthenticationError() |
168 |
161 |
169 def _authenticate(self, login, authinfo): |
162 def _authenticate(self, login, authinfo): |
170 cnxprops = ConnectionProperties(close=False, log=self.log_queries) |
163 sessionid = self.repo.connect(login, **authinfo) |
171 cnx = _repo_connect(self.repo, login, cnxprops=cnxprops, **authinfo) |
164 return self.repo._sessions[sessionid] |
172 # decorate connection |
|
173 cnx.vreg = self.vreg |
|
174 return cnx |
|
175 |
165 |