equal
deleted
inserted
replaced
14 # details. |
14 # details. |
15 # |
15 # |
16 # You should have received a copy of the GNU Lesser General Public License along |
16 # You should have received a copy of the GNU Lesser General Public License along |
17 # with CubicWeb. If not, see <http://www.gnu.org/licenses/>. |
17 # with CubicWeb. If not, see <http://www.gnu.org/licenses/>. |
18 """user authentication component""" |
18 """user authentication component""" |
19 |
|
20 |
|
21 |
19 |
22 from logilab.common.deprecation import class_renamed |
20 from logilab.common.deprecation import class_renamed |
23 from logilab.common.textutils import unormalize |
21 from logilab.common.textutils import unormalize |
24 |
22 |
25 from cubicweb import AuthenticationError |
23 from cubicweb import AuthenticationError |
27 from cubicweb.view import Component |
25 from cubicweb.view import Component |
28 from cubicweb.web import InvalidSession |
26 from cubicweb.web import InvalidSession |
29 from cubicweb.server.session import Connection |
27 from cubicweb.server.session import Connection |
30 |
28 |
31 |
29 |
32 class NoAuthInfo(Exception): pass |
30 class NoAuthInfo(Exception): |
|
31 pass |
33 |
32 |
34 |
33 |
35 class WebAuthInfoRetriever(Component): |
34 class WebAuthInfoRetriever(Component): |
36 __registry__ = 'webauth' |
35 __registry__ = 'webauth' |
37 order = None |
36 order = None |
68 information but we get an authentication error when using them, so it |
67 information but we get an authentication error when using them, so it |
69 get a chance to clean things up (e.g. remove cookie) |
68 get a chance to clean things up (e.g. remove cookie) |
70 """ |
69 """ |
71 pass |
70 pass |
72 |
71 |
|
72 |
73 WebAuthInfoRetreiver = class_renamed( |
73 WebAuthInfoRetreiver = class_renamed( |
74 'WebAuthInfoRetreiver', WebAuthInfoRetriever, |
74 'WebAuthInfoRetreiver', WebAuthInfoRetriever, |
75 '[3.17] WebAuthInfoRetreiver had been renamed into WebAuthInfoRetriever ' |
75 '[3.17] WebAuthInfoRetreiver had been renamed into WebAuthInfoRetriever ' |
76 '("ie" instead of "ei")') |
76 '("ie" instead of "ei")') |
77 |
77 |
92 def request_has_auth_info(self, req): |
92 def request_has_auth_info(self, req): |
93 return req.get_authorization()[0] is not None |
93 return req.get_authorization()[0] is not None |
94 |
94 |
95 def revalidate_login(self, req): |
95 def revalidate_login(self, req): |
96 return req.get_authorization()[0] |
96 return req.get_authorization()[0] |
|
97 |
97 |
98 |
98 LoginPasswordRetreiver = class_renamed( |
99 LoginPasswordRetreiver = class_renamed( |
99 'LoginPasswordRetreiver', LoginPasswordRetriever, |
100 'LoginPasswordRetreiver', LoginPasswordRetriever, |
100 '[3.17] LoginPasswordRetreiver had been renamed into LoginPasswordRetriever ' |
101 '[3.17] LoginPasswordRetreiver had been renamed into LoginPasswordRetriever ' |
101 '("ie" instead of "ei")') |
102 '("ie" instead of "ei")') |
188 has_auth = True |
189 has_auth = True |
189 try: |
190 try: |
190 session = self._authenticate(login, authinfo) |
191 session = self._authenticate(login, authinfo) |
191 except AuthenticationError: |
192 except AuthenticationError: |
192 retriever.cleanup_authentication_information(req) |
193 retriever.cleanup_authentication_information(req) |
193 continue # the next one may succeed |
194 continue # the next one may succeed |
194 for retriever_ in self.authinforetrievers: |
195 for retriever_ in self.authinforetrievers: |
195 retriever_.authenticated(retriever, req, session, login, authinfo) |
196 retriever_.authenticated(retriever, req, session, login, authinfo) |
196 return session, login |
197 return session, login |
197 # false if no authentication info found, i.e. this is not an |
198 # false if no authentication info found, i.e. this is not an |
198 # authentication failure |
199 # authentication failure |