Mercurial Mercurial > pub > hg > cubicweb / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
web/views/authentication.py
changeset 6848 f87cd875c6db
parent 6435 71b2a3fe7ba1
child 7908 faec7589f742
equal deleted inserted replaced
6847:c1d33aff7715 6848:f87cd875c6db 
    98         self.anoninfo = vreg.config.anonymous_user()
 
    98         self.anoninfo = vreg.config.anonymous_user()
 
    99         if self.anoninfo[0]:
 
    99         if self.anoninfo[0]:
 
   100             self.anoninfo = (self.anoninfo[0], {'password': self.anoninfo[1]})
 
   100             self.anoninfo = (self.anoninfo[0], {'password': self.anoninfo[1]})
 
   101 
   101 
   102     def validate_session(self, req, session):
 
   102     def validate_session(self, req, session):
 
   103         """check session validity, reconnecting it to the repository if the
 
   103         """check session validity and return the connected user on success.
 
   104         associated connection expired in the repository side (hence the
 
       
   105         necessity for this method). Return the connected user on success.
 
       
   106 
   104 
   107         raise :exc:`InvalidSession` if session is corrupted for a reason or
 
   105         raise :exc:`InvalidSession` if session is corrupted for a reason or
 
   108         another and should be closed
 
   106         another and should be closed
 
   109 
   107 
   110         also invoked while going from anonymous to logged in
 
   108         also invoked while going from anonymous to logged in
 
   111         """
 
   109         """
 
   112         # with this authentication manager, session is actually a dbapi
 
       
   113         # connection
 
       
   114         for retriever in self.authinforetrievers:
 
   110         for retriever in self.authinforetrievers:
 
   115             if retriever.request_has_auth_info(req):
 
   111             if retriever.request_has_auth_info(req):
 
   116                 login = retriever.revalidate_login(req)
 
   112                 login = retriever.revalidate_login(req)
 
   117                 return self._validate_session(req, session, login)
 
   113                 return self._validate_session(req, session, login)
 
   118         # let's try with the current session
 
   114         # let's try with the current session
 
   133         return user
 
   129         return user
 
   134 
   130 
   135     def authenticate(self, req):
 
   131     def authenticate(self, req):
 
   136         """authenticate user using connection information found in the request,
 
   132         """authenticate user using connection information found in the request,
 
   137         and return corresponding a :class:`~cubicweb.dbapi.Connection` instance,
 
   133         and return corresponding a :class:`~cubicweb.dbapi.Connection` instance,
 
   138         as well as login and authentication information dictionary used to open
 
   134         as well as login used to open the connection.
 
   139         the connection.
 
       
   140 
   135 
   141         raise :exc:`cubicweb.AuthenticationError` if authentication failed
 
   136         raise :exc:`cubicweb.AuthenticationError` if authentication failed
 
   142         (no authentication info found or wrong user/password)
 
   137         (no authentication info found or wrong user/password)
 
   143         """
 
   138         """
 
   144         for retriever in self.authinforetrievers:
 
   139         for retriever in self.authinforetrievers:
 
   150                 cnx = self._authenticate(login, authinfo)
 
   145                 cnx = self._authenticate(login, authinfo)
 
   151             except AuthenticationError:
 
   146             except AuthenticationError:
 
   152                 continue # the next one may succeed
 
   147                 continue # the next one may succeed
 
   153             for retriever_ in self.authinforetrievers:
 
   148             for retriever_ in self.authinforetrievers:
 
   154                 retriever_.authenticated(retriever, req, cnx, login, authinfo)
 
   149                 retriever_.authenticated(retriever, req, cnx, login, authinfo)
 
   155             return cnx, login, authinfo
 
   150             return cnx, login
 
   156 
       
   157         # false if no authentication info found, eg this is not an
 
   151         # false if no authentication info found, eg this is not an
 
   158         # authentication failure
 
   152         # authentication failure
 
   159         if 'login' in locals():
 
   153         if 'login' in locals():
 
   160             req.set_message(req._('authentication failure'))
 
   154             req.set_message(req._('authentication failure'))
 
   161         login, authinfo = self.anoninfo
 
   155         login, authinfo = self.anoninfo
 
   162         if login:
 
   156         if login:
 
   163             cnx = self._authenticate(login, authinfo)
 
   157             cnx = self._authenticate(login, authinfo)
 
   164             cnx.anonymous_connection = True
 
   158             cnx.anonymous_connection = True
 
   165             return cnx, login, authinfo
 
   159             return cnx, login
 
   166         raise AuthenticationError()
 
   160         raise AuthenticationError()
 
   167 
   161 
   168     def _authenticate(self, login, authinfo):
 
   162     def _authenticate(self, login, authinfo):
 
   169         cnxprops = ConnectionProperties(self.vreg.config.repo_method,
 
   163         cnxprops = ConnectionProperties(self.vreg.config.repo_method,
 
   170                                         close=False, log=self.log_queries)
 
   164                                         close=False, log=self.log_queries)
cubicweb