98 self.anoninfo = vreg.config.anonymous_user() |
98 self.anoninfo = vreg.config.anonymous_user() |
99 if self.anoninfo[0]: |
99 if self.anoninfo[0]: |
100 self.anoninfo = (self.anoninfo[0], {'password': self.anoninfo[1]}) |
100 self.anoninfo = (self.anoninfo[0], {'password': self.anoninfo[1]}) |
101 |
101 |
102 def validate_session(self, req, session): |
102 def validate_session(self, req, session): |
103 """check session validity, reconnecting it to the repository if the |
103 """check session validity and return the connected user on success. |
104 associated connection expired in the repository side (hence the |
|
105 necessity for this method). Return the connected user on success. |
|
106 |
104 |
107 raise :exc:`InvalidSession` if session is corrupted for a reason or |
105 raise :exc:`InvalidSession` if session is corrupted for a reason or |
108 another and should be closed |
106 another and should be closed |
109 |
107 |
110 also invoked while going from anonymous to logged in |
108 also invoked while going from anonymous to logged in |
111 """ |
109 """ |
112 # with this authentication manager, session is actually a dbapi |
|
113 # connection |
|
114 for retriever in self.authinforetrievers: |
110 for retriever in self.authinforetrievers: |
115 if retriever.request_has_auth_info(req): |
111 if retriever.request_has_auth_info(req): |
116 login = retriever.revalidate_login(req) |
112 login = retriever.revalidate_login(req) |
117 return self._validate_session(req, session, login) |
113 return self._validate_session(req, session, login) |
118 # let's try with the current session |
114 # let's try with the current session |
133 return user |
129 return user |
134 |
130 |
135 def authenticate(self, req): |
131 def authenticate(self, req): |
136 """authenticate user using connection information found in the request, |
132 """authenticate user using connection information found in the request, |
137 and return corresponding a :class:`~cubicweb.dbapi.Connection` instance, |
133 and return corresponding a :class:`~cubicweb.dbapi.Connection` instance, |
138 as well as login and authentication information dictionary used to open |
134 as well as login used to open the connection. |
139 the connection. |
|
140 |
135 |
141 raise :exc:`cubicweb.AuthenticationError` if authentication failed |
136 raise :exc:`cubicweb.AuthenticationError` if authentication failed |
142 (no authentication info found or wrong user/password) |
137 (no authentication info found or wrong user/password) |
143 """ |
138 """ |
144 for retriever in self.authinforetrievers: |
139 for retriever in self.authinforetrievers: |
150 cnx = self._authenticate(login, authinfo) |
145 cnx = self._authenticate(login, authinfo) |
151 except AuthenticationError: |
146 except AuthenticationError: |
152 continue # the next one may succeed |
147 continue # the next one may succeed |
153 for retriever_ in self.authinforetrievers: |
148 for retriever_ in self.authinforetrievers: |
154 retriever_.authenticated(retriever, req, cnx, login, authinfo) |
149 retriever_.authenticated(retriever, req, cnx, login, authinfo) |
155 return cnx, login, authinfo |
150 return cnx, login |
156 |
|
157 # false if no authentication info found, eg this is not an |
151 # false if no authentication info found, eg this is not an |
158 # authentication failure |
152 # authentication failure |
159 if 'login' in locals(): |
153 if 'login' in locals(): |
160 req.set_message(req._('authentication failure')) |
154 req.set_message(req._('authentication failure')) |
161 login, authinfo = self.anoninfo |
155 login, authinfo = self.anoninfo |
162 if login: |
156 if login: |
163 cnx = self._authenticate(login, authinfo) |
157 cnx = self._authenticate(login, authinfo) |
164 cnx.anonymous_connection = True |
158 cnx.anonymous_connection = True |
165 return cnx, login, authinfo |
159 return cnx, login |
166 raise AuthenticationError() |
160 raise AuthenticationError() |
167 |
161 |
168 def _authenticate(self, login, authinfo): |
162 def _authenticate(self, login, authinfo): |
169 cnxprops = ConnectionProperties(self.vreg.config.repo_method, |
163 cnxprops = ConnectionProperties(self.vreg.config.repo_method, |
170 close=False, log=self.log_queries) |
164 close=False, log=self.log_queries) |