Integration pyramid and cubicweb authentication.
We use pyramid sessions to store the cubicweb sessionid so we can reuse it when needed,
or regenerate it if it was lost.
The cubicweb sessionid is obtained from a login in the repo OR directly from
the user identified by pyramid.
Related to #4291173
"""
Special authentifiers.
:license: GNU Lesser General Public License, v2.1 - http://www.gnu.org/licenses
"""
__docformat__ = "restructuredtext en"
from cubicweb import AuthenticationError
from cubicweb.server.sources import native
class Token(object):
pass
EXT_TOKEN = Token()
class DirectAuthentifier(native.BaseAuthentifier):
"""return CWUser eid for the given login.
Before doing so, it makes sure the authentication request comes from
xxx by checking the special '__externalauth_directauth' kwarg.
"""
auth_rql = (
'Any U WHERE U is CWUser, '
'U eid %(eid)s'
)
def authenticate(self, session, login, **kwargs):
"""Return the CWUser eid for the given login.
Make sure the request comes from inside pyramid by
checking the special '__pyramid_directauth' kwarg.
"""
session.debug('authentication by %s', self.__class__.__name__)
directauth = kwargs.get('__pyramid_directauth', None)
try:
if directauth == EXT_TOKEN:
rset = session.execute(self.auth_rql, {'eid': int(login)})
if rset:
session.debug('Successfully identified %s', login)
return rset[0][0]
except Exception, exc:
session.debug('authentication failure (%s)', exc)
raise AuthenticationError('user is not registered')