"""
Special authentifiers.
:license: GNU Lesser General Public License, v2.1 - http://www.gnu.org/licenses
"""
__docformat__ = "restructuredtext en"
from cubicweb import AuthenticationError
from cubicweb.server.sources import native
class Token(object):
pass
EXT_TOKEN = Token()
class DirectAuthentifier(native.BaseAuthentifier):
"""return CWUser eid for the given login.
Before doing so, it makes sure the authentication request comes from
xxx by checking the special '__externalauth_directauth' kwarg.
"""
auth_rql = (
'Any U WHERE U is CWUser, '
'U eid %(eid)s'
)
def authenticate(self, session, login, **kwargs):
"""Return the CWUser eid for the given login.
Make sure the request comes from inside pyramid by
checking the special '__pyramid_directauth' kwarg.
"""
session.debug('authentication by %s', self.__class__.__name__)
directauth = kwargs.get('__pyramid_directauth', None)
try:
if directauth == EXT_TOKEN:
rset = session.execute(self.auth_rql, {'eid': int(login)})
if rset:
session.debug('Successfully identified %s', login)
return rset[0][0]
except Exception, exc:
session.debug('authentication failure (%s)', exc)
raise AuthenticationError('user is not registered')