def authenticate(self, id): """ id is MaKaC.user.LoginInfo instance, self.user is Avatar """ log = Logger.get('auth.ldap') log.info("authenticate(%s)" % id.getLogin()) data = AuthenticatorMgr.getInstance().getById(self.getAuthenticatorTag()).checkLoginPassword(id.getLogin(), id.getPassword()) if not data or self.getLogin() != id.getLogin(): return None # modify Avatar with the up-to-date info from LDAP av = self.user av.clearAuthenticatorPersonalData() udata = LDAPTools.extractUserDataFromLdapData(data) mail = udata.get('email', '').strip() if mail != '' and mail != av.getEmail(): av.setEmail(mail, reindex=True) av.setAuthenticatorPersonalData('firstName', udata.get('name')) av.setAuthenticatorPersonalData('surName', udata.get('surName')) av.setAuthenticatorPersonalData('affiliation', udata.get('organisation')) av.setAuthenticatorPersonalData('address', udata.get('address')) av.setAuthenticatorPersonalData('phone', udata.get('phone')) av.setAuthenticatorPersonalData('fax', udata.get('fax')) return self.user
def _process(self): if self._params.get("Cancel") is not None: self._redirect(urlHandlers.UHUserDetails.getURL(self._avatar)) return msg = "" if self._ok: ok = True authManager = AuthenticatorMgr.getInstance() #first, check if login is free if not authManager.isLoginAvailable(self._login): msg += "Sorry, the login you requested is already in use. Please choose another one.<br>" ok = False if not self._pwd: msg += "you must enter a password<br>" ok = False #then, check if password is OK if self._pwd != self._pwdBis: msg += "You must enter the same password twice<br>" ok = False if ok: #create the indentity li = user.LoginInfo( self._login, self._pwd ) id = authManager.createIdentity( li, self._avatar, self._system ) authManager.add( id ) self._redirect( urlHandlers.UHUserDetails.getURL( self._avatar ) ) return self._params["msg"] = msg p = adminPages.WPIdentityCreation( self, self._avatar, self._params ) return p.display()
def _process( self ): authManager = AuthenticatorMgr.getInstance() for i in self._identityList: identity = authManager.getIdentityById(i) if len(identity.getUser().getIdentityList()) > 1: authManager.removeIdentity(identity) self._avatar.removeIdentity(identity) self._redirect( urlHandlers.UHUserDetails.getURL( self._avatar ) )
def containsUser(self, avatar): # used when checking acces to private events restricted for certain groups if not avatar: return False login = None for aid in avatar.getIdentityList(): if aid.getAuthenticatorTag() == 'LDAP': login = aid.getLogin() if not login: return False return AuthenticatorMgr.getInstance().getById('LDAP').isUserInGroup((login, self.getName()))
def getMemberList(self): uidList = AuthenticatorMgr.getInstance().getById('LDAP').getGroupMemberList(self.getName()) avatarLists = [] for uid in uidList: # First, try locally (fast) lst = PrincipalHolder().match(uid , exact=1, searchInAuthenticators=False) print "Result", lst if not lst: # If not found, try external lst = PrincipalHolder().match(uid, exact=1) avatarLists.append(lst) return [avList[0] for avList in avatarLists if avList]
def createUser(name, email, org, password): #has problem that if no email exists and 2 users with same name will clash #perhaps change getUser() to check for same name if no email exist. #problem being that more than one person can have same name. Email unique. dummy = user.Avatar() #sets the user properties if name == '':#if there is no username makes the email address appear in it's place dummy.setName(email) else: dummy.setName(name) dummy.setEmail(email) dummy.setOrganisation(org) ah.add(dummy) avatar = ah.getById(dummy.id) if email != '':#creates the identity and sets the password for chairs etc. id = user.LocalIdentity(name, password, avatar) else:#user with no email address - identity not created return avatar try: AuthenticatorMgr.getInstance().add(id) except (UserError): pass avatar.activateAccount() return avatar
def _process(self): authenticator = session.pop('Authenticator', None) if authenticator is not None: authManager = AuthenticatorMgr.getInstance() if not authManager.isSSOLoginActive(): raise MaKaCError(_("SSO Login is not active.")) av = authManager.SSOLogin(self, authenticator) if not av: raise MaKaCError(_("You could not login through SSO.")) self._setSessionVars(av) self._redirect(self._url) elif self._authId: session['Authenticator'] = self._authId if self._returnURL: session['loginReturnURL'] = self._returnURL self._redirect(str(urlHandlers.UHSignInSSO.getURL(authId=self._authId))) else: raise MaKaCError(_("You did not pass the authenticator"))
def _process( self ): authManager = AuthenticatorMgr.getInstance() #first, check if login is free if not authManager.isLoginAvailable(self._login): self._redirect(self._fromURL + "&msg=Login not avaible") return #then, check if password is OK if self._pwd != self._pwdBis: self._redirect(self._fromURL + "&msg=You must enter the same password twice") return #create the indentity li = user.LoginInfo( self._login, self._pwd ) id = authManager.createIdentity( li, self._avatar, self._system ) authManager.add( id ) #commit and if OK, send activation mail DBMgr.getInstance().commit() scr = mail.sendConfirmationRequest(self._avatar) scr.send() self._redirect( urlHandlers.UHUserDetails.getURL( self._avatar ) ) #to set to the returnURL
def _process( self ): li = LoginInfo( self._login, self._password ) av = AuthenticatorMgr.getInstance().getAvatar(li) value = "OK" message = "" if not av: value = "ERROR" message = "Login failed" elif not av.isActivated(): if av.isDisabled(): value = "ERROR" message = "Acount is disabled" else: value = "ERROR" message = "Acount is not activated" else: value = "OK" message = "Login succesful" session.user = av return self._createResponse(value, message)
def _makeLoginProcess( self ): #Check for automatic login authManager = AuthenticatorMgr.getInstance() if (authManager.isSSOLoginActive() and len(authManager.getList()) == 1 and not Config.getInstance().getDisplayLoginPage()): self._redirect(urlHandlers.UHSignInSSO.getURL(authId=authManager.getDefaultAuthenticator().getId())) return if not self._signIn: return self._signInPage.display( returnURL = self._returnURL ) else: li = LoginInfo( self._login, self._password ) av = authManager.getAvatar(li) if not av: return self._signInPageFailed.display( returnURL = self._returnURL ) elif not av.isActivated(): if av.isDisabled(): self._redirect(self._disabledAccountURL(av)) else: self._redirect(self._unactivatedAccountURL(av)) return _("your account is not activate\nPlease active it and retry") else: self._setSessionVars(av) self._addExtraParamsToURL() self._redirect(self._url)
from MaKaC.authentication import AuthenticatorMgr from MaKaC.authentication.LocalAuthentication import LocalIdentity print('This script will remove all local identities from users.') print('This will remove passwords from the database and prevent them from') print('logging in locally (so you need e.g. LDAP authentication)') print if raw_input('Do you want to continue? [yes|NO]: ').lower() != 'yes': print 'Cancelled.' sys.exit(0) i = 0 dbi = DBMgr.getInstance() dbi.startRequest() ah = AvatarHolder() am = AuthenticatorMgr.getInstance() for aid, avatar in ah._getIdx().iteritems(): for identity in avatar.getIdentityList(): if isinstance(identity, LocalIdentity): print('Removing LocalIdentity(%s, %s) from %s' % (identity.getLogin(), len(identity.password) * '*', avatar.getFullName())) am.removeIdentity(identity) avatar.removeIdentity(identity) if i % 100 == 99: dbi.commit() i += 1 DBMgr.getInstance().endRequest()
def _process( self ): save = False authManager = AuthenticatorMgr.getInstance() minfo = info.HelperMaKaCInfo.getMaKaCInfoInstance() self._params["msg"] = "" if self._save: save = True #check submited data if not self._params.get("name",""): self._params["msg"] += _("You must enter a name.")+"<br>" save = False if not self._params.get("surName",""): self._params["msg"] += _("You must enter a surname.")+"<br>" save = False if not self._params.get("organisation",""): self._params["msg"] += _("You must enter the name of your organisation.")+"<br>" save = False if not self._params.get("email",""): self._params["msg"] += _("You must enter an email address.")+"<br>" save = False if not self._params.get("login",""): self._params["msg"] += _("You must enter a login.")+"<br>" save = False if not self._params.get("password",""): self._params["msg"] += _("You must define a password.")+"<br>" save = False if self._params.get("password","") != self._params.get("passwordBis",""): self._params["msg"] += _("You must enter the same password twice.")+"<br>" save = False if not authManager.isLoginAvailable(self._params.get("login", "")): self._params["msg"] += _("Sorry, the login you requested is already in use. Please choose another one.")+"<br>" save = False if not self._validMail(self._params.get("email","")): self._params["msg"]+= _("You must enter a valid email address") save = False if save: #Data are OK, Now check if there is an existing user or create a new one ah = user.AvatarHolder() res = ah.match({"email": self._params["email"]}, exact=1, searchInAuthenticators=False) if res: #we find a user with the same email a = res[0] #check if the user have an identity: if a.getIdentityList(): self._redirect( urlHandlers.UHUserExistWithIdentity.getURL(a)) return else: #create the identity to the user and send the comfirmatio email _UserUtils.setUserData( a, self._params ) li = user.LoginInfo( self._params["login"], self._params["password"] ) id = authManager.createIdentity( li, a, "Local" ) authManager.add( id ) DBMgr.getInstance().commit() if minfo.getModerateAccountCreation(): mail.sendAccountCreationModeration(a).send() else: mail.sendConfirmationRequest(a).send() if minfo.getNotifyAccountCreation(): mail.sendAccountCreationNotification(a).send() else: a = user.Avatar() _UserUtils.setUserData( a, self._params ) ah.add(a) li = user.LoginInfo( self._params["login"], self._params["password"] ) id = authManager.createIdentity( li, a, "Local" ) authManager.add( id ) DBMgr.getInstance().commit() if minfo.getModerateAccountCreation(): mail.sendAccountCreationModeration(a).send() else: mail.sendConfirmationRequest(a).send() if minfo.getNotifyAccountCreation(): mail.sendAccountCreationNotification(a).send() self._redirect(urlHandlers.UHUserCreated.getURL( a )) else: cp=None if self._params.has_key("cpEmail"): ph=pendingQueues.PendingQueuesHolder() cp=ph.getFirstPending(self._params["cpEmail"]) if self._aw.getUser() and self._aw.getUser() in minfo.getAdminList().getList(): p = adminPages.WPUserCreation( self, self._params, cp ) else: p = adminPages.WPUserCreationNonAdmin( self, self._params, cp ) return p.display()
def _process(self): if self._getUser(): self._returnURL = AuthenticatorMgr.getInstance().getLogoutCallbackURL(self) or self._returnURL self._setUser(None) session.clear() self._redirect(self._returnURL)