def SessionPlugin_validateTicket(self, ticket, now=None):
if now is None:
now = time()
if self._shared_secret is not None:
ticket_data = tktauth.validateTicket(self._shared_secret,
ticket,
timeout=self.timeout,
now=now,
mod_auth_tkt=self.mod_auth_tkt)
else:
ticket_data = None
parent = aq_parent(aq_parent(self))
is_root = ICastleApplication.providedBy(parent)
if is_root:
manager = getGlobalSiteManager().queryUtility(IKeyManager)
else:
manager = queryUtility(IKeyManager)
if manager is None:
return None
for secret in manager[u"_system"]:
if secret is None:
continue
ticket_data = tktauth.validateTicket(
secret,
ticket,
timeout=self.timeout,
now=now,
mod_auth_tkt=self.mod_auth_tkt)
if ticket_data is not None:
break
return ticket_data
def get_acl_users(self):
"""
get list of acl_user objects,
first, site, then root
"""
objects = [self.get_tool('acl_users')]
if not self.is_zope_root:
context = aq_parent(self.context)
while context and not ICastleApplication.providedBy(context):
context = aq_parent(context)
acl = getattr(context, 'acl_users', None)
if acl:
objects.append(acl)
return objects
def SessionPlugin_validateTicket(self, ticket, now=None):
if now is None:
now = time()
if self._shared_secret is not None:
ticket_data = tktauth.validateTicket(
self._shared_secret,
ticket,
timeout=self.timeout,
now=now,
mod_auth_tkt=self.mod_auth_tkt
)
else:
ticket_data = None
parent = aq_parent(aq_parent(self))
is_root = ICastleApplication.providedBy(parent)
if is_root:
manager = getGlobalSiteManager().queryUtility(IKeyManager)
else:
manager = queryUtility(IKeyManager)
if manager is None:
return None
try:
for secret in manager[u"_system"]:
if secret is None:
continue
ticket_data = tktauth.validateTicket(
secret,
ticket,
timeout=self.timeout,
now=now,
mod_auth_tkt=self.mod_auth_tkt
)
if ticket_data is not None:
break
except ConnectionStateError:
logger.warning(
'Connection state error, swallowing', exc_info=True)
return ticket_data
def is_zope_root(self):
return ICastleApplication.providedBy(self.context)