Ejemplo n.º 1
0
    def _authenticateCredentials( self, credentialslist, plugins ):
        """Utility method to try to authenticate a list of credentials.
        """
        results = []

        try:
            authenticators = plugins.listPlugins( IAuthenticationPlugin )
        except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
            logger.debug('Authenticator plugin listing error', exc_info=True)
            authenticators = ()

        for credentials in credentialslist:
            user_id, login_name = self._tryEmergencyUserAuthentication(
                                                        credentials )
            if user_id is not None:
                return [ (user_id, login_name) ]

            view_name = createViewName('_authenticateCredentials', credentials.get('login'))
            keywords = createKeywords(**credentials)
            user_ids = self.ZCacheable_get( view_name=view_name
                                          , keywords=keywords
                                          , default=None
                                          )
            if user_ids is not None:
                return user_ids

            user_ids = [ ]

            for authenticator_id, auth in authenticators:
                try:
                    uid_and_info = auth.authenticateCredentials(
                        credentials )
                except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
                    msg = 'AuthenticationPlugin %s error' % ( 
                            authenticator_id, )
                    logger.debug(msg, exc_info=True) 
                    continue
                else:
                    if uid_and_info is None:
                        continue

                    user_id, info = uid_and_info

                    if user_id is not None:
                        user_ids.append( (user_id, info) )

            if user_ids:
                self.ZCacheable_set( user_ids
                                   , view_name=view_name
                                   , keywords=keywords
                                   )
            results.extend( user_ids )

        return results
Ejemplo n.º 2
0
    def _authenticateCredentials(self, credentialslist, plugins):
        """Utility method to try to authenticate a list of credentials.
        """
        results = []

        try:
            authenticators = plugins.listPlugins(IAuthenticationPlugin)
        except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
            logger.debug('Authenticator plugin listing error', exc_info=True)
            authenticators = ()

        for credentials in credentialslist:
            user_id, login_name = self._tryEmergencyUserAuthentication(
                credentials)
            if user_id is not None:
                return [(user_id, login_name)]

            view_name = createViewName('_authenticateCredentials',
                                       credentials.get('login'))
            keywords = createKeywords(**credentials)
            user_ids = self.ZCacheable_get(view_name=view_name,
                                           keywords=keywords,
                                           default=None)
            if user_ids is not None:
                return user_ids

            user_ids = []

            for authenticator_id, auth in authenticators:
                try:
                    uid_and_info = auth.authenticateCredentials(credentials)
                except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
                    msg = 'AuthenticationPlugin %s error' % (
                        authenticator_id, )
                    logger.debug(msg, exc_info=True)
                    continue
                else:
                    if uid_and_info is None:
                        continue

                    user_id, info = uid_and_info

                    if user_id is not None:
                        user_ids.append((user_id, info))

            if user_ids:
                self.ZCacheable_set(user_ids,
                                    view_name=view_name,
                                    keywords=keywords)
            results.extend(user_ids)

        return results
Ejemplo n.º 3
0
    def _findUser( self, plugins, user_id, name=None, request=None ):

        """ user_id -> decorated_user
        """
        if user_id == self._emergency_user.getUserName():
            return self._emergency_user

        # See if the user can be retrieved from the cache
        view_name = createViewName('_findUser', user_id)
        keywords = createKeywords(user_id=user_id, name=name)
        user = self.ZCacheable_get( view_name=view_name
                                  , keywords=keywords
                                  , default=None
                                  )

        if user is None:

            user = self._createUser( plugins, user_id, name )
            if IPropertiedUser.providedBy( user ):
                propfinders = plugins.listPlugins( IPropertiesPlugin )

                for propfinder_id, propfinder in propfinders:

                    data = propfinder.getPropertiesForUser( user, request )
                    if data:
                        user.addPropertysheet( propfinder_id, data )

            groups = self._getGroupsForPrincipal( user, request
                                                , plugins=plugins )
            user._addGroups( groups )

            rolemakers = plugins.listPlugins( IRolesPlugin )

            for rolemaker_id, rolemaker in rolemakers:

                roles = rolemaker.getRolesForPrincipal( user, request )

                if roles:
                    user._addRoles( roles )

            user._addRoles( ['Authenticated'] )

            # Cache the user if caching is enabled
            base_user = aq_base(user)
            if getattr(base_user, '_p_jar', None) is None:
                self.ZCacheable_set( base_user
                                   , view_name=view_name
                                   , keywords=keywords
                                   )

        return user.__of__( self )
Ejemplo n.º 4
0
    def _findUser( self, plugins, user_id, name=None, request=None ):

        """ user_id -> decorated_user
        """
        if user_id == self._emergency_user.getUserName():
            return self._emergency_user

        # See if the user can be retrieved from the cache
        view_name = createViewName('_findUser', user_id)
        keywords = createKeywords(user_id=user_id, name=name)
        user = self.ZCacheable_get( view_name=view_name
                                  , keywords=keywords
                                  , default=None
                                  )

        if user is None:

            user = self._createUser( plugins, user_id, name )
            propfinders = plugins.listPlugins( IPropertiesPlugin )

            for propfinder_id, propfinder in propfinders:

                data = propfinder.getPropertiesForUser( user, request )
                if data:
                    user.addPropertysheet( propfinder_id, data )

            groups = self._getGroupsForPrincipal( user, request
                                                , plugins=plugins )
            user._addGroups( groups )

            rolemakers = plugins.listPlugins( IRolesPlugin )

            for rolemaker_id, rolemaker in rolemakers:

                roles = rolemaker.getRolesForPrincipal( user, request )

                if roles:
                    user._addRoles( roles )

            user._addRoles( ['Authenticated'] )

            # Cache the user if caching is enabled
            base_user = aq_base(user)
            if getattr(base_user, '_p_jar', None) is None:
                self.ZCacheable_set( base_user
                                   , view_name=view_name
                                   , keywords=keywords
                                   )

        return user.__of__( self )
Ejemplo n.º 5
0
    def _verifyUser(self, plugins, user_id=None, login=None):
        """ user_id -> info_dict or None
        """
        if user_id is None and login is None:
            # Avoid possible hugely expensive and/or wrong behavior of
            # plugin enumerators.
            return None

        # Masquerading: Lookup role_user
        auth_user_login, role_user_login = splitmasq(login)
        if role_user_login is not None:
            login = role_user_login

        criteria = {'exact_match': True}

        if user_id is not None:
            criteria['id'] = user_id

        if login is not None:
            criteria['login'] = login

        view_name = createViewName('_verifyUser', user_id or login)
        keywords = createKeywords(**criteria)
        cached_info = self.ZCacheable_get(view_name=view_name,
                                          keywords=keywords,
                                          default=None)

        if cached_info is not None:
            return cached_info

        enumerators = plugins.listPlugins(IUserEnumerationPlugin)

        for enumerator_id, enumerator in enumerators:
            try:
                info = enumerator.enumerateUsers(**criteria)

                if info:
                    # Put the computed value into the cache
                    self.ZCacheable_set(info[0],
                                        view_name=view_name,
                                        keywords=keywords)
                    return info[0]

            except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
                msg = 'UserEnumerationPlugin %s error' % enumerator_id
                logger.debug(msg, exc_info=True)

        return None
Ejemplo n.º 6
0
    def _verifyUser( self, plugins, user_id=None, login=None ):
        """ user_id -> info_dict or None
        """
        if user_id is None and login is None:
            # Avoid possible hugely expensive and/or wrong behavior of
            # plugin enumerators.
            return None

        criteria = {'exact_match': True}

        if user_id is not None:
            criteria[ 'id' ] = user_id

        if login is not None:
            criteria[ 'login' ] = login

        view_name = createViewName('_verifyUser', user_id or login)
        keywords = createKeywords(**criteria)
        cached_info = self.ZCacheable_get( view_name=view_name
                                            , keywords=keywords
                                            , default=None
                                            )

        if cached_info is not None:
            return cached_info


        enumerators = plugins.listPlugins( IUserEnumerationPlugin )

        for enumerator_id, enumerator in enumerators:
            try:
                info = enumerator.enumerateUsers( **criteria )

                if info:
                    # Put the computed value into the cache
                    self.ZCacheable_set( info[0]
                                        , view_name=view_name
                                        , keywords=keywords
                                        )
                    return info[0]

            except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
                msg = 'UserEnumerationPlugin %s error' % enumerator_id
                logger.debug(msg, exc_info=True)

        return None
Ejemplo n.º 7
0
    def _verifyUser( self, plugins, user_id=None, login=None ):

        """ user_id -> info_dict or None
        """
        criteria = {}

        if user_id is not None:
            criteria[ 'id' ] = user_id
            criteria[ 'exact_match' ] = True

        if login is not None:
            criteria[ 'login' ] = login

        if criteria:
            view_name = createViewName('_verifyUser', user_id or login)
            keywords = createKeywords(**criteria)
            cached_info = self.ZCacheable_get( view_name=view_name
                                             , keywords=keywords
                                             , default=None
                                             )

            if cached_info is not None:
                return cached_info


            enumerators = plugins.listPlugins( IUserEnumerationPlugin )

            for enumerator_id, enumerator in enumerators:
                try:
                    info = enumerator.enumerateUsers( **criteria )

                    if info:
                        # Put the computed value into the cache
                        self.ZCacheable_set( info[0]
                                           , view_name=view_name
                                           , keywords=keywords
                                           )
                        return info[0]

                except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
                    msg = 'UserEnumerationPlugin %s error' % enumerator_id
                    logger.debug(msg, exc_info=True)

        return None
Ejemplo n.º 8
0
    def _extractUserIds( self, request, plugins ):

        """ request -> [ validated_user_id ]

        o For each set of extracted credentials, try to authenticate
          a user;  accumulate a list of the IDs of such users over all
          our authentication and extraction plugins.
        """
        try:
            extractors = plugins.listPlugins( IExtractionPlugin )
        except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
            logger.debug('Extractor plugin listing error', exc_info=True)
            extractors = ()

        if not extractors:
            extractors = ( ( 'default', DumbHTTPExtractor() ), )

        try:
            authenticators = plugins.listPlugins( IAuthenticationPlugin )
        except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
            logger.debug('Authenticator plugin listing error', exc_info=True)
            authenticators = ()

        result = []

        for extractor_id, extractor in extractors:

            try:
                credentials = extractor.extractCredentials( request )
            except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
                logger.debug( 'ExtractionPlugin %s error' % extractor_id
                            , exc_info=True
                            )
                continue

            if credentials:

                try:
                    credentials[ 'extractor' ] = extractor_id # XXX: in key?
                    # Test if ObjectCacheEntries.aggregateIndex would work
                    items = credentials.items()
                    items.sort()
                except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
                    logger.debug( 'Credentials error: %s' % credentials
                                , exc_info=True
                                )
                    continue

                # First try to authenticate against the emergency
                # user and return immediately if authenticated
                user_id, name = self._tryEmergencyUserAuthentication(
                                                            credentials )

                if user_id is not None:
                    return [ ( user_id, name ) ]

                # Now see if the user ids can be retrieved from the cache
                view_name = createViewName('_extractUserIds', credentials.get('login'))
                keywords = createKeywords(**credentials)
                user_ids = self.ZCacheable_get( view_name=view_name
                                              , keywords=keywords
                                              , default=None
                                              )
                if user_ids is None:
                    user_ids = []

                    for authenticator_id, auth in authenticators:

                        try:
                            uid_and_info = auth.authenticateCredentials(
                                credentials )

                            if uid_and_info is None:
                                continue

                            user_id, info = uid_and_info

                        except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
                            msg = 'AuthenticationPlugin %s error' % ( 
                                    authenticator_id, )
                            logger.debug(msg, exc_info=True) 
                            continue

                        if user_id is not None:
                            user_ids.append( (user_id, info) )

                    if user_ids:
                        self.ZCacheable_set( user_ids
                                           , view_name=view_name
                                           , keywords=keywords
                                           )

                result.extend( user_ids )

        # Emergency user via HTTP basic auth always wins
        user_id, name = self._tryEmergencyUserAuthentication(
                DumbHTTPExtractor().extractCredentials( request ) )

        if user_id is not None:
            return [ ( user_id, name ) ]

        return result
Ejemplo n.º 9
0
    def _extractUserIds(self, request, plugins):
        """ request -> [ validated_user_id ]

        o For each set of extracted credentials, try to authenticate
          a user;  accumulate a list of the IDs of such users over all
          our authentication and extraction plugins.
        """
        try:
            extractors = plugins.listPlugins(IExtractionPlugin)
        except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
            logger.debug('Extractor plugin listing error', exc_info=True)
            extractors = ()

        if not extractors:
            extractors = (('default', DumbHTTPExtractor()), )

        try:
            authenticators = plugins.listPlugins(IAuthenticationPlugin)
        except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
            logger.debug('Authenticator plugin listing error', exc_info=True)
            authenticators = ()

        result = []

        for extractor_id, extractor in extractors:

            try:
                credentials = extractor.extractCredentials(request)
            except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
                logger.debug('ExtractionPlugin %s error' % extractor_id,
                             exc_info=True)
                continue

            if credentials:

                try:
                    credentials['extractor'] = extractor_id  # XXX: in key?
                    # Test if ObjectCacheEntries.aggregateIndex would work
                    items = credentials.items()
                    items.sort()
                except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
                    logger.debug('Credentials error: %s' % credentials,
                                 exc_info=True)
                    continue

                # First try to authenticate against the emergency
                # user and return immediately if authenticated
                user_id, name = self._tryEmergencyUserAuthentication(
                    credentials)

                if user_id is not None:
                    return [(user_id, name)]

                # Now see if the user ids can be retrieved from the cache
                view_name = createViewName('_extractUserIds',
                                           credentials.get('login'))
                keywords = createKeywords(**credentials)
                user_ids = self.ZCacheable_get(view_name=view_name,
                                               keywords=keywords,
                                               default=None)
                if user_ids is None:
                    user_ids = []

                    for authenticator_id, auth in authenticators:

                        try:
                            uid_and_info = auth.authenticateCredentials(
                                credentials)

                            if uid_and_info is None:
                                continue

                            user_id, info = uid_and_info

                        except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
                            msg = 'AuthenticationPlugin %s error' % (
                                authenticator_id, )
                            logger.debug(msg, exc_info=True)
                            continue

                        if user_id is not None:
                            user_ids.append((user_id, info))

                    if user_ids:
                        self.ZCacheable_set(user_ids,
                                            view_name=view_name,
                                            keywords=keywords)

                result.extend(user_ids)

        # Emergency user via HTTP basic auth always wins
        user_id, name = self._tryEmergencyUserAuthentication(
            DumbHTTPExtractor().extractCredentials(request))

        if user_id is not None:
            return [(user_id, name)]

        return result