Example #1
0
    def remember(self, environ, identity):
        log.debug("cookieAuth remember")
        
        if self.include_ip:
            remote_addr = environ.get('REMOTE_ADDR', '0.0.0.0')
        else:
            remote_addr = '0.0.0.0'

        cookies = get_cookies(environ)
        old_cookie = cookies.get(self.cookie_name)
        existing = cookies.get(self.cookie_name)
        old_cookie_value = getattr(existing, 'value', None)
        max_age = identity.get('max_age', None)

        timestamp, userid, tokens, userdata = None, '', '', ''

        if old_cookie_value:
            try:
                timestamp,userid,tokens,userdata = auth_tkt.parse_ticket(
                    self.secret, old_cookie_value, remote_addr)
            except auth_tkt.BadTicket:
                pass

        who_userid = identity['midgard.user.guid'] + "|" + identity.get('login')
        who_tokens = identity.get('tokens', '')
        who_userdata = identity.get('userdata', '')

        encoding_data = self.userid_type_encoders.get(type(who_userid))
        if encoding_data:
            encoding, encoder = encoding_data
            who_userid = encoder(who_userid)
            who_userdata = 'userid_type:%s' % encoding
        
        if not isinstance(tokens, basestring):
            tokens = ','.join(tokens)
        if not isinstance(who_tokens, basestring):
            who_tokens = ','.join(who_tokens)
        old_data = (userid, tokens, userdata)
        new_data = (who_userid, who_tokens, who_userdata)

        if old_data != new_data or (self.reissue_time and
                ( (timestamp + self.reissue_time) < time.time() )):
            ticket = auth_tkt.AuthTicket(
                self.secret,
                who_userid,
                remote_addr,
                tokens=who_tokens,
                user_data=who_userdata,
                cookie_name=self.cookie_name,
                secure=self.secure)
            new_cookie_value = ticket.cookie_value()
            
            cur_domain = environ.get('HTTP_HOST', environ.get('SERVER_NAME'))
            wild_domain = '.' + cur_domain
            if old_cookie_value != new_cookie_value:
                if "auth_remember_allow" in environ and environ["auth_remember_allow"] == False:
                    return None
                
                # return a set of Set-Cookie headers
                return self._get_cookies(environ, new_cookie_value, max_age)
Example #2
0
 def authenticate(self, connection):
     """
     Authenticate a connection. Return a username or None
     if not authenticated.
     """
     
     remote_addr = '0.0.0.0'
     cookie = connection.receive()
     if cookie is None:
         return None
     
     try:
         timestamp, userid, tokens, user_data = auth_tkt.parse_ticket(
             self.secret, str(cookie), remote_addr)
     except auth_tkt.BadTicket:
         return None
     
     if self.timeout and ((timestamp + self.timeout) < time.time()):
         return None
     
     userid_typename = 'userid_type:'
     user_data_info = user_data.split('|')
     for datum in filter(None, user_data_info):
         if datum.startswith(userid_typename):
             userid_type = datum[len(userid_typename):]
             decoder = self.userid_type_decoders.get(userid_type)
             if decoder:
                 userid = decoder(userid)
         
     return userid
Example #3
0
    def identify(self, environ):
        if environ.has_key('rwpc.logout'):
            return

        uri = environ.get('REQUEST_URI', construct_url(environ))
        query = parse_dict_querystring(environ)

        cookies = get_cookies(environ) 
        cookie = cookies.get('auth_tkt') 


        if cookie is None or not cookie.value: 
            return None 
 
        remote_addr = '0.0.0.0' 

        identity = {}
         
        try: 
            timestamp, userid, tokens, user_data = auth_tkt.parse_ticket( 
                self.ticket_secret, cookie.value, remote_addr) 
        except auth_tkt.BadTicket as e: 
            return None 
        #userObj = model.Session.query(model.User).filter_by(id=userid).first()
        #if userObj is None:
        #    return None
        #identity['login'] = userObj.name
        identity['login'] = userid
        return identity
Example #4
0
    def remember(self, environ, identity):
        '''
        Remember the user.
        '''
        if self.include_ip:
            remote_addr = environ['REMOTE_ADDR']
        else:
            remote_addr = '0.0.0.0'

        cookies = get_cookies(environ)
        #old_cookie = cookies.get(self.cookie_name)
        existing = cookies.get(self.cookie_name)
        old_cookie_value = getattr(existing, 'value', None)
        max_age = identity.get('max_age', None)

        timestamp, userid, tokens, userdata = None, '', '', ''

        if old_cookie_value:
            try:
                timestamp, userid, tokens, userdata = auth_tkt.parse_ticket(
                    self.secret, old_cookie_value, remote_addr)
            except auth_tkt.BadTicket:
                pass

        who_userid = identity['repoze.who.userid']
        who_tokens = identity.get('tokens', '')
        who_userdata = identity.get('userdata', '')

        encoding_data = self.userid_type_encoders.get(type(who_userid))
        if encoding_data:
            encoding, encoder = encoding_data
            who_userid = encoder(who_userid)
            who_userdata = 'userid_type:%s' % encoding

        if not isinstance(tokens, basestring):
            tokens = ','.join(tokens)
        if not isinstance(who_tokens, basestring):
            who_tokens = ','.join(who_tokens)
        old_data = (userid, tokens, userdata)
        new_data = (who_userid, who_tokens, who_userdata)

        if old_data != new_data or (self.reissue_time and (
            (timestamp + self.reissue_time) < time.time())):
            ticket = auth_tkt.AuthTicket(self.secret,
                                         who_userid,
                                         remote_addr,
                                         tokens=who_tokens,
                                         user_data=who_userdata,
                                         cookie_name=self.cookie_name,
                                         secure=self.secure)
            new_cookie_value = ticket.cookie_value()

            #cur_domain = environ.get('HTTP_HOST', environ.get('SERVER_NAME'))
            #wild_domain = '.' + cur_domain
            if old_cookie_value != new_cookie_value:
                # return a set of Set-Cookie headers
                return self._get_cookies(environ, new_cookie_value, max_age)
Example #5
0
    def identify(self, environ):
        '''
        Identify the user
        '''
        remotes = environ['REMOTE_ADDR'].split(', ')
        environ['REMOTE_ADDR'] = remotes[0]
        environ['auth'] = False
        cookies = get_cookies(environ)
        cookie = cookies.get(self.cookie_name)

        if cookie is None or not cookie.value:
            return None

        if self.include_ip:
            remote_addr = environ['REMOTE_ADDR']
        else:
            remote_addr = '0.0.0.0'
        
        try:
            timestamp, userid, tokens, user_data = auth_tkt.parse_ticket(
                self.secret, cookie.value, remote_addr)
        except auth_tkt.BadTicket as e:
            print e
            print "Bad cookie signature. I think the IP change."
            #import os
            #print os.environ['REMOTEHOST']
            return None

        if self.userid_checker and not self.userid_checker(userid):
            return None

        if self.timeout and ( (timestamp + self.timeout) < time.time() ):
            return None

        userid_typename = 'userid_type:'
        user_data_info = user_data.split('|')
        for datum in filter(None, user_data_info):
            if datum.startswith(userid_typename):
                userid_type = datum[len(userid_typename):]
                decoder = self.userid_type_decoders.get(userid_type)
                if decoder:
                    userid = decoder(userid)
            
        environ['REMOTE_USER_TOKENS'] = tokens
        environ['REMOTE_USER_DATA'] = user_data
        environ['AUTH_TYPE'] = 'cookie'

        identity = {}
        identity['timestamp'] = timestamp
        identity['repoze.who.userid'] = userid
        identity['tokens'] = tokens
        identity['userdata'] = user_data
        environ['auth'] = True
        return identity
Example #6
0
    def identify(self, environ):
        '''
        Identify the user
        '''
        remotes = environ['REMOTE_ADDR'].split(', ')
        environ['REMOTE_ADDR'] = remotes[0]
        environ['auth'] = False
        cookies = get_cookies(environ)
        cookie = cookies.get(self.cookie_name)

        if cookie is None or not cookie.value:
            return None

        if self.include_ip:
            remote_addr = environ['REMOTE_ADDR']
        else:
            remote_addr = '0.0.0.0'

        try:
            timestamp, userid, tokens, user_data = auth_tkt.parse_ticket(
                self.secret, cookie.value, remote_addr)
        except auth_tkt.BadTicket as e:
            print e
            print "Bad cookie signature. I think the IP change."
            #import os
            #print os.environ['REMOTEHOST']
            return None

        if self.userid_checker and not self.userid_checker(userid):
            return None

        if self.timeout and ((timestamp + self.timeout) < time.time()):
            return None

        userid_typename = 'userid_type:'
        user_data_info = user_data.split('|')
        for datum in filter(None, user_data_info):
            if datum.startswith(userid_typename):
                userid_type = datum[len(userid_typename):]
                decoder = self.userid_type_decoders.get(userid_type)
                if decoder:
                    userid = decoder(userid)

        environ['REMOTE_USER_TOKENS'] = tokens
        environ['REMOTE_USER_DATA'] = user_data
        environ['AUTH_TYPE'] = 'cookie'

        identity = {}
        identity['timestamp'] = timestamp
        identity['repoze.who.userid'] = userid
        identity['tokens'] = tokens
        identity['userdata'] = user_data
        environ['auth'] = True
        return identity
Example #7
0
    def remember(self, environ, identity):
        if self.include_ip:
            remote_addr = environ['REMOTE_ADDR']
        else:
            remote_addr = '0.0.0.0'

        cookies = get_cookies(environ)
        old_cookie = cookies.get(self.cookie_name)
        existing = cookies.get(self.cookie_name)
        old_cookie_value = getattr(existing, 'value', None)
        max_age = identity.get('max_age', None)

        timestamp, userid, tokens, userdata = None, '', (), ''

        if old_cookie_value:
            try:
                timestamp,userid,tokens,userdata = auth_tkt.parse_ticket(
                    self.secret, old_cookie_value, remote_addr)
            except auth_tkt.BadTicket:
                pass
        tokens = tuple(tokens)

        who_userid = identity['repoze.who.userid']
        who_tokens = tuple(identity.get('tokens', ()))
        who_userdata = identity.get('userdata', '')

        encoding_data = self.userid_type_encoders.get(type(who_userid))
        if encoding_data:
            encoding, encoder = encoding_data
            who_userid = encoder(who_userid)
            who_userdata = 'userid_type:%s' % encoding

        old_data = (userid, tokens, userdata)
        new_data = (who_userid, who_tokens, who_userdata)

        if old_data != new_data or (self.reissue_time and
                ( (timestamp + self.reissue_time) < time.time() )):
            ticket = auth_tkt.AuthTicket(
                self.secret,
                who_userid,
                remote_addr,
                tokens=who_tokens,
                user_data=who_userdata,
                cookie_name=self.cookie_name,
                secure=self.secure)
            new_cookie_value = ticket.cookie_value()

            cur_domain = environ.get('HTTP_HOST', environ.get('SERVER_NAME'))
            wild_domain = cur_domain[cur_domain.find('.'):]
            #wild_domain = '.' + cur_domain
            if old_cookie_value != new_cookie_value:
                # return a set of Set-Cookie headers
                return self._get_cookies(environ, new_cookie_value, max_age)
Example #8
0
 def __init__(self, app=None, request=None, settings={}):
     """initialize the Handler with the calling application and the request
     it has to handle."""
     
     self.app = app
     self.request = request
     self.settings = settings
     self.userid = None
     self.user = None
     if self.request.cookies.has_key("u"):
         at = self.request.cookies['u']
         try:
             self.timestamp, self.userid, self.roles, self.token_attribs = auth_tkt.parse_ticket(self.settings.shared_secret, at, "127.0.0.1")
             self.settings.log.debug("found user %s in cookie" %self.userid)
         except auth_tkt.BadTicket, e:
             self.settings.log.error("BAD token detected: %s " %e)
             pass
Example #9
0
    def identify(self, environ):
        log.debug("cookieAuth identify")
        
        cookies = get_cookies(environ)
        cookie = cookies.get(self.cookie_name)

        if cookie is None or not cookie.value:
            return None

        if self.include_ip:
            remote_addr = environ['REMOTE_ADDR']
        else:
            remote_addr = '0.0.0.0'
        
        try:
            timestamp, userid, tokens, user_data = auth_tkt.parse_ticket(
                self.secret, cookie.value, remote_addr)
        except auth_tkt.BadTicket:
            return None

        if self.timeout and ( (timestamp + self.timeout) < time.time() ):
            return None

        userid_typename = 'userid_type:'
        user_data_info = user_data.split('|')
        for datum in filter(None, user_data_info):
            if datum.startswith(userid_typename):
                userid_type = datum[len(userid_typename):]
                decoder = self.userid_type_decoders.get(userid_type)
                if decoder:
                    userid = decoder(userid)
            
        environ['REMOTE_USER_TOKENS'] = tokens
        environ['REMOTE_USER_DATA'] = user_data
        environ['AUTH_TYPE'] = 'cookie'

        user_guid, login = userid.split("|")
        
        identity = {}
        identity['timestamp'] = timestamp
        identity['midgard.user.guid'] = user_guid
        identity['login'] = login
        identity['tokens'] = tokens
        identity['userdata'] = user_data
        return identity
Example #10
0
    def identify(self, environ):
        cookies = get_cookies(environ)
        cookie = cookies.get(self.cookie_name)

        if cookie is None or not cookie.value:
            return None

        if self.include_ip:
            remote_addr = environ['REMOTE_ADDR']
        else:
            remote_addr = '0.0.0.0'

        try:
            timestamp, userid, tokens, user_data = auth_tkt.parse_ticket(
                self.secret, cookie.value, remote_addr)
        except auth_tkt.BadTicket:
            return None

        if self.timeout and ( (timestamp + self.timeout) < time.time() ):
            return None

        userid_typename = 'userid_type:'
        user_data_info = user_data.split('|')
        for datum in filter(None, user_data_info):
            if datum.startswith(userid_typename):
                userid_type = datum[len(userid_typename):]
                decoder = self.userid_type_decoders.get(userid_type)
                if decoder:
                    userid = decoder(userid)

        environ['REMOTE_USER_TOKENS'] = tokens
        environ['REMOTE_USER_DATA'] = user_data
        environ['AUTH_TYPE'] = 'cookie'

        identity = {}
        identity['timestamp'] = timestamp
        identity['repoze.who.plugins.auth_tkt.userid'] = userid
        identity['tokens'] = tokens
        identity['userdata'] = user_data
        return identity