def internal_method(self, login_bundle, data):
"""For internal use only."""
"""
data: struct
method: string
params: struct
"""
cur_user = self._check_login(login_bundle)
# sanity check args before proceeding in order to provide
# sanitzed error message
if type(data) is not dict or not data.has_key('method') or not data.has_key('params'):
raise xmlrpclib.Fault(FAULT_NO_ACCESS, 'Invalid data.')
if type(data['params']) is not dict:
raise xmlrpclib.Fault(FAULT_NO_ACCESS, 'Invalid data.')
# check api-admin membership
group = get_group_database().get_group('api-admin')
if group and not group.is_member(cur_user):
raise xmlrpclib.Fault(FAULT_INVALID_LOGIN, 'User must be member of http://www.ned.com/group/api-admin/')
if data['method'] in ['_cookie_login']:
return self._internal_cookie_to_login(data['params'])
raise xmlrpclib.Fault(FAULT_NO_ACCESS, 'Invalid access.')
def login(self, username, password):
"""Return a login_bundle struct if username and password are valid. Raises
a Fault if invalid.
You must generally call this method to obtain a login_bundle for use
with any other API method. valid_login() may be used to verify the
validity of login_bundle. Login bundles generally expire after
five minutes.
NOTE: the username provided must be that of a member of the
"api" group at http://www.ned.com/group/api/
The login bundle uses the WSSE cryptographic protocol to protect
your password during its use with any other API method.
Calls to this method MUST be via HTTPS or a Fault will be raised. Calls
to the rest of the API should be via HTTP.
Parameters:
username: e-mail or user-id (string)
password: string
Returns:
login_bundle: struct:
username: user-id (string)
passdigest: password digest (string)
created: creation timestamp (string)
nonce: string
atom_tag: atom_tag of user (string)
"""
if local.HTTPS_LOGIN and get_request().scheme != 'https':
raise xmlrpclib.Fault(FAULT_NOT_SECURE, 'Must use https')
user = get_user_database().authenticate_user(username, password)
# check api group membership or internal user
if user:
if not is_internal_user(user):
group = get_group_database().get_group('api')
if group and not group.is_member(user):
raise xmlrpclib.Fault(FAULT_INVALID_LOGIN, 'User must be member of http://www.ned.com/group/api/')
if user:
return self._create_login_bundle(user)
raise xmlrpclib.Fault(FAULT_INVALID_LOGIN, 'Invalid login')
def _is_not_member(self, group, user):
assert not group.is_member(user)
assert not user in group.get_member_list()
assert not user.is_member_of_group(qon.base.get_usergroup_database().get_usergroup(group.get_user_id()))