Exemple #1
0
    def internal_method(self, login_bundle, data):
        """For internal use only."""

        """
            data: struct
                method: string
                params: struct
        """
        cur_user = self._check_login(login_bundle)

        # sanity check args before proceeding in order to provide
        # sanitzed error message
        if type(data) is not dict or not data.has_key('method') or not data.has_key('params'):
            raise xmlrpclib.Fault(FAULT_NO_ACCESS, 'Invalid data.')

        if type(data['params']) is not dict:
            raise xmlrpclib.Fault(FAULT_NO_ACCESS, 'Invalid data.')

        # check api-admin membership
        group = get_group_database().get_group('api-admin')
        if group and not group.is_member(cur_user):
            raise xmlrpclib.Fault(FAULT_INVALID_LOGIN, 'User must be member of http://www.ned.com/group/api-admin/')

        if data['method'] in ['_cookie_login']:
            return self._internal_cookie_to_login(data['params'])

        raise xmlrpclib.Fault(FAULT_NO_ACCESS, 'Invalid access.')
Exemple #2
0
    def login(self, username, password):
        """Return a login_bundle struct if username and password are valid. Raises
        a Fault if invalid.

        You must generally call this method to obtain a login_bundle for use
        with any other API method. valid_login() may be used to verify the
        validity of login_bundle. Login bundles generally expire after
        five minutes.

        NOTE: the username provided must be that of a member of the
        "api" group at http://www.ned.com/group/api/

        The login bundle uses the WSSE cryptographic protocol to protect
        your password during its use with any other API method.

        Calls to this method MUST be via HTTPS or a Fault will be raised. Calls
        to the rest of the API should be via HTTP.

        Parameters:
            username: e-mail or user-id (string)
            password: string

        Returns:
            login_bundle: struct:
                username:   user-id (string)
                passdigest: password digest (string)
                created:    creation timestamp (string)
                nonce:      string
        atom_tag:   atom_tag of user (string)

        """
        if local.HTTPS_LOGIN and get_request().scheme != 'https':
            raise xmlrpclib.Fault(FAULT_NOT_SECURE, 'Must use https')

        user = get_user_database().authenticate_user(username, password)

        # check api group membership or internal user
        if user:
            if not is_internal_user(user):
                group = get_group_database().get_group('api')
                if group and not group.is_member(user):
                    raise xmlrpclib.Fault(FAULT_INVALID_LOGIN, 'User must be member of http://www.ned.com/group/api/')

        if user:
            return self._create_login_bundle(user)

        raise xmlrpclib.Fault(FAULT_INVALID_LOGIN, 'Invalid login')
Exemple #3
0
 def _is_not_member(self, group, user):
     assert not group.is_member(user)
     assert not user in group.get_member_list()
     assert not user.is_member_of_group(qon.base.get_usergroup_database().get_usergroup(group.get_user_id()))