def isMemberIdAllowed(self, id):
        if len(id) < 1 or id == 'Anonymous User':
            return 0
        if not self._ALLOWED_MEMBER_ID_PATTERN.match(id):
            return 0

        pas = getToolByName(self, 'acl_users')
        if IPluggableAuthService.providedBy(pas):
            results = pas.searchPrincipals(id=id, exact_match=True)
            if results:
                return 0
            else:
                for parent in aq_chain(self):
                    if hasattr(aq_base(parent), "acl_users"):
                        parent = parent.acl_users
                        if IPluggableAuthService.providedBy(parent):
                            if parent.searchPrincipals(id=id,
                                                       exact_match=True):
                                return 0
            # When email addresses are used as logins, we need to check
            # if there are any users with the requested login.
            props = getToolByName(self, 'portal_properties').site_properties
            if props.use_email_as_login:
                results = pas.searchUsers(name=id, exact_match=True)
                if results:
                    return 0
        else:
            membership = getToolByName(self, 'portal_membership')
            if membership.getMemberById(id) is not None:
                return 0
            groups = getToolByName(self, 'portal_groups')
            if groups.getGroupById(id) is not None:
                return 0

        return 1
    def isMemberIdAllowed(self, id):
        if len(id) < 1 or id == 'Anonymous User':
            return 0
        if not self._ALLOWED_MEMBER_ID_PATTERN.match(id):
            return 0

        pas = getToolByName(self, 'acl_users')
        if IPluggableAuthService.providedBy(pas):
            results = pas.searchPrincipals(id=id, exact_match=True)
            if results:
                return 0
            else:
                for parent in aq_chain(self):
                    if hasattr(aq_base(parent), "acl_users"):
                        parent = parent.acl_users
                        if IPluggableAuthService.providedBy(parent):
                            if parent.searchPrincipals(id=id,
                                                       exact_match=True):
                                return 0
            # When email addresses are used as logins, we need to check
            # if there are any users with the requested login.
            props = getToolByName(self, 'portal_properties').site_properties
            if props.use_email_as_login:
                results = pas.searchUsers(name=id, exact_match=True)
                if results:
                    return 0
        else:
            membership = getToolByName(self, 'portal_membership')
            if membership.getMemberById(id) is not None:
                return 0
            groups = getToolByName(self, 'portal_groups')
            if groups.getGroupById(id) is not None:
                return 0

        return 1
Esempio n. 3
0
    def canWriteProperty(self, prop_name):
        """True iff the member/group property named in 'prop_name'
        can be changed.
        """
        if not IPluggableAuthService.providedBy(self._tool.acl_users):
            # not PAS; Memberdata is writable
            return self._memberdataHasProperty(prop_name)
        else:
            # it's PAS
            user = self.getUser()
            sheets = getattr(user, 'getOrderedPropertySheets', lambda: None)()
            if not sheets:
                return self._memberdataHasProperty(prop_name)

            for sheet in sheets:
                if not sheet.hasProperty(prop_name):
                    continue
                if IMutablePropertySheet.providedBy(sheet):
                    # BBB for plugins implementing an older version of
                    # IMutablePropertySheet
                    if hasattr(sheet, 'canWriteProperty'):
                        return sheet.canWriteProperty(user, prop_name)
                    return True
                else:
                    break  # shadowed by read-only
        return False
Esempio n. 4
0
    def canWriteProperty(self, prop_name):
        """True iff the member/group property named in 'prop_name'
        can be changed.
        """
        if not IPluggableAuthService.providedBy(self.acl_users):
            # not PAS; Memberdata is writable
            return self._memberdataHasProperty(prop_name)
        else:
            # it's PAS
            user = self.getUser()
            sheets = getattr(user, 'getOrderedPropertySheets', lambda: None)()
            if not sheets:
                return self._memberdataHasProperty(prop_name)

            for sheet in sheets:
                if not sheet.hasProperty(prop_name):
                    continue
                if IMutablePropertySheet.providedBy(sheet):
                    # BBB for plugins implementing an older version of
                    # IMutablePropertySheet
                    if hasattr(sheet, 'canWriteProperty'):
                        return sheet.canWriteProperty(user, prop_name)
                    return True
                else:
                    break  # shadowed by read-only
        return False
Esempio n. 5
0
def pas_fixup(self):
    from Products.PluggableAuthService.PluggableAuthService \
        import _PLUGIN_TYPE_INFO

    pas = getToolByName(self, 'acl_users')
    if not IPluggableAuthService.providedBy(pas):
        logger.debug('PAS UF not found, skipping PAS fixup.')
        return

    plugins = pas['plugins']

    plugin_types = list(set(plugins._plugin_types))
    for key, id, title, description in _PLUGIN_TYPE_INFO:
        if key in plugin_types:
            logger.debug("Plugin type '%s' already registered." % id)
            continue
        logger.debug("Plugin type '%s' was not registered." % id)
        plugin_types.append(key)
        plugins._plugin_type_info[key] = {
            'id': id,
            'title': title,
            'description': description,
        }
    # Make it ordered
    plugin_types.sort()

    # Re-assign because it's a non-persistent property.
    plugins._plugin_types = plugin_types
def addAutoUserMakerPASPlugin(context):
    """Find the nearest acl_users and adds and activates an Auto User Maker.

    Return a 1-tuple with the new Auto User Maker as its only element."""

    acl_users = getattr(context, 'acl_users', None)
    if acl_users is None:
        raise LookupError("No acl_users can be acquired or otherwise found.")

    pas = IPluggableAuthService(acl_users, None)
    if pas is None:
        raise ValueError(
            "The nearest acl_users object is not a PluggableAuthService.")

    pluginId = _firstIdOfClass(acl_users, ApacheAuthPluginHandler)
    if not pluginId:
        pluginId = 'AutoUserMakerPASPlugin'
        setup = acl_users.manage_addProduct[pluginId]
        setup.manage_addAutoUserMaker(pluginId, 'AutoUserMakerPAS Plugin')

    plugins = acl_users.plugins
    for interface in [IAuthenticationPlugin, IExtractionPlugin]:
        plugins.activatePlugin(interface, pluginId)

    return pas[pluginId]
Esempio n. 7
0
    def getProperty(self, id, default=_marker):
        """PAS-specific method to fetch a user's properties. Looks
        through the ordered property sheets.
        """
        sheets = None
        if not IPluggableAuthService.providedBy(self.acl_users):
            return BaseMemberData.getProperty(self, id)
        else:
            # It's a PAS! Whee!
            user = self.getUser()
            sheets = getattr(user, 'getOrderedPropertySheets', lambda: None)()

            # we won't always have PlonePAS users, due to acquisition,
            # nor are guaranteed property sheets
            if not sheets:
                return BaseMemberData.getProperty(self, id, default)

        # If we made this far, we found a PAS and some property sheets.
        for sheet in sheets:
            if sheet.hasProperty(id):
                # Return the first one that has the property.
                value = sheet.getProperty(id)
                if isinstance(value, unicode):
                    # XXX Temporarily work around the fact that
                    # property sheets blindly store and return
                    # unicode. This is sub-optimal and should be
                    # dealed with at the property sheets level by
                    # using Zope's converters.
                    return value.encode('utf-8')
                return value

        # Couldn't find the property in the property sheets. Try to
        # delegate back to the base implementation.
        return BaseMemberData.getProperty(self, id, default)
Esempio n. 8
0
    def login(self):
        """Set a cookie and redirect to the url that we tried to
        authenticate against originally.

        Override standard login method to avoid calling
        'return response.redirect(came_from)' as there is additional
        processing to ignore known bad come_from templates at
        login_next.cpy script.
        """
        request = self.REQUEST
        response = request['RESPONSE']

        password = request.get('__ac_password', '')

        user = getSecurityManager().getUser()
        login = user.getUserName()
        user_pas = aq_parent(user)

        if IPluggableAuthService.providedBy(user_pas):
            # Delegate to the users own PAS if possible
            user_pas.updateCredentials(request, response, login, password)
        else:
            # User does not originate from a PAS user folder, so lets try
            # to do our own thing.
            # XXX Perhaps we should do nothing here; test with pure User
            # Folder!
            pas_instance = self._getPAS()
            if pas_instance is not None:
                pas_instance.updateCredentials(request, response, login,
                                               password)
Esempio n. 9
0
 def _get_pas(self, location=None):
     if location is None:
         location = self.get_root()
     pas = getattr(location, 'acl_users')
     if not IPluggableAuthService.providedBy(pas):
         return None
     return pas
Esempio n. 10
0
    def login(self):
        """Set a cookie and redirect to the url that we tried to
        authenticate against originally.

        Override standard login method to avoid calling
        'return response.redirect(came_from)' as there is additional
        processing to ignore known bad come_from templates at
        login_next.cpy script.

        Note that this is the version from Plone 3.3.6, which has a
        fix compared to Plone 3.1.7 that is important to us: it uses
        getUserName (so the login name) instead of the __ac_name to
        update the credentials of the user.
        """
        request = self.REQUEST
        response = request['RESPONSE']

        password = request.get('__ac_password', '')

        user = getSecurityManager().getUser()
        login = user.getUserName()
        user_pas = aq_parent(user)

        if IPluggableAuthService.providedBy(user_pas):
            # Delegate to the users own PAS if possible
            user_pas.updateCredentials(request, response, login, password)
        else:
            # User does not originate from a PAS user folder, so lets
            # try to do our own thing.  XXX Perhaps we should do
            # nothing here; test with pure User Folder!
            pas_instance = self._getPAS()
            if pas_instance is not None:
                pas_instance.updateCredentials(request, response, login,
                                               password)
Esempio n. 11
0
def migrate_root_uf(self):
    # Acquire parent user folder.
    parent = self.getPhysicalRoot()
    uf = getToolByName(parent, 'acl_users')
    if IPluggableAuthService.providedBy(uf):
        # It's a PAS already, fixup if needed.
        pas_fixup(parent)

        # Configure Challenge Chooser plugin if available
        challenge_chooser_setup(parent)
        return

    if not uf.meta_type == 'User Folder':
        # It's not a standard User Folder at the root. Nothing we can do.
        return

    # It's a standard User Folder, replace it.
    replace_acl_users(parent)

    # Get the new uf
    uf = getToolByName(parent, 'acl_users')

    pas = uf.manage_addProduct['PluggableAuthService']
    plone_pas = uf.manage_addProduct['PlonePAS']
    # Setup authentication plugins
    setupAuthPlugins(parent, pas, plone_pas,
                     deactivate_basic_reset=False,
                     deactivate_cookie_challenge=True)

    # Activate *all* interfaces for user manager. IUserAdder is not
    # activated for some reason by default.
    activatePluginInterfaces(parent, 'users')

    # Configure Challenge Chooser plugin if available
    challenge_chooser_setup(parent)
Esempio n. 12
0
    def getProperty(self, id, default=_marker):
        """PAS-specific method to fetch a user's properties. Looks
        through the ordered property sheets.
        """
        sheets = None
        if not IPluggableAuthService.providedBy(self.acl_users):
            return BaseMemberData.getProperty(self, id)
        else:
            # It's a PAS! Whee!
            user = self.getUser()
            sheets = getattr(user, 'getOrderedPropertySheets', lambda: None)()

            # we won't always have PlonePAS users, due to acquisition,
            # nor are guaranteed property sheets
            if not sheets:
                return BaseMemberData.getProperty(self, id, default)

        # If we made this far, we found a PAS and some property sheets.
        for sheet in sheets:
            if sheet.hasProperty(id):
                # Return the first one that has the property.
                value = sheet.getProperty(id)
                if isinstance(value, unicode):
                    # XXX Temporarily work around the fact that
                    # property sheets blindly store and return
                    # unicode. This is sub-optimal and should be
                    # dealed with at the property sheets level by
                    # using Zope's converters.
                    return value.encode('utf-8')
                return value

        # Couldn't find the property in the property sheets. Try to
        # delegate back to the base implementation.
        return BaseMemberData.getProperty(self, id, default)
Esempio n. 13
0
 def _deletePortrait(self, member_id):
     " remove member_id's portrait "
     if IPluggableAuthService.providedBy(self.acl_users):
         plugins = self._getPlugins()
         portrait_managers = plugins.listPlugins(IPortraitManagementPlugin)
         for mid, manager in portrait_managers:
             manager.deletePortrait(member_id)
Esempio n. 14
0
 def _setPortrait(self, portrait, member_id):
     " store portrait which must be a raw image in _portrais "
     if IPluggableAuthService.providedBy(self.acl_users):
         plugins = self._getPlugins()
         portrait_managers = plugins.listPlugins(IPortraitManagementPlugin)
         for mid, manager in portrait_managers:
             manager.setPortrait(portrait, member_id)
Esempio n. 15
0
def pas_fixup(self):
    from Products.PluggableAuthService.PluggableAuthService \
        import _PLUGIN_TYPE_INFO

    pas = getToolByName(self, 'acl_users')
    if not IPluggableAuthService.providedBy(pas):
        logger.debug('PAS UF not found, skipping PAS fixup.')
        return

    plugins = pas['plugins']

    plugin_types = list(set(plugins._plugin_types))
    for key, id, title, description in _PLUGIN_TYPE_INFO:
        if key in plugin_types:
            logger.debug("Plugin type '%s' already registered." % id)
            continue
        logger.debug("Plugin type '%s' was not registered." % id)
        plugin_types.append(key)
        plugins._plugin_type_info[key] = {
            'id': id,
            'title': title,
            'description': description,
        }
    # Make it ordered
    plugin_types.sort()

    # Re-assign because it's a non-persistent property.
    plugins._plugin_types = plugin_types
Esempio n. 16
0
    def login(self):
        """Set a cookie and redirect to the url that we tried to
        authenticate against originally.

        Override standard login method to avoid calling
        'return response.redirect(came_from)' as there is additional
        processing to ignore known bad come_from templates at
        login_next.cpy script.
        """
        request = self.REQUEST
        response = request['RESPONSE']

        login = request.get('__ac_name', '')
        password = request.get('__ac_password', '')

        user = getSecurityManager().getUser()
        user_pas = user.aq_parent

        if IPluggableAuthService.providedBy(user_pas):
            # Delegate to the users own PAS if possible
            user_pas.updateCredentials(request, response, login, password)
        else:
            # User does not originate from a PAS user folder, so lets try
            # to do our own thing.
            # XXX Perhaps we should do nothing here; test with pure User Folder!
            pas_instance = self._getPAS()
            if pas_instance is not None:
                pas_instance.updateCredentials(request, response, login, password)
def isMemberIdAllowed(self, id):
    if len(id) < 1 or id == 'Anonymous User':
        return 0
    if not self._ALLOWED_MEMBER_ID_PATTERN.match(id):
        return 0

    pas = getToolByName(self, 'acl_users')
    if IPluggableAuthService.providedBy(pas):
        results = pas.searchPrincipals(id=id, exact_match=True)
        if results:
            return 0
        else:
            for parent in aq_chain(self):
                if hasattr(aq_base(parent), "acl_users"):
                    parent = parent.acl_users
                    if IPluggableAuthService.providedBy(parent):
                        if parent.searchPrincipals(id=id,
                                                   exact_match=True):
                            return 0
        # When email addresses are used as logins, we need to check
        # if there are any users with the requested login.
        props = getToolByName(self, 'portal_properties').site_properties
        if props.use_email_as_login:
            results = pas.searchUsers(name=id, exact_match=True)
            if results:
                # return 0
                # *********************
                # Check if domain is ok
                # *********************
                from allowed.domains.interfaces import IAllowedDomainsSettings
                from plone.registry.interfaces import IRegistry
                registry = getUtility(IRegistry)
                settings = registry.forInterface(IAllowedDomainsSettings)
                # Assume validation has ensured there is a @ in the id
                if id.split('@')[1] in settings.allowed_domains:
                    return 0
                # *********************

    else:
        membership = getToolByName(self, 'portal_membership')
        if membership.getMemberById(id) is not None:
            return 0
        groups = getToolByName(self, 'portal_groups')
        if groups.getGroupById(id) is not None:
            return 0

    return 1
Esempio n. 18
0
 def __init__(self, context):
     self.context = context
     self.tool = getToolByName(self.context, 'portal_membership', None)
     self.fieldnames = []
     # for compatibility with Plone 2.0 (import next only on instance init)
     from Products.PluggableAuthService.interfaces.authservice import IPluggableAuthService
     self.compatible = IPluggableAuthService.providedBy(self.context.acl_users)
     self.is_compatible()
Esempio n. 19
0
def isMemberIdAllowed(self, id):
    if len(id) < 1 or id == 'Anonymous User':
        return 0
    if not self._ALLOWED_MEMBER_ID_PATTERN.match(id):
        return 0

    pas = getToolByName(self, 'acl_users')
    if IPluggableAuthService.providedBy(pas):
        results = pas.searchPrincipals(id=id, exact_match=True)
        if results:
            return 0
        else:
            for parent in aq_chain(self):
                if hasattr(aq_base(parent), "acl_users"):
                    parent = parent.acl_users
                    if IPluggableAuthService.providedBy(parent):
                        if parent.searchPrincipals(id=id, exact_match=True):
                            return 0
        # When email addresses are used as logins, we need to check
        # if there are any users with the requested login.
        props = getToolByName(self, 'portal_properties').site_properties
        if props.use_email_as_login:
            results = pas.searchUsers(name=id, exact_match=True)
            if results:
                # return 0
                # *********************
                # Check if domain is ok
                # *********************
                from allowed.domains.interfaces import IAllowedDomainsSettings
                from plone.registry.interfaces import IRegistry
                registry = getUtility(IRegistry)
                settings = registry.forInterface(IAllowedDomainsSettings)
                # Assume validation has ensured there is a @ in the id
                if id.split('@')[1] in settings.allowed_domains:
                    return 0
                # *********************

    else:
        membership = getToolByName(self, 'portal_membership')
        if membership.getMemberById(id) is not None:
            return 0
        groups = getToolByName(self, 'portal_groups')
        if groups.getGroupById(id) is not None:
            return 0

    return 1
Esempio n. 20
0
 def _getPortrait(self, member_id):
     "return member_id's portrait if you can "
     if IPluggableAuthService.providedBy(self.acl_users):
         plugins = self._getPlugins()
         portrait_managers = plugins.listPlugins(IPortraitManagementPlugin)
         for mid, manager in portrait_managers:
             result = manager.getPortrait(member_id)
             if result is not None:
                 return result
 def __init__(self, context):
     self.context = context
     self.tool = getToolByName(self.context, 'portal_memberdata')
     self.membrane_tool = getToolByName(self.context, 'membrane_tool', None)
     self.fieldnames = []
     # for compatibility with Plone 2.0 (import next only on instance init)
     from Products.PluggableAuthService.interfaces.authservice import IPluggableAuthService
     from Products.remember.interfaces import IRememberMembraneTool
     self.compatible = IPluggableAuthService.providedBy(self.context.acl_users) and self.membrane_tool and IRememberMembraneTool.providedBy(self.membrane_tool)
     self.is_compatible()
Esempio n. 22
0
def install_pas_plugin(context):
    uf_parent = aq_inner(context)
    while True:
        uf = getToolByName(uf_parent, "acl_users")
        if IPluggableAuthService.providedBy(uf) and "jwt_auth" not in uf:
            plugin = JWTAuthenticationPlugin("jwt_auth")
            uf._setObject(plugin.getId(), plugin)
            plugin = uf["jwt_auth"]
            plugin.manage_activateInterfaces(
                ["IAuthenticationPlugin", "IExtractionPlugin"])
        if uf_parent is uf_parent.getPhysicalRoot():
            break
        uf_parent = aq_parent(uf_parent)
Esempio n. 23
0
def setMemberProperties(self, mapping, force_local=0):
    """PAS-specific method to set the properties of a
    member. Ignores 'force_local', which is not reliably present.
    """
    sheets = None

    # We could pay attention to force_local here...
    if not IPluggableAuthService.providedBy(self.acl_users):
        # Defer to base impl in absence of PAS, a PAS user, or
        # property sheets
        return BaseMemberData.setMemberProperties(self, mapping)
    else:
        # It's a PAS! Whee!
        user = self.getUser()
        sheets = getattr(user, 'getOrderedPropertySheets', lambda: None)()

        # We won't always have PlonePAS users, due to acquisition,
        # nor are guaranteed property sheets
        if not sheets:
            # Defer to base impl if we have a PAS but no property
            # sheets.
            return BaseMemberData.setMemberProperties(self, mapping)

    # If we got this far, we have a PAS and some property sheets.
    # XXX track values set to defer to default impl
    # property routing?
    modified = False
    for k, v in mapping.items():
        if v == None:
            continue
        for sheet in sheets:
            if not sheet.hasProperty(k):
                continue
            if IMutablePropertySheet.providedBy(sheet):
                sheet.setProperty(user, k, v)
                modified = True
            else:
                break
                # raise RuntimeError, ("Mutable property provider "
                #                     "shadowed by read only provider")
    if modified:
        self.notifyModified()

        # Genweb: Updated by patch
        notify(PropertiesUpdated(user, mapping))
Esempio n. 24
0
def setMemberProperties(self, mapping, force_local=0):
    """ PAS-specific method to set the properties of a
        member. Ignores 'force_local', which is not reliably present.
    """
    sheets = None

    # We could pay attention to force_local here...
    if not IPluggableAuthService.providedBy(self.acl_users):
        # Defer to base impl in absence of PAS, a PAS user, or
        # property sheets
        return BaseMemberData.setMemberProperties(self, mapping)
    else:
        # It's a PAS! Whee!
        user = self.getUser()
        sheets = getattr(user, 'getOrderedPropertySheets', lambda: None)()

        # We won't always have PlonePAS users, due to acquisition,
        # nor are guaranteed property sheets
        if not sheets:
            # Defer to base impl if we have a PAS but no property
            # sheets.
            return BaseMemberData.setMemberProperties(self, mapping)

    # If we got this far, we have a PAS and some property sheets.
    # XXX track values set to defer to default impl
    # property routing?
    modified = False
    for k, v in mapping.items():
        if v is None:
            continue
        for sheet in sheets:
            if not sheet.hasProperty(k):
                continue
            if IMutablePropertySheet.providedBy(sheet):
                sheet.setProperty(user, k, v)
                modified = True
            else:
                break
                # raise RuntimeError, ("Mutable property provider "
                #                     "shadowed by read only provider")
    if modified:
        self.notifyModified()

        # Genweb: Updated by patch
        notify(PropertiesUpdated(user, mapping))
Esempio n. 25
0
    def setMemberProperties(self, mapping, force_local=0, force_empty=False):
        """PAS-specific method to set the properties of a
        member. Ignores 'force_local', which is not reliably present.
        """
        sheets = None

        # We could pay attention to force_local here...
        if not IPluggableAuthService.providedBy(self._tool.acl_users):
            # Defer to base impl in absence of PAS, a PAS user, or
            # property sheets
            return BaseMemberAdapter.setMemberProperties(self, mapping)
        else:
            # It's a PAS! Whee!
            user = self.getUser()
            sheets = getattr(user, 'getOrderedPropertySheets', lambda: None)()

            # We won't always have PlonePAS users, due to acquisition,
            # nor are guaranteed property sheets
            if not sheets:
                # Defer to base impl if we have a PAS but no property
                # sheets.
                return BaseMemberAdapter.setMemberProperties(self, mapping)

        # If we got this far, we have a PAS and some property sheets.
        # XXX track values set to defer to default impl
        # property routing?
        modified = False
        for k, v in mapping.items():
            if v is None and not force_empty:
                continue
            for sheet in sheets:
                if not sheet.hasProperty(k):
                    continue
                if IMutablePropertySheet.providedBy(sheet):
                    sheet.setProperty(user, k, v)
                    modified = True
                else:
                    break
        if modified:
            self.notifyModified()

        # Trigger PropertiesUpdated event when member properties are updated,
        # excluding user login events
        if not set(mapping.keys()) & set(('login_time', 'last_login_time')):
            notify(PropertiesUpdated(self, mapping))
Esempio n. 26
0
 def canWriteProperty(self, prop_name):
     """True iff the group property named in 'prop_name'
     can be changed.
     """
     # this looks almost exactly like in memberdata. refactor?
     if not IPluggableAuthService.providedBy(self.acl_users):
         # not PAS; Groupdata is writable
         return self._groupdataHasProperty(prop_name)
     else:
         # it's PAS
         group = self.getGroup()
         sheets = getattr(group, 'getOrderedPropertySheets', lambda: [])()
         for sheet in sheets:
             if not sheet.hasProperty(prop_name):
                 continue
             if IMutablePropertySheet.providedBy(sheet):
                 return 1
             else:
                 break  # shadowed by read-only
     return 0
Esempio n. 27
0
    def isMemberIdAllowed(self, id):
        if len(id) < 1 or id == 'Anonymous User':
            return 0
        if not self._ALLOWED_MEMBER_ID_PATTERN.match( id ):
            return 0

        pas = getToolByName(self, 'acl_users')
        if IPluggableAuthService.providedBy(pas):
            results = pas.searchPrincipals(id=id, exact_match=True)
            if results:
                return 0
        else:
            membership = getToolByName(self, 'portal_membership')
            if membership.getMemberById(id) is not None:
                return 0
            groups = getToolByName(self, 'portal_groups')
            if groups.getGroupById(id) is not None:
                return 0

        return 1
Esempio n. 28
0
 def canWriteProperty(self, prop_name):
     """True iff the group property named in 'prop_name'
     can be changed.
     """
     # this looks almost exactly like in memberdata. refactor?
     if not IPluggableAuthService.providedBy(self.acl_users):
         # not PAS; Groupdata is writable
         return self._groupdataHasProperty(prop_name)
     else:
         # it's PAS
         group = self.getGroup()
         sheets = getattr(group, 'getOrderedPropertySheets', lambda: [])()
         for sheet in sheets:
             if not sheet.hasProperty(prop_name):
                 continue
             if IMutablePropertySheet.providedBy(sheet):
                 return 1
             else:
                 break  # shadowed by read-only
     return 0
Esempio n. 29
0
def addShibbolethPermissions(context):
    """Find the nearest acl_users and adds and activates an ShibbolethPermissions.

    Return a 1-tuple with the new ShibbolethPermissions as its only element."""

    acl_users = getattr(context, 'acl_users', None)
    if acl_users is None:
        raise LookupError("No acl_users can be acquired or otherwise found.")

    pas = IPluggableAuthService(acl_users, None)
    if pas is None:
        raise ValueError(
            "The nearest acl_users object is not a PluggableAuthService.")

    pluginId = _firstIdOfClass(acl_users, ShibbolethPermissionsHandler)
    if not pluginId:
        pluginId = 'ShibbolethPermissions'
        setup = acl_users.manage_addProduct[pluginId]
        setup.manage_addShibbolethPermissions(pluginId,
                                              'ShibbolethPermissions')

    return pas[pluginId]
Esempio n. 30
0
    def deleteMemberData(self, member_id, REQUEST=None):
        """ Delete member data of specified member.
        """
        if IPluggableAuthService.providedBy(self.acl_users):
            # It's a PAS! Whee!
            # XXX: can we safely assume that user name == member_id
            plugins = self._getPlugins()
            prop_managers = plugins.listPlugins(IPropertiesPlugin)
            for mid, prop_manager in prop_managers:
                # Not all PropertiesPlugins support user deletion
                try:
                    prop_manager.deleteUser(member_id)
                except AttributeError:
                    pass

        # we won't always have PlonePAS users, due to acquisition,
        # nor are guaranteed property sheets
        members = self._members
        if member_id in members:
            del members[member_id]
            return 1
        else:
            return 0
Esempio n. 31
0
def pas_fixup(self, out):
    from Products.PluggableAuthService.PluggableAuthService import _PLUGIN_TYPE_INFO, PluggableAuthService

    pas = getToolByName(self, "acl_users")
    if not IPluggableAuthService.providedBy(pas):
        print >> out, "PAS UF not found, skipping PAS fixup"
        return

    plugins = pas["plugins"]

    plugin_types = list(Set(plugins._plugin_types))
    for key, id, title, description in _PLUGIN_TYPE_INFO:
        if key in plugin_types:
            print >> out, "Plugin type '%s' already registered." % id
            continue
        print >> out, "Plugin type '%s' was not registered." % id
        plugin_types.append(key)
        plugins._plugin_type_info[key] = {"id": id, "title": title, "description": description}
    # Make it ordered
    plugin_types.sort()

    # Re-assign because it's a non-persistent property.
    plugins._plugin_types = plugin_types
Esempio n. 32
0
    def deleteMemberData(self, member_id, REQUEST=None):
        """ Delete member data of specified member.
        """
        if IPluggableAuthService.providedBy(self.acl_users):
            # It's a PAS! Whee!
            # XXX: can we safely assume that user name == member_id
            plugins = self._getPlugins()
            prop_managers = plugins.listPlugins(IPropertiesPlugin)
            for mid, prop_manager in prop_managers:
                # Not all PropertiesPlugins support user deletion
                try:
                    prop_manager.deleteUser(member_id)
                except AttributeError:
                    pass

        # we won't always have PlonePAS users, due to acquisition,
        # nor are guaranteed property sheets
        members = self._members
        if member_id in members:
            del members[member_id]
            return 1
        else:
            return 0
Esempio n. 33
0
    def setGroupProperties(self, mapping):
        """PAS-specific method to set the properties of a group.
        """
        sheets = None

        if not IPluggableAuthService.providedBy(self.acl_users):
            # Defer to base impl in absence of PAS, a PAS group, or
            # property sheets
            return self._gruf_setGroupProperties(mapping)
        else:
            # It's a PAS! Whee!
            group = self.getGroup()
            sheets = getattr(group, 'getOrderedPropertySheets', lambda: [])()

            # We won't always have PlonePAS groups, due to acquisition,
            # nor are guaranteed property sheets
            if not sheets:
                # Defer to base impl if we have a PAS but no property
                # sheets.
                return self._gruf_setGroupProperties(mapping)

        # If we got this far, we have a PAS and some property sheets.
        # XXX track values set to defer to default impl
        # property routing?
        modified = False
        for k, v in mapping.items():
            for sheet in sheets:
                if not sheet.hasProperty(k):
                    continue
                if IMutablePropertySheet.providedBy(sheet):
                    sheet.setProperty(group, k, v)
                    modified = True
                else:
                    raise RuntimeError, ("Mutable property provider "
                                         "shadowed by read only provider")
        if modified:
            self.notifyModified()
Esempio n. 34
0
def migrate_root_uf(self):
    # Acquire parent user folder.
    parent = self.getPhysicalRoot()
    uf = getToolByName(parent, 'acl_users')
    if IPluggableAuthService.providedBy(uf):
        # It's a PAS already, fixup if needed.
        pas_fixup(parent)

        # Configure Challenge Chooser plugin if available
        challenge_chooser_setup(parent)
        return

    if not uf.meta_type == 'User Folder':
        # It's not a standard User Folder at the root. Nothing we can do.
        return

    # It's a standard User Folder, replace it.
    replace_acl_users(parent)

    # Get the new uf
    uf = getToolByName(parent, 'acl_users')

    pas = uf.manage_addProduct['PluggableAuthService']
    plone_pas = uf.manage_addProduct['PlonePAS']
    # Setup authentication plugins
    setupAuthPlugins(parent,
                     pas,
                     plone_pas,
                     deactivate_basic_reset=False,
                     deactivate_cookie_challenge=True)

    # Activate *all* interfaces for user manager. IUserAdder is not
    # activated for some reason by default.
    activatePluginInterfaces(parent, 'users')

    # Configure Challenge Chooser plugin if available
    challenge_chooser_setup(parent)
Esempio n. 35
0
    def setGroupProperties(self, mapping):
        """PAS-specific method to set the properties of a group.
        """
        sheets = None

        if not IPluggableAuthService.providedBy(self.acl_users):
            # Defer to base impl in absence of PAS, a PAS group, or
            # property sheets
            return self._gruf_setGroupProperties(mapping)
        else:
            # It's a PAS! Whee!
            group = self.getGroup()
            sheets = getattr(group, 'getOrderedPropertySheets', lambda: [])()

            # We won't always have PlonePAS groups, due to acquisition,
            # nor are guaranteed property sheets
            if not sheets:
                # Defer to base impl if we have a PAS but no property
                # sheets.
                return self._gruf_setGroupProperties(mapping)

        # If we got this far, we have a PAS and some property sheets.
        # XXX track values set to defer to default impl
        # property routing?
        modified = False
        for k, v in list(mapping.items()):
            for sheet in sheets:
                if not sheet.hasProperty(k):
                    continue
                if IMutablePropertySheet.providedBy(sheet):
                    sheet.setProperty(group, k, v)
                    modified = True
                else:
                    raise RuntimeError("Mutable property provider "
                                       "shadowed by read only provider")
        if modified:
            self.notifyModified()
Esempio n. 36
0
    def getProperty(self, id, default=_marker):
        """PAS-specific method to fetch a group's properties. Looks
        through the ordered property sheets.
        """
        sheets = None
        if not IPluggableAuthService.providedBy(self.acl_users):
            return BaseGroupData.getProperty(self, id)
        else:
            # It's a PAS! Whee!
            group = self.getGroup()
            sheets = getattr(group, 'getOrderedPropertySheets', lambda: None)()
            # we won't always have PlonePAS groups, due to acquisition,
            # nor are guaranteed property sheets
            if not sheets:
                return BaseGroupData.getProperty(self, id)

        # If we made this far, we found a PAS and some property sheets.
        for sheet in sheets:
            if sheet.hasProperty(id):
                # Return the first one that has the property.
                return sheet.getProperty(id)
        # Couldn't find the property in the property sheets. Try to
        # delegate back to the base implementation.
        return BaseGroupData.getProperty(self, id, default)
Esempio n. 37
0
 def test_installed(self):
     self.failUnless(IPluggableAuthService.providedBy(self.acl_users))
Esempio n. 38
0
 def __init__(self, context):
     self.context = context
     self.tool = getToolByName(self.context, 'portal_membership', None)
     self.fieldnames = []
     self.compatible = IPluggableAuthService.providedBy(self.context.acl_users)
     self.is_compatible()
Esempio n. 39
0
def install(self):
    out = StringIO()
    portal = getToolByName(self, "portal_url").getPortalObject()

    uf = getToolByName(self, "acl_users")

    EXISTING_UF = "acl_users" in portal.objectIds()
    EXISTING_PAS = IPluggableAuthService.providedBy(uf)

    if EXISTING_PAS:
        # Fix possible missing PAS plugins registration.
        pas_fixup(self, out)

        # Register PAS Plugin Types
        registerPluginTypes(uf)

    ldap_ufs, ldap_gf = None, None
    userdata = groupdata = memberships = ()

    if not EXISTING_UF:
        userdata = grabUserData(portal, out)
        addPAS(portal, out)
    elif not EXISTING_PAS:
        # We've got a existing user folder, but it's not a PAS
        # instance.

        goForMigration(portal, out)

        userdata = grabUserData(portal, out)
        groupdata, memberships = grabGroupData(portal, out)

        ldap_ufs, ldap_gf = grabLDAPFolders(portal, out)
        if (ldap_ufs or ldap_gf) and not CAN_LDAP:
            raise Exception, (
                "LDAPUserFolders present, but LDAPMultiPlugins "
                "not present. To successfully auto-migrate, "
                "the LDAPMultiPlugins product must be installed. "
                "(%s, %s):%s" % (ldap_ufs, ldap_gf, CAN_LDAP)
            )

        replaceUserFolder(portal, out)

    # Configure Challenge Chooser plugin if available
    challenge_chooser_setup(self, out)

    configurePlonePAS(portal, out)

    setupTools(portal, out)

    if EXISTING_UF and CAN_LDAP and ldap_gf is not None and ldap_ufs is not None:
        restoreLDAP(portal, out, ldap_ufs, ldap_gf)

    if not EXISTING_PAS:
        restoreUserData(portal, out, userdata)
        restoreGroupData(portal, out, groupdata, memberships)

    # XXX Why do we need to do this?
    migrate_root_uf(self, out)

    print >> out, "\nSuccessfully installed %s." % config.PROJECTNAME
    return out.getvalue()
Esempio n. 40
0
 def test_installed(self):
     self.assertTrue(IPluggableAuthService.providedBy(self.acl_users))
Esempio n. 41
0
 def test_installed(self):
     self.assertTrue(IPluggableAuthService.providedBy(self.acl_users))