def authenticate(self, request): """See IAuthentication.""" # To avoid confusion (hopefully), basic auth trumps cookie auth # totally, and all the time. If there is any basic auth at all, # then cookie auth won't even be considered. # XXX daniels 2004-12-14: allow authentication scheme to be put into # a view; for now, use basic auth by specifying ILoginPassword. try: credentials = ILoginPassword(request, None) except binascii.Error: # We have probably been sent Basic auth credentials that aren't # encoded properly. That's a client error, so we don't really # care, and we're done. raise Unauthorized("Bad Basic authentication.") if (config.launchpad.basic_auth_password and credentials is not None and credentials.getLogin() is not None): return self._authenticateUsingBasicAuth(credentials, request) else: # Hack to make us not even think of using a session if there # isn't already a cookie in the request, or one waiting to be # set in the response. cookie_name = config.launchpad_session.cookie if (request.cookies.get(cookie_name) is not None or request.response.getCookie(cookie_name) is not None): return self._authenticateUsingCookieAuth(request) else: return None
def authenticate(self, request): a = ILoginPassword(request, None) if a is not None: login = a.getLogin() if login is not None: p = self.__principalsByLogin.get(login, None) if p is not None: password = a.getPassword() if p.validate(password): return p return None
def authenticate(self, request): a = ILoginPassword(request, None) if a is not None: login = a.getLogin() if login is not None: # The login will be in bytes, but the registry stores them # using strings. p = self.__principalsByLogin.get(login.decode(), None) if p is not None: password = a.getPassword() if p.validate(password): return p return None
def authenticate(self, request): """Identify a principal for request. Retrieves the username and password from the session. """ session = ISession(request)[self.session_name] if 'username' in session and 'password' in session: if self._checkHashedPassword(session['username'], session['password']): self.restorePOSTData(request) return self.getPrincipal('sb.person.' + session['username']) # Try HTTP basic too creds = ILoginPassword(request, None) if creds: login = creds.getLogin() if self._checkPlainTextPassword(login, creds.getPassword()): return self.getPrincipal('sb.person.' + login)
def test_direct_basic_call_fails_when_disabled(self): # Basic auth uses a single password for every user, so it must # never be used on production. authenticate() won't call the # underlying method unless it's enabled, but even if it somehow # does it will fail. authsvc, request = self._make('bruce', 'test') credentials = ILoginPassword(request, None) self.assertEqual( authsvc._authenticateUsingBasicAuth(credentials, request), Bruce) try: config.push("no-basic", "[launchpad]\nbasic_auth_password: none") exception = self.assertRaises(AssertionError, authsvc._authenticateUsingBasicAuth, credentials, request) self.assertEqual("Attempted to use basic auth when it is disabled", str(exception)) finally: config.pop("no-basic")
def unauthorized(self, id, request): if id is None or id is self.__defaultid: a = ILoginPassword(request) a.needLogin(realm="Zope")
def unauthorized(self, id, request): """See IAuthentication.""" a = ILoginPassword(request) # TODO maybe configure the realm from zconfigure. a.needLogin(realm="launchpad")