def authenticate(self, request):
"""See IAuthentication."""
# To avoid confusion (hopefully), basic auth trumps cookie auth
# totally, and all the time. If there is any basic auth at all,
# then cookie auth won't even be considered.
# XXX daniels 2004-12-14: allow authentication scheme to be put into
# a view; for now, use basic auth by specifying ILoginPassword.
try:
credentials = ILoginPassword(request, None)
except binascii.Error:
# We have probably been sent Basic auth credentials that aren't
# encoded properly. That's a client error, so we don't really
# care, and we're done.
raise Unauthorized("Bad Basic authentication.")
if (config.launchpad.basic_auth_password and credentials is not None
and credentials.getLogin() is not None):
return self._authenticateUsingBasicAuth(credentials, request)
else:
# Hack to make us not even think of using a session if there
# isn't already a cookie in the request, or one waiting to be
# set in the response.
cookie_name = config.launchpad_session.cookie
if (request.cookies.get(cookie_name) is not None
or request.response.getCookie(cookie_name) is not None):
return self._authenticateUsingCookieAuth(request)
else:
return None
def authenticate(self, request):
"""Identify a principal for request.
Retrieves the username and password from the session.
"""
session = ISession(request)[self.session_name]
if 'username' in session and 'password' in session:
if self._checkHashedPassword(session['username'], session['password']):
self.restorePOSTData(request)
return self.getPrincipal('sb.person.' + session['username'])
# Try HTTP basic too
creds = ILoginPassword(request, None)
if creds:
login = creds.getLogin()
if self._checkPlainTextPassword(login, creds.getPassword()):
return self.getPrincipal('sb.person.' + login)
def test_direct_basic_call_fails_when_disabled(self):
# Basic auth uses a single password for every user, so it must
# never be used on production. authenticate() won't call the
# underlying method unless it's enabled, but even if it somehow
# does it will fail.
authsvc, request = self._make('bruce', 'test')
credentials = ILoginPassword(request, None)
self.assertEqual(
authsvc._authenticateUsingBasicAuth(credentials, request), Bruce)
try:
config.push("no-basic", "[launchpad]\nbasic_auth_password: none")
exception = self.assertRaises(AssertionError,
authsvc._authenticateUsingBasicAuth,
credentials, request)
self.assertEqual("Attempted to use basic auth when it is disabled",
str(exception))
finally:
config.pop("no-basic")
def unauthorized(self, id, request):
"""See IAuthentication."""
a = ILoginPassword(request)
# TODO maybe configure the realm from zconfigure.
a.needLogin(realm="launchpad")
