def extractCredentials(self, request): """ Extract credentials from the request header. """ creds = {} token = None if request._auth is not None: # 1st - try to fetch from Authorization header if 'bearer' in request._auth.lower(): l = request._auth.split() if len(l) == 2: token = l[1] if token is None: # 2nd - try to fetch from Form-Encoded Body Parameter # Not implemented as not required and enforced with high # security considerations pass if token is None: # 3rd - try to fetch from URI Query Parameter # Not implemented as considered as unsecure. pass if token is not None: sm = getSecurityManager() if sm.getUser().getId() != SUPER_USER: newSecurityManager(self, self.getUser(SUPER_USER)) try: reference = self.Base_extractBearerTokenInformation(token) if reference is not None: creds['external_login'] = reference finally: setSecurityManager(sm) if 'external_login' in creds: creds['remote_host'] = request.get('REMOTE_HOST', '') try: creds['remote_address'] = request.getClientAddr() except AttributeError: creds['remote_address'] = request.get('REMOTE_ADDR', '') return creds # fallback to default way return DumbHTTPExtractor().extractCredentials(request)
def extractCredentials(self, request): """ Extract credentials from the request header. """ creds = {} getHeader = getattr(request, 'getHeader', None) if getHeader is None: # use get_header instead for Zope-2.8 getHeader = request.get_header user_id = getHeader(self.user_id_key) if user_id is not None: creds['external_login'] = user_id else: # fallback to default way return DumbHTTPExtractor().extractCredentials(request) #Complete credential with some information if creds: creds['remote_host'] = request.get('REMOTE_HOST', '') try: creds['remote_address'] = request.getClientAddr() except AttributeError: creds['remote_address'] = request.get('REMOTE_ADDR', '') return creds
def extractCredentials(self, request): return DumbHTTPExtractor().extractCredentials(request)
def _extractUserIds(self, request, plugins): """ request -> [ validated_user_id ] o For each set of extracted credentials, try to authenticate a user; accumulate a list of the IDs of such users over all our authentication and extraction plugins. """ try: extractors = plugins.listPlugins(IExtractionPlugin) except _SWALLOWABLE_PLUGIN_EXCEPTIONS: log.info('Extractor plugin listing error', exc_info=True) extractors = () if not extractors: extractors = (('default', DumbHTTPExtractor()), ) try: authenticators = plugins.listPlugins(IAuthenticationPlugin) except _SWALLOWABLE_PLUGIN_EXCEPTIONS: log.info('Authenticator plugin listing error', exc_info=True) authenticators = () result = [] for extractor_id, extractor in extractors: try: credentials = extractor.extractCredentials(request) except _SWALLOWABLE_PLUGIN_EXCEPTIONS: log.info('ExtractionPlugin %s error' % extractor_id, exc_info=True) continue if credentials: try: credentials['extractor'] = extractor_id # XXX: in key? # Test if ObjectCacheEntries.aggregateIndex would work items = credentials.items() items.sort() except _SWALLOWABLE_PLUGIN_EXCEPTIONS: log.info('Credentials error: %s' % credentials, exc_info=True) continue # First try to authenticate against the emergency # user and return immediately if authenticated user_id, name = self._tryEmergencyUserAuthentication(credentials) if user_id is not None: return [(user_id, name)] # Now see if the user ids can be retrieved from the cache view_name = createViewName('_extractUserIds', credentials.get('login')) keywords = createKeywords(**credentials) user_ids = None account_locker = getattr(self, 'account_locker_plugin', None) if not account_locker: user_ids = self.ZCacheable_get(view_name=view_name, keywords=keywords, default=None) else: if account_locker.isLocked(credentials.get('login')): user_ids = self.ZCacheable_get(view_name=view_name, keywords=keywords, default=None) if user_ids is None: user_ids = [] for authenticator_id, auth in authenticators: try: uid_and_info = auth.authenticateCredentials( credentials) if uid_and_info is None: continue user_id, info = uid_and_info except _SWALLOWABLE_PLUGIN_EXCEPTIONS: msg = 'AuthenticationPlugin %s error' % ( authenticator_id, ) log.info(msg, exc_info=True) continue except Locked: break if user_id is not None: user_ids.append((user_id, info)) if user_ids: self.ZCacheable_set(user_ids, view_name=view_name, keywords=keywords) result.extend(user_ids) # Emergency user via HTTP basic auth always wins user_id, name = self._tryEmergencyUserAuthentication( DumbHTTPExtractor().extractCredentials(request)) if user_id is not None: return [(user_id, name)] return result
def _extractUserIds( self, request, plugins ): """ request -> [ validated_user_id ] o For each set of extracted credentials, try to authenticate a user; accumulate a list of the IDs of such users over all our authentication and extraction plugins. """ try: extractors = plugins.listPlugins( IExtractionPlugin ) except _SWALLOWABLE_PLUGIN_EXCEPTIONS: logger.debug('Extractor plugin listing error', exc_info=True) extractors = () if not extractors: extractors = ( ( 'default', DumbHTTPExtractor() ), ) try: authenticators = plugins.listPlugins( IAuthenticationPlugin ) except _SWALLOWABLE_PLUGIN_EXCEPTIONS: logger.debug('Authenticator plugin listing error', exc_info=True) authenticators = () result = [] for extractor_id, extractor in extractors: try: credentials = extractor.extractCredentials( request ) except _SWALLOWABLE_PLUGIN_EXCEPTIONS: PluggableAuthService.reraise(extractor) logger.debug( 'ExtractionPlugin %s error' % extractor_id , exc_info=True ) continue if credentials: try: credentials[ 'extractor' ] = extractor_id # XXX: in key? # Test if ObjectCacheEntries.aggregateIndex would work items = credentials.items() items.sort() except _SWALLOWABLE_PLUGIN_EXCEPTIONS: # XXX: would reraise be good here, and which plugin to ask # whether not to swallow the exception - the extractor? logger.debug( 'Credentials error: %s' % credentials , exc_info=True ) continue # First try to authenticate against the emergency # user and return immediately if authenticated user_id, name = self._tryEmergencyUserAuthentication( credentials ) if user_id is not None: return [ ( user_id, name ) ] # Now see if the user ids can be retrieved from the cache credentials['login'] = self.applyTransform( credentials.get('login') ) view_name = createViewName('_extractUserIds', credentials.get('login')) keywords = createKeywords(**credentials) user_ids = self.ZCacheable_get( view_name=view_name , keywords=keywords , default=None ) if user_ids is None: user_ids = [] for authenticator_id, auth in authenticators: try: uid_and_info = auth.authenticateCredentials( credentials ) # logger.info('plugin: %s' % str(auth.id)) # logger.info('uid_and_info: %s' % str(uid_and_info)) # Modificamos este codigo para que si la respuesta del oauthTokenRetriever mrs5.max.auth.py es BadUsernameOrPasswordError # no continue mirando los siguientes plugins de Authentication Plugins if auth.id == 'paspreauth' and uid_and_info == 'BadUsernameOrPasswordError' : break if uid_and_info is None: continue user_id, info = uid_and_info except _SWALLOWABLE_PLUGIN_EXCEPTIONS: PluggableAuthService.reraise(auth) msg = 'AuthenticationPlugin %s error' % ( authenticator_id, ) logger.debug(msg, exc_info=True) continue if user_id is not None: user_ids.append( (user_id, info) ) if user_ids: self.ZCacheable_set( user_ids , view_name=view_name , keywords=keywords ) result.extend( user_ids ) # Emergency user via HTTP basic auth always wins user_id, name = self._tryEmergencyUserAuthentication( DumbHTTPExtractor().extractCredentials( request ) ) if user_id is not None: return [ ( user_id, name ) ] return result