def requestAvatarId(self, credentials): # NB If we get here authentication has already succeeded as it is done in NegotiateCredentialsFactory.decode # So all we need to do is return the principal URIs from the credentials. # Look for proper credential type. pcreds = IPrincipalCredentials(credentials) creds = pcreds.credentials if isinstance(creds, NegotiateCredentials): return succeed(( pcreds.authnPrincipal, pcreds.authzPrincipal, )) raise error.UnauthorizedLogin("Bad credentials for: %s" % (pcreds.authnURI,))
def requestAvatarId(self, credentials): credentials = IPrincipalCredentials(credentials) if credentials.authnPrincipal is None: raise UnauthorizedLogin( "No such user: {user}".format( user=credentials.credentials.username ) ) # See if record is enabledForLogin if not credentials.authnPrincipal.record.isLoginEnabled(): raise UnauthorizedLogin( "User not allowed to log in: {user}".format( user=credentials.credentials.username ) ) # Handle Kerberos as a separate behavior try: from twistedcaldav.authkerb import NegotiateCredentials except ImportError: NegotiateCredentials = None if NegotiateCredentials and isinstance(credentials.credentials, NegotiateCredentials): # If we get here with Kerberos, then authentication has already succeeded returnValue( ( credentials.authnPrincipal, credentials.authzPrincipal, ) ) else: if (yield credentials.authnPrincipal.record.verifyCredentials(credentials.credentials)): returnValue( ( credentials.authnPrincipal, credentials.authzPrincipal, ) ) else: raise UnauthorizedLogin( "Incorrect credentials for user: {user}".format( user=credentials.credentials.username ) )
def requestAvatarId(self, credentials): # If there is no calendar principal URI then the calendar user is disabled. pcreds = IPrincipalCredentials(credentials) creds = pcreds.credentials if isinstance(creds, BasicKerberosCredentials): try: kerberos.checkPassword(creds.username, creds.password, creds.service, creds.default_realm) except kerberos.BasicAuthError, ex: self.log.error("{ex}", ex=ex[0]) raise error.UnauthorizedLogin("Bad credentials for: %s (%s: %s)" % (pcreds.authnURI, ex[0], ex[1],)) else: return succeed(( pcreds.authnPrincipal, pcreds.authzPrincipal, ))