class WhoPlugin(object):
implements(IAuthenticator)
_finder = None
def __init__(self, zodb_uri):
self._zodb_uri = zodb_uri
self._pwd_mgr = SSHAPasswordManager()
def _getFinder(self):
if self._finder is None:
self._finder = PersistentApplicationFinder(self._zodb_uri, appmaker)
return self._finder
def authenticate(self, environ, identity):
""" See IAuthenticator.
"""
login = identity.get('login')
password = identity.get('password')
if login is not None and password is not None:
request = get_current_request()
context = getattr(request, 'context', None)
registry = get_current_registry()
confirmed = registry.queryAdapter(context, IRegistrations,
name='confirmed')
if confirmed is None:
if getattr(context, '_p_jar', None) is None:
context = self._getFinder()(environ)
while context.__parent__ is not None:
context = context.__parent__
confirmed = ConfirmedRegistrations(context)
record = confirmed.get_by_login(login)
if record and self._pwd_mgr.checkPassword(record.password,
password):
return record.uuid
def authenticate(self, environ, identity):
try:
login = identity['login']
password = identity['password']
except KeyError:
return None
pwd_mgr = SSHAPasswordManager()
record = FauxConfirmedRegistrations(None).get_by_login(login)
if (record is not None and
pwd_mgr.checkPassword(record.password, password)):
return record.uuid
def do_login(self, **data):
login = Login()
self.applyData(login, **data)
principals = IOAuthPrincipalSource(grok.getApplication())
account = principals.find(login=login.login, domain=principals.domain)
if account: # check password, and authenticate if match
from zope.password.password import SSHAPasswordManager
mgr = SSHAPasswordManager()
if mgr.checkPassword(account.secret, login.secret):
session = ISession(self.request)['OAuth2']
session['principal'] = account # Found the principal
def authenticate(self, environ, identity):
try:
login = identity['login']
password = identity['password']
except KeyError:
return None
pwd_mgr = SSHAPasswordManager()
record = FauxConfirmedRegistrations(None).get_by_login(login)
if (record is not None and
pwd_mgr.checkPassword(record.password, password)):
return record.uuid
def test_POST_w_password_match_w_after_edit_url(self):
from webob.exc import HTTPFound
from webob.multidict import MultiDict
from zope.password.password import SSHAPasswordManager
AFTER = '/'
OLD_EMAIL = '*****@*****.**'
NEW_EMAIL = '*****@*****.**'
ENVIRON = {'repoze.who.identity': {'repoze.who.userid': 'UUID'}}
self.config.registry.settings['cartouche.after_edit_url'] = AFTER
pwd_mgr = SSHAPasswordManager()
encoded = pwd_mgr.encodePassword('old_password')
by_uuid, by_login, by_email = self._registerConfirmed()
by_uuid['UUID'] = Dummy(login='******',
email=OLD_EMAIL,
password=encoded,
security_question='borncity',
security_answer='FXBG')
by_email[OLD_EMAIL] = by_login['before'] = 'UUID'
POST = MultiDict([
('login_name', 'after'),
('email', NEW_EMAIL),
('old_password', 'old_password'),
('__start__', 'password:mapping'),
('value', 'newpassword'),
('confirm', 'newpassword'),
('__end__', 'password:mapping'),
('__start__', 'security:mapping'),
('question', 'petname'),
('answer', 'Fido'),
('__end__', 'security:mapping'),
('update', ''),
])
request = self._makeRequest(POST=POST,
environ=ENVIRON,
view_name='edit_account.html')
response = self._callFUT(request=request)
self.failUnless(isinstance(response, HTTPFound))
self.assertEqual(response.location, 'http://example.com/')
new_record = by_uuid['UUID']
self.assertEqual(new_record.login, 'after')
self.failUnless(
pwd_mgr.checkPassword(new_record.password, 'newpassword'))
self.assertEqual(new_record.security_question, 'petname')
self.assertEqual(new_record.security_answer, 'Fido')
self.failIf(OLD_EMAIL in by_email)
self.assertEqual(by_email[NEW_EMAIL], 'UUID')
self.failIf('before' in by_login)
self.assertEqual(by_login['after'], 'UUID')
def test_hit_w_password_utility(self):
import re
from repoze.sendmail.interfaces import IMailDelivery
from zope.password.password import SSHAPasswordManager
from cartouche.interfaces import IPasswordGenerator
GENERATED = re.compile(r'Your new password is:\s+(?P<password>[^\s]+)',
re.MULTILINE)
FROM_EMAIL = '*****@*****.**'
TO_EMAIL = '*****@*****.**'
def _password():
return 'PASSWORD'
self.config.registry.registerUtility(_password, IPasswordGenerator)
self.config.registry.settings['cartouche.from_addr'] = FROM_EMAIL
delivery = DummyMailer()
self.config.registry.registerUtility(delivery, IMailDelivery)
confirmed = DummyConfirmed()
confirmed.set(
'UUID',
email=TO_EMAIL,
login='******',
password='******',
security_question='question',
security_answer='answer',
token=None,
)
self._callFUT(userid='UUID', confirmed=confirmed)
record = confirmed.get('UUID')
self.assertEqual(record.uuid, 'UUID')
self.assertEqual(record.email, TO_EMAIL)
self.assertEqual(record.login, 'phred')
password = record.password
self.assertNotEqual(password, 'old_password')
self.failUnless(password.startswith('{SSHA}'))
self.assertEqual(record.security_question, 'question')
self.assertEqual(record.security_answer, 'answer')
self.assertEqual(record.token, None)
login_url = 'http://example.com/login.html'
self.assertEqual(delivery._sent[0], FROM_EMAIL)
self.assertEqual(list(delivery._sent[1]), [TO_EMAIL])
payload = delivery._sent[2].get_payload()
self.failUnless(login_url in payload)
found = GENERATED.search(payload)
generated = found.group('password')
self.assertEqual(generated, 'PASSWORD')
pwd_mgr = SSHAPasswordManager()
self.failUnless(pwd_mgr.checkPassword(password, generated))
def test_POST_w_password_match_w_after_edit_url(self):
from webob.exc import HTTPFound
from webob.multidict import MultiDict
from zope.password.password import SSHAPasswordManager
AFTER = '/'
OLD_EMAIL = '*****@*****.**'
NEW_EMAIL = '*****@*****.**'
ENVIRON = {'repoze.who.identity': {'repoze.who.userid': 'UUID'}}
self.config.registry.settings['cartouche.after_edit_url'] = AFTER
pwd_mgr = SSHAPasswordManager()
encoded = pwd_mgr.encodePassword('old_password')
by_uuid, by_login, by_email = self._registerConfirmed()
by_uuid['UUID'] = Dummy(login='******',
email=OLD_EMAIL,
password=encoded,
security_question='borncity',
security_answer='FXBG')
by_email[OLD_EMAIL] = by_login['before'] = 'UUID'
POST = MultiDict([('login_name', 'after'),
('email', NEW_EMAIL),
('old_password', 'old_password'),
('__start__', 'password:mapping'),
('password', 'newpassword'),
('password-confirm', 'newpassword'),
('__end__', 'password:mapping'),
('__start__', 'security:mapping'),
('question', 'petname'),
('answer', 'Fido'),
('__end__', 'security:mapping'),
('update', ''),
])
request = self._makeRequest(POST=POST, environ=ENVIRON,
view_name='edit_account.html')
response = self._callFUT(request=request)
self.failUnless(isinstance(response, HTTPFound))
self.assertEqual(response.location, 'http://example.com/')
new_record = by_uuid['UUID']
self.assertEqual(new_record.login, 'after')
self.failUnless(pwd_mgr.checkPassword(new_record.password,
'newpassword'))
self.assertEqual(new_record.security_question, 'petname')
self.assertEqual(new_record.security_answer, 'Fido')
self.failIf(OLD_EMAIL in by_email)
self.assertEqual(by_email[NEW_EMAIL], 'UUID')
self.failIf('before' in by_login)
self.assertEqual(by_login['after'], 'UUID')
def authenticate(self, environ, identity):
login = self.get_login(identity)
password = self.get_pw(identity)
if login is None or password is None:
return
users = self.users
doc = users.find_one({'username': login})
if doc is None:
return
manager = SSHAPasswordManager()
hashed = doc.get('password')
result = manager.checkPassword(str(hashed), str(password))
if result:
return login
return None
def test_hit_wo_password_utility(self):
import re
from repoze.sendmail.interfaces import IMailDelivery
from zope.password.password import SSHAPasswordManager
GENERATED = re.compile(r'Your new password is:\s+(?P<password>[^\s]+)',
re.MULTILINE)
RANDOM_PATTERN = re.compile(r'[A-Za-z0-9]{6,8}'
'[~!@#$%^&*]'
'[A-Za-z0-9]{6,8}'
)
FROM_EMAIL = '*****@*****.**'
TO_EMAIL = '*****@*****.**'
self.config.registry.settings['cartouche.from_addr'] = FROM_EMAIL
delivery = DummyMailer()
self.config.registry.registerUtility(delivery, IMailDelivery)
confirmed = DummyConfirmed()
confirmed.set('UUID',
email=TO_EMAIL,
login='******',
password='******',
security_question='question',
security_answer='answer',
token=None,
)
self._callFUT(userid='UUID', confirmed=confirmed)
record = confirmed.get('UUID')
self.assertEqual(record.uuid, 'UUID')
self.assertEqual(record.email, TO_EMAIL)
self.assertEqual(record.login, 'phred')
password = record.password
self.assertNotEqual(password, 'old_password')
self.failUnless(password.startswith('{SSHA}'))
self.assertEqual(record.security_question, 'question')
self.assertEqual(record.security_answer, 'answer')
self.assertEqual(record.token, None)
login_url = 'http://example.com/login.html'
self.assertEqual(delivery._sent[0], FROM_EMAIL)
self.assertEqual(list(delivery._sent[1]), [TO_EMAIL])
payload = delivery._sent[2].get_payload()
self.failUnless(login_url in payload)
found = GENERATED.search(payload)
generated = found.group('password')
pwd_mgr = SSHAPasswordManager()
self.failUnless(pwd_mgr.checkPassword(password, generated))
self.failUnless(RANDOM_PATTERN.match(generated))
class WhoPlugin(object):
implements(IAuthenticator)
_finder = None
def __init__(self, zodb_uri):
self._zodb_uri = zodb_uri
self._pwd_mgr = SSHAPasswordManager()
def _getFinder(self):
if self._finder is None:
self._finder = PersistentApplicationFinder(self._zodb_uri,
appmaker)
return self._finder
def authenticate(self, environ, identity):
""" See IAuthenticator.
"""
login = identity.get('login')
password = identity.get('password')
if login is not None and password is not None:
request = get_current_request()
context = getattr(request, 'context', None)
registry = get_current_registry()
confirmed = registry.queryAdapter(context,
IRegistrations,
name='confirmed')
if confirmed is None:
if getattr(context, '_p_jar', None) is None:
context = self._getFinder()(environ)
while context.__parent__ is not None:
context = context.__parent__
confirmed = ConfirmedRegistrations(context)
record = confirmed.get_by_login(login)
if record and self._pwd_mgr.checkPassword(record.password,
password):
return record.uuid
