Exemplo n.º 1
0
  def extractCredentials(self, request):
    """ Extract credentials from the request header. """
    creds = {}
    token = None
    if request._auth is not None:
      # 1st - try to fetch from Authorization header
      if 'bearer' in request._auth.lower():
        l = request._auth.split()
        if len(l) == 2:
          token = l[1]

    if token is None:
      # 2nd - try to fetch from Form-Encoded Body Parameter
      #   Not implemented as not required and enforced with high
      #   security considerations
      pass

    if token is None:
      # 3rd - try to fetch from URI Query Parameter
      #   Not implemented as considered as unsecure.
      pass

    if token is not None:
      sm = getSecurityManager()
      if sm.getUser().getId() != SUPER_USER:
        newSecurityManager(self, self.getUser(SUPER_USER))
      try:
        reference = self.Base_extractBearerTokenInformation(token)
        if reference is not None:
          creds['external_login'] = reference
      finally:
        setSecurityManager(sm)
      if 'external_login' in  creds:
        creds['remote_host'] = request.get('REMOTE_HOST', '')
        try:
          creds['remote_address'] = request.getClientAddr()
        except AttributeError:
          creds['remote_address'] = request.get('REMOTE_ADDR', '')
        return creds

    # fallback to default way
    return DumbHTTPExtractor().extractCredentials(request)
Exemplo n.º 2
0
    def extractCredentials(self, request):
        """ Extract credentials from the request header. """
        creds = {}
        getHeader = getattr(request, 'getHeader', None)
        if getHeader is None:
            # use get_header instead for Zope-2.8
            getHeader = request.get_header
        user_id = getHeader(self.user_id_key)
        if user_id is not None:
            creds['external_login'] = user_id
        else:
            # fallback to default way
            return DumbHTTPExtractor().extractCredentials(request)

        #Complete credential with some information
        if creds:
            creds['remote_host'] = request.get('REMOTE_HOST', '')
            try:
                creds['remote_address'] = request.getClientAddr()
            except AttributeError:
                creds['remote_address'] = request.get('REMOTE_ADDR', '')

        return creds
Exemplo n.º 3
0
 def extractCredentials(self, request):
     return DumbHTTPExtractor().extractCredentials(request)
Exemplo n.º 4
0
def _extractUserIds(self, request, plugins):
    """ request -> [ validated_user_id ]

    o For each set of extracted credentials, try to authenticate
    a user;  accumulate a list of the IDs of such users over all
    our authentication and extraction plugins.
    """
    try:
        extractors = plugins.listPlugins(IExtractionPlugin)
    except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
        log.info('Extractor plugin listing error', exc_info=True)
        extractors = ()

    if not extractors:
        extractors = (('default', DumbHTTPExtractor()), )

    try:
        authenticators = plugins.listPlugins(IAuthenticationPlugin)
    except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
        log.info('Authenticator plugin listing error', exc_info=True)
        authenticators = ()

    result = []

    for extractor_id, extractor in extractors:

        try:
            credentials = extractor.extractCredentials(request)
        except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
            log.info('ExtractionPlugin %s error' % extractor_id, exc_info=True)
            continue

        if credentials:
            try:
                credentials['extractor'] = extractor_id  # XXX: in key?
                # Test if ObjectCacheEntries.aggregateIndex would work
                items = credentials.items()
                items.sort()
            except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
                log.info('Credentials error: %s' % credentials, exc_info=True)
                continue

            # First try to authenticate against the emergency
            # user and return immediately if authenticated
            user_id, name = self._tryEmergencyUserAuthentication(credentials)

            if user_id is not None:
                return [(user_id, name)]

            # Now see if the user ids can be retrieved from the cache
            view_name = createViewName('_extractUserIds',
                                       credentials.get('login'))
            keywords = createKeywords(**credentials)

            user_ids = None
            account_locker = getattr(self, 'account_locker_plugin', None)
            if not account_locker:
                user_ids = self.ZCacheable_get(view_name=view_name,
                                               keywords=keywords,
                                               default=None)

            else:
                if account_locker.isLocked(credentials.get('login')):
                    user_ids = self.ZCacheable_get(view_name=view_name,
                                                   keywords=keywords,
                                                   default=None)

            if user_ids is None:
                user_ids = []

                for authenticator_id, auth in authenticators:

                    try:
                        uid_and_info = auth.authenticateCredentials(
                            credentials)

                        if uid_and_info is None:
                            continue

                        user_id, info = uid_and_info

                    except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
                        msg = 'AuthenticationPlugin %s error' % (
                            authenticator_id, )
                        log.info(msg, exc_info=True)
                        continue
                    except Locked:
                        break

                    if user_id is not None:
                        user_ids.append((user_id, info))

                if user_ids:
                    self.ZCacheable_set(user_ids,
                                        view_name=view_name,
                                        keywords=keywords)

            result.extend(user_ids)

    # Emergency user via HTTP basic auth always wins
    user_id, name = self._tryEmergencyUserAuthentication(
        DumbHTTPExtractor().extractCredentials(request))

    if user_id is not None:
        return [(user_id, name)]

    return result
Exemplo n.º 5
0
def _extractUserIds( self, request, plugins ):
    """ request -> [ validated_user_id ]

    o For each set of extracted credentials, try to authenticate
      a user;  accumulate a list of the IDs of such users over all
      our authentication and extraction plugins.
    """
    try:
        extractors = plugins.listPlugins( IExtractionPlugin )
    except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
        logger.debug('Extractor plugin listing error', exc_info=True)
        extractors = ()

    if not extractors:
        extractors = ( ( 'default', DumbHTTPExtractor() ), )

    try:
        authenticators = plugins.listPlugins( IAuthenticationPlugin )
    except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
        logger.debug('Authenticator plugin listing error', exc_info=True)
        authenticators = ()

    result = []

    for extractor_id, extractor in extractors:

        try:
            credentials = extractor.extractCredentials( request )
        except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
            PluggableAuthService.reraise(extractor)
            logger.debug( 'ExtractionPlugin %s error' % extractor_id
                        , exc_info=True
                        )
            continue

        if credentials:

            try:
                credentials[ 'extractor' ] = extractor_id # XXX: in key?
                # Test if ObjectCacheEntries.aggregateIndex would work
                items = credentials.items()
                items.sort()
            except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
                # XXX: would reraise be good here, and which plugin to ask
                # whether not to swallow the exception - the extractor?
                logger.debug( 'Credentials error: %s' % credentials
                            , exc_info=True
                            )
                continue

            # First try to authenticate against the emergency
            # user and return immediately if authenticated
            user_id, name = self._tryEmergencyUserAuthentication(
                                                        credentials )

            if user_id is not None:
                return [ ( user_id, name ) ]

            # Now see if the user ids can be retrieved from the cache
            credentials['login'] = self.applyTransform( credentials.get('login') )
            view_name = createViewName('_extractUserIds',
                                       credentials.get('login'))
            keywords = createKeywords(**credentials)
            user_ids = self.ZCacheable_get( view_name=view_name
                                          , keywords=keywords
                                          , default=None
                                          )
            if user_ids is None:
                user_ids = []

                for authenticator_id, auth in authenticators:

                    try:
                        uid_and_info = auth.authenticateCredentials(
                            credentials )

                        # logger.info('plugin: %s' % str(auth.id))
                        # logger.info('uid_and_info: %s' % str(uid_and_info))

                        # Modificamos este codigo para que si la respuesta del oauthTokenRetriever mrs5.max.auth.py es BadUsernameOrPasswordError
                        # no continue mirando los siguientes plugins de Authentication Plugins
                        if auth.id == 'paspreauth' and uid_and_info == 'BadUsernameOrPasswordError' :
                            break

                        if uid_and_info is None:
                            continue

                        user_id, info = uid_and_info

                    except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
                        PluggableAuthService.reraise(auth)
                        msg = 'AuthenticationPlugin %s error' % (
                                authenticator_id, )
                        logger.debug(msg, exc_info=True)
                        continue

                    if user_id is not None:
                        user_ids.append( (user_id, info) )

                if user_ids:
                    self.ZCacheable_set( user_ids
                                       , view_name=view_name
                                       , keywords=keywords
                                       )

            result.extend( user_ids )

    # Emergency user via HTTP basic auth always wins
    user_id, name = self._tryEmergencyUserAuthentication(
            DumbHTTPExtractor().extractCredentials( request ) )

    if user_id is not None:
        return [ ( user_id, name ) ]

    return result