def render(self):
login_url = resource_url(self.request.context, self.request, 'login')
referrer = self.request.url
# never use the login form itself as came_from
if referrer == login_url:
referrer = '/'
came_from = self.request.params.get('came_from', referrer)
login = self.request.params.get('user.login', '')
if 'form.submitted' in self.request.params:
password = self.request.params.get('user.password', u'')
if password:
if User.by_ldap_credentials(
self.session, login, password,
self.request.registry.settings) is not None:
log.info('login %r succeed', login)
headers = remember(self.request, login)
return HTTPFound(location=came_from, headers=headers)
if User.by_credentials(self.session, login,
password) is not None:
log.info('login %r succeed', login)
headers = remember(self.request, login)
return HTTPFound(location=came_from, headers=headers)
return {
'came_from': came_from,
'user': User(login=login),
}
def render(self):
login_url = resource_url(self.request.context, self.request, 'login')
referrer = self.request.url
# never use the login form itself as came_from
if referrer == login_url:
referrer = '/'
came_from = self.request.params.get('came_from', referrer)
login = self.request.params.get('user.login', '')
if 'form.submitted' in self.request.params:
password = self.request.params.get('user.password', u'')
if password:
if User.by_ldap_credentials(
self.session, login, password,
self.request.registry.settings) is not None:
log.info('login %r succeed', login)
headers = remember(self.request, login)
return HTTPFound(location=came_from,
headers=headers)
if User.by_credentials(
self.session, login, password) is not None:
log.info('login %r succeed', login)
headers = remember(self.request, login)
return HTTPFound(location=came_from,
headers=headers)
return {'came_from': came_from,
'user': User(login=login),
}
def authenticated_userid(self, request):
auth = request.environ.get('HTTP_AUTHORIZATION')
try:
authmeth, auth = auth.split(' ', 1)
except AttributeError as ValueError: # not enough values to unpack
return None
if authmeth.lower() != 'basic':
return None
try:
# Python 3's string is already unicode
auth = auth.strip().decode('base64')
if sys.version_info[0] == 2:
auth = unicode(auth)
except binascii.Error: # can't decode
return None
try:
login, password = auth.split(':', 1)
except ValueError: # not enough values to unpack
return None
if User.by_credentials(DBSession(), login, password):
return login
return None
def authenticated_userid(self, request):
auth = request.environ.get('HTTP_AUTHORIZATION')
try:
authmeth, auth = auth.split(' ', 1)
except AttributeError: # not enough values to unpack
return None
if authmeth.lower() != 'basic':
return None
try:
# Python 3's string is already unicode
auth = base64.b64decode(auth.strip())
except binascii.Error: # can't decode
return None
if not isinstance(auth, unicode):
auth = auth.decode('utf-8')
try:
login, password = auth.split(':', 1)
except ValueError: # not enough values to unpack
return None
if User.by_credentials(DBSession(), login, password):
return login
if User.by_ldap_credentials(DBSession(), login, password,
request.registry.settings):
return login
return None
def authenticated_userid(self, request):
auth = request.environ.get('HTTP_AUTHORIZATION')
try:
authmeth, auth = auth.split(' ', 1)
except AttributeError: # not enough values to unpack
return None
if authmeth.lower() != 'basic':
return None
try:
# Python 3's string is already unicode
auth = base64.b64decode(auth.strip())
except binascii.Error: # can't decode
return None
if not isinstance(auth, unicode):
auth = auth.decode('utf-8')
try:
login, password = auth.split(':', 1)
except ValueError: # not enough values to unpack
return None
if User.by_credentials(DBSession(), login, password):
return login
if User.by_ldap_credentials(DBSession(), login, password,request.registry.settings):
return login
return None
def test_update_post_ok(self):
from pyshop.models import User
from pyshop.views.user import Edit
view = Edit(
self.create_request(
{
"form.submitted": u"1",
"user.login": u"root",
"user.firstname": u"Admin",
"user.lastname": u"Istrator",
}
)
)()
self.assertIsRedirect(view)
self.session.flush()
admin = User.by_credentials(self.session, u"root", u"changeme")
self.assertIsInstance(admin, User)
self.assertEqual(admin.login, u"root")
self.assertEqual(admin.firstname, u"Admin")
self.assertEqual(admin.lastname, u"Istrator")
admin.login = u"admin"
admin.password = u"changeme"
admin.firstname = None
admin.lastname = None
self.session.add(admin)
def test_change_password_post_ok(self):
from pyshop.models import User
from pyshop.views.user import ChangePassword as ChangePwd
view = ChangePwd(self.create_request({'form.submitted': u'1',
'current_password': u'changeme',
'user.password': u'newpassw',
'confirm_password': u'newpassw',
}))()
admin = User.by_credentials(self.session, u'admin', u'newpassw')
self.assertIsInstance(admin, User)
admin.password = u'changeme'
self.session.add(admin)
def test_change_password_post_ko_unchanged(self):
from pyshop.models import User
from pyshop.views.user import ChangePassword as ChangePwd
view = ChangePwd(self.create_request({'form.submitted': u'1',
'current_password': u'changeme',
'user.password': u'changeme',
'confirm_password': u'changeme',
}))()
self.assertEqual(view['errors'],
[u'password is inchanged'])
admin = User.by_credentials(self.session, u'admin', u'changeme')
self.assertIsInstance(admin, User)
def validate(self, model, errors):
r = self.request
if not User.by_credentials(self.session, model.login,
r.params['current_password']):
errors.append(_(u'current password is not correct'))
elif r.params['user.password'] == r.params['current_password']:
errors.append(_(u'password is inchanged'))
if r.params['user.password'] != r.params['confirm_password']:
errors.append(_(u'passwords do not match'))
return len(errors) == 0
def validate(self, model, errors):
r = self.request
if not User.by_credentials(self.session, model.login,
r.params['current_password']):
errors.append(_(u'current password is not correct'))
elif r.params['user.password'] == r.params['current_password']:
errors.append(_(u'password is inchanged'))
if r.params['user.password'] != r.params['confirm_password']:
errors.append(_(u'passwords do not match'))
return len(errors) == 0
def test_change_password_post_ko_unchanged(self):
from pyshop.models import User
from pyshop.views.user import ChangePassword as ChangePwd
view = ChangePwd(
self.create_request({
'form.submitted': u'1',
'current_password': u'changeme',
'user.password': u'changeme',
'confirm_password': u'changeme',
}))()
self.assertEqual(view['errors'], [u'password is inchanged'])
admin = User.by_credentials(self.session, u'admin', u'changeme')
self.assertIsInstance(admin, User)
def test_change_password_post_ko_not_matched(self):
from pyshop.models import User
from pyshop.views.user import ChangePassword as ChangePwd
view = ChangePwd(self.create_request({'form.submitted': u'1',
'current_password': u'CHANGEME',
'user.password': u'newpassw',
'confirm_password': u'NEWPASSW',
}))()
self.assertEqual(view['errors'],
[u'current password is not correct',
u'passwords do not match'])
admin = User.by_credentials(self.session, u'admin', u'changeme')
self.assertIsInstance(admin, User)
def test_change_password_post_ok(self):
from pyshop.models import User
from pyshop.views.user import ChangePassword as ChangePwd
view = ChangePwd(
self.create_request({
'form.submitted': u'1',
'current_password': u'changeme',
'user.password': u'newpassw',
'confirm_password': u'newpassw',
}))()
admin = User.by_credentials(self.session, u'admin', u'newpassw')
self.assertIsInstance(admin, User)
admin.password = u'changeme'
self.session.add(admin)
def test_change_password_post_ko_not_matched(self):
from pyshop.models import User
from pyshop.views.user import ChangePassword as ChangePwd
view = ChangePwd(
self.create_request({
'form.submitted': u'1',
'current_password': u'CHANGEME',
'user.password': u'newpassw',
'confirm_password': u'NEWPASSW',
}))()
self.assertEqual(
view['errors'],
[u'current password is not correct', u'passwords do not match'])
admin = User.by_credentials(self.session, u'admin', u'changeme')
self.assertIsInstance(admin, User)
def authbasic(request):
"""
Authentification basic, Upload pyshop repository access
"""
if len(request.environ.get('HTTP_AUTHORIZATION','')) > 0:
auth = request.environ.get('HTTP_AUTHORIZATION')
scheme, data = auth.split(None, 1)
assert scheme.lower() == 'basic'
username, password = data.decode('base64').split(':', 1)
if User.by_credentials(DBSession(), username, password):
return HTTPFound(location=request.url)
return Response(status=401,
headerlist=[('WWW-Authenticate',
('Basic realm="%s"' %
_('pyshop repository access')).encode('utf-8')
)],
)
def test_change_password_post_ko_unchanged(self):
from pyshop.models import User
from pyshop.views.user import ChangePassword as ChangePwd
view = ChangePwd(
self.create_request(
{
"form.submitted": u"1",
"current_password": u"changeme",
"user.password": u"changeme",
"confirm_password": u"changeme",
}
)
)()
self.assertEqual(view["errors"], [u"password is inchanged"])
admin = User.by_credentials(self.session, u"admin", u"changeme")
self.assertIsInstance(admin, User)
def test_change_password_post_ko_not_matched(self):
from pyshop.models import User
from pyshop.views.user import ChangePassword as ChangePwd
view = ChangePwd(
self.create_request(
{
"form.submitted": u"1",
"current_password": u"CHANGEME",
"user.password": u"newpassw",
"confirm_password": u"NEWPASSW",
}
)
)()
self.assertEqual(view["errors"], [u"current password is not correct", u"passwords do not match"])
admin = User.by_credentials(self.session, u"admin", u"changeme")
self.assertIsInstance(admin, User)
def test_change_password_post_ok(self):
from pyshop.models import User
from pyshop.views.user import ChangePassword as ChangePwd
view = ChangePwd(
self.create_request(
{
"form.submitted": u"1",
"current_password": u"changeme",
"user.password": u"newpassw",
"confirm_password": u"newpassw",
}
)
)()
admin = User.by_credentials(self.session, u"admin", u"newpassw")
self.assertIsInstance(admin, User)
admin.password = u"changeme"
self.session.add(admin)
def test_update_post_ok(self):
from pyshop.models import User
from pyshop.views.user import Edit
view = Edit(self.create_request({'form.submitted': u'1',
'user.login': u'root',
'user.firstname': u'Admin',
'user.lastname': u'Istrator',
}))()
self.assertIsRedirect(view)
self.session.flush()
admin = User.by_credentials(self.session, u'root', u'changeme')
self.assertIsInstance(admin, User)
self.assertEqual(admin.login, u'root')
self.assertEqual(admin.firstname, u'Admin')
self.assertEqual(admin.lastname, u'Istrator')
admin.login = u'admin'
admin.password = u'changeme'
admin.firstname = None
admin.lastname = None
self.session.add(admin)
def authbasic(request):
"""
Authentification basic, Upload pyshop repository access
"""
if len(request.environ.get('HTTP_AUTHORIZATION','')) > 0:
auth = request.environ.get('HTTP_AUTHORIZATION')
scheme, data = auth.split(None, 1)
assert scheme.lower() == 'basic'
data = base64.b64decode(data)
if not isinstance(data, unicode):
data = data.decode('utf-8')
username, password = data.split(':', 1)
if User.by_ldap_credentials(DBSession(), username, password, request.registry.settings):
return HTTPFound(location=request.url)
if User.by_credentials(DBSession(), username, password):
return HTTPFound(location=request.url)
return Response(status=401,
headerlist=[(b'WWW-Authenticate',
b'Basic realm="pyshop repository access"'
)],
)
def test_update_post_ok(self):
from pyshop.models import User
from pyshop.views.user import Edit
view = Edit(
self.create_request({
'form.submitted': u'1',
'user.login': u'root',
'user.firstname': u'Admin',
'user.lastname': u'Istrator',
}))()
self.assertIsRedirect(view)
self.session.flush()
admin = User.by_credentials(self.session, u'root', u'changeme')
self.assertIsInstance(admin, User)
self.assertEqual(admin.login, u'root')
self.assertEqual(admin.firstname, u'Admin')
self.assertEqual(admin.lastname, u'Istrator')
admin.login = u'admin'
admin.password = u'changeme'
admin.firstname = None
admin.lastname = None
self.session.add(admin)
def test_by_credentials_ok(self):
from pyshop.models import User
user = User.by_credentials(self.session, u'local_user', 'secret')
self.assertIsInstance(user, User)
self.assertEqual(user.login, u'local_user')
self.assertEqual(user.name, u'Local User')
def test_by_credentials_ko_password(self):
from pyshop.models import User
user = User.by_credentials(self.session, u'admin', 'CHANGEME')
self.assertIsNone(user)
def test_by_credentials_ko_mirrored(self):
from pyshop.models import User
user = User.by_credentials(self.session, u'johndo', '')
self.assertEqual(user, None)
def test_by_credentials_ko_unexists(self):
from pyshop.models import User
user = User.by_credentials(self.session, u'u404', u"' OR 1 = 1 #")
self.assertEqual(user, None)
def test_by_credentials_ok(self):
from pyshop.models import User
user = User.by_credentials(self.session, u'local_user', 'secret')
self.assertIsInstance(user, User)
self.assertEqual(user.login, u'local_user')
self.assertEqual(user.name, u'Local User')
def test_by_credentials_ko_password(self):
from pyshop.models import User
user = User.by_credentials(self.session, u'admin', 'CHANGEME')
self.assertIsNone(user)
def test_by_credentials_ko_mirrored(self):
from pyshop.models import User
user = User.by_credentials(self.session, u'johndo', '')
self.assertEqual(user, None)
def test_by_credentials_ko_unexists(self):
from pyshop.models import User
user = User.by_credentials(self.session, u'u404', u"' OR 1 = 1 #")
self.assertEqual(user, None)
def authbasic(request):
"""
Authentification basic, Upload pyshop repository access
"""
if len(request.environ.get('HTTP_AUTHORIZATION', '')) > 0:
transaction.manager
auth = request.environ.get('HTTP_AUTHORIZATION')
scheme, data = auth.split(None, 1)
assert scheme.lower() == 'basic'
data = base64.b64decode(data)
if not isinstance(data, unicode):
data = data.decode('utf-8')
username, password = data.split(':', 1)
# if User.by_ldap_credentials(
# DBSession(), username, password, request.registry.settings):
# return HTTPFound(location=request.url)
# if User.by_credentials(DBSession(), username, password):
# return HTTPFound(location=request.url)
# if user:
# return HTTPFound(location=request.url)
user = None
session = DBSession()
if request.registry.settings["pyshop.ldap.use_for_auth"]:
user = User.by_ldap_credentials(session, username, password,
request.registry.settings)
if user:
user = User.by_login(session, username)
else:
user = User.by_login(session, username)
if user:
session.delete(user)
user = None
else:
user = User.by_credentials(session, username, password)
# if user:
# return HTTPFound(location=request.url)
if user:
group_names = []
for group in user.groups:
group_names.append(group.name)
transaction.commit()
if request.matched_route:
print("*" * 200)
print(request.matched_route.name)
if request.matched_route.name in ["upload_releasefile"]:
if not "developer" in group_names:
return Response(
status=401,
headerlist=[
(b'WWW-Authenticate',
b'Basic realm="pyshop repository access"')
],
)
return HTTPFound(location=request.url)
else:
return Response(
status=402,
headerlist=[(b'WWW-Authenticate',
b'Basic realm="pyshop repository access"')],
)
return Response(
status=401,
headerlist=[(b'WWW-Authenticate',
b'Basic realm="pyshop repository access"')],
)
