def requestAvatarId(self, credentials):
# NB If we get here authentication has already succeeded as it is done in NegotiateCredentialsFactory.decode
# So all we need to do is return the principal URIs from the credentials.
# Look for proper credential type.
pcreds = IPrincipalCredentials(credentials)
creds = pcreds.credentials
if isinstance(creds, NegotiateCredentials):
return succeed((
pcreds.authnPrincipal,
pcreds.authzPrincipal,
))
raise error.UnauthorizedLogin("Bad credentials for: %s" % (pcreds.authnURI,))
def requestAvatarId(self, credentials):
credentials = IPrincipalCredentials(credentials)
if credentials.authnPrincipal is None:
raise UnauthorizedLogin(
"No such user: {user}".format(
user=credentials.credentials.username
)
)
# See if record is enabledForLogin
if not credentials.authnPrincipal.record.isLoginEnabled():
raise UnauthorizedLogin(
"User not allowed to log in: {user}".format(
user=credentials.credentials.username
)
)
# Handle Kerberos as a separate behavior
try:
from twistedcaldav.authkerb import NegotiateCredentials
except ImportError:
NegotiateCredentials = None
if NegotiateCredentials and isinstance(credentials.credentials,
NegotiateCredentials):
# If we get here with Kerberos, then authentication has already succeeded
returnValue(
(
credentials.authnPrincipal,
credentials.authzPrincipal,
)
)
else:
if (yield credentials.authnPrincipal.record.verifyCredentials(credentials.credentials)):
returnValue(
(
credentials.authnPrincipal,
credentials.authzPrincipal,
)
)
else:
raise UnauthorizedLogin(
"Incorrect credentials for user: {user}".format(
user=credentials.credentials.username
)
)
def requestAvatarId(self, credentials):
# If there is no calendar principal URI then the calendar user is disabled.
pcreds = IPrincipalCredentials(credentials)
creds = pcreds.credentials
if isinstance(creds, BasicKerberosCredentials):
try:
kerberos.checkPassword(creds.username, creds.password, creds.service, creds.default_realm)
except kerberos.BasicAuthError, ex:
self.log.error("{ex}", ex=ex[0])
raise error.UnauthorizedLogin("Bad credentials for: %s (%s: %s)" % (pcreds.authnURI, ex[0], ex[1],))
else:
return succeed((
pcreds.authnPrincipal,
pcreds.authzPrincipal,
))