def identify(self, environ):
#get the cookie from the environment if it exsits
cookies = get_cookies(environ)
cookie = cookies.get(self.cookie_name)
#check if it is not null
if cookie is None or not cookie.value:
return None
try:
#Use the cookie to get the users id from memcache
user = self.mc.get(cookie.value)
except Exception as e:
logger.error('Exception getting user from memcache: {0}'.format(e))
return None
#check if user exists
if not user:
return None
#logger.debug('Got User Object: {0}'.format(user))
#check if user has timed out credentials
if self.timeout and ( (user.get('timestamp', 0) + self.timeout) < time.time() ):
return None
#if user is valid and their creds haven't timed out then set environ and return the user data
environ['REMOTE_USER_DATA'] = user
environ['AUTH_TYPE'] = 'memcached'
return user
def identify(self, environ):
#get the cookie from the environment if it exsits
cookies = get_cookies(environ)
cookie = cookies.get(self.cookie_name)
#check if it is not null
if cookie is None or not cookie.value:
return None
try:
#Use the cookie to get the users id from memcache
user = self.mc.get(cookie.value)
except Exception as e:
logger.error('Exception getting user from memcache: {0}'.format(e))
return None
#check if user exists
if not user:
return None
#logger.debug('Got User Object: {0}'.format(user))
#check if user has timed out credentials
if self.timeout and (
(user.get('timestamp', 0) + self.timeout) < time.time()):
return None
#if user is valid and their creds haven't timed out then set environ and return the user data
environ['REMOTE_USER_DATA'] = user
environ['AUTH_TYPE'] = 'memcached'
return user
def remember(self, environ, identity):
cookies = get_cookies(environ)
if identity is not None and not self.cookie_name in cookies:
aes = environ['aes_cipher']
val = base64.b64encode(bauth(aes, '%s:%s' % (
identity['login'], identity['password'])))
identity['tokens'] = environ['remote.domains']
identity['repoze.who.userid'] = val
return Basetkt.remember(self, environ, identity)
def _remember(self, environ, identity):
log.debug('remembering')
if self.include_ip:
remote_addr = environ['REMOTE_ADDR']
else:
remote_addr = '0.0.0.0'
cookies = get_cookies(environ)
old_cookie = cookies.get(self.cookie_name)
existing = cookies.get(self.cookie_name)
old_cookie_value = getattr(existing, 'value', None)
max_age = identity.get('max_age', None)
timestamp, userid, tokens, userdata = None, '', (), ''
if old_cookie_value:
try:
timestamp, userid, tokens, userdata = auth_tkt.parse_ticket(
self.secret,
old_cookie_value,
remote_addr,
digest_algo=self.digest_algo)
except auth_tkt.BadTicket:
pass
tokens = tuple(tokens)
who_userid = identity['repoze.who.plugins.visitor_tracker.userid']
log.debug('remembering: user_id=%r', who_userid)
who_tokens = tuple(identity.get('tokens', ()))
who_userdata = identity.get('userdata', '')
encoding_data = self.userid_type_encoders.get(type(who_userid))
if encoding_data:
encoding, encoder = encoding_data
who_userid = encoder(who_userid)
# XXX we are discarding the userdata passed in the identity?
who_userdata = 'userid_type:%s' % encoding
old_data = (userid, tokens, userdata)
new_data = (who_userid, who_tokens, who_userdata)
if old_data != new_data or (self.reissue_time and (
(timestamp + self.reissue_time) < time.time())):
ticket = auth_tkt.AuthTicket(self.secret,
who_userid,
remote_addr,
tokens=who_tokens,
user_data=who_userdata,
cookie_name=self.cookie_name,
secure=self.secure,
digest_algo=self.digest_algo)
new_cookie_value = ticket.cookie_value()
if old_cookie_value != new_cookie_value:
# return a set of Set-Cookie headers
return self._get_cookies(environ, new_cookie_value, max_age)
def remember(self, environ, identity):
if self.include_ip:
remote_addr = environ['REMOTE_ADDR']
else:
remote_addr = '0.0.0.0'
cookies = get_cookies(environ)
old_cookie = cookies.get(self.cookie_name)
existing = cookies.get(self.cookie_name)
old_cookie_value = getattr(existing, 'value', None)
max_age = identity.get('max_age', None)
timestamp, userid, tokens, userdata = None, '', (), ''
if old_cookie_value:
try:
timestamp,userid,tokens,userdata = auth_tkt.parse_ticket(
self.secret, old_cookie_value, remote_addr,
self.digest_algo)
except auth_tkt.BadTicket:
pass
tokens = tuple(tokens)
who_userid = identity['repoze.who.userid']
who_tokens = tuple(identity.get('tokens', ()))
who_userdata_dict = identity.get('userdata', {})
encoding_data = self.userid_type_encoders.get(type(who_userid))
if encoding_data:
encoding, encoder = encoding_data
who_userid = encoder(who_userid)
who_userdata_dict[self.userid_typename] = encoding
who_userdata = urlencode(who_userdata_dict)
old_data = (userid, tokens, userdata)
new_data = (who_userid, who_tokens, who_userdata)
if old_data != new_data or (self.reissue_time and
( (timestamp + self.reissue_time) < time.time() )):
ticket = auth_tkt.AuthTicket(
self.secret,
who_userid,
remote_addr,
tokens=who_tokens,
user_data=who_userdata,
cookie_name=self.cookie_name,
secure=self.secure,
digest_algo=self.digest_algo)
new_cookie_value = ticket.cookie_value()
if old_cookie_value != new_cookie_value:
# return a set of Set-Cookie headers
return self._get_cookies(environ, new_cookie_value, max_age)
def remember(self, environ, identity):
if self.include_ip:
remote_addr = environ['REMOTE_ADDR']
else:
remote_addr = '0.0.0.0'
cookies = get_cookies(environ)
old_cookie = cookies.get(self.cookie_name)
existing = cookies.get(self.cookie_name)
old_cookie_value = getattr(existing, 'value', None)
max_age = identity.get('max_age', None)
timestamp, userid, tokens, userdata = None, '', (), ''
if old_cookie_value:
try:
timestamp, userid, tokens, userdata = auth_tkt.parse_ticket(
self.secret, old_cookie_value, remote_addr,
self.digest_algo)
except auth_tkt.BadTicket:
pass
tokens = tuple(tokens)
who_userid = identity['repoze.who.userid']
who_tokens = tuple(identity.get('tokens', ()))
who_userdata_dict = identity.get('userdata', {})
encoding_data = self.userid_type_encoders.get(type(who_userid))
if encoding_data:
encoding, encoder = encoding_data
who_userid = encoder(who_userid)
who_userdata_dict[self.userid_typename] = encoding
who_userdata = urlencode(who_userdata_dict)
old_data = (userid, tokens, userdata)
new_data = (who_userid, who_tokens, who_userdata)
if old_data != new_data or (self.reissue_time and (
(timestamp + self.reissue_time) < time.time())):
ticket = auth_tkt.AuthTicket(self.secret,
who_userid,
remote_addr,
tokens=who_tokens,
user_data=who_userdata,
cookie_name=self.cookie_name,
secure=self.secure,
digest_algo=self.digest_algo)
new_cookie_value = ticket.cookie_value()
if old_cookie_value != new_cookie_value:
# return a set of Set-Cookie headers
return self._get_cookies(environ, new_cookie_value, max_age)
def forget(self, environ, identity):
logger.debug('Forget - repoze.who')
#get the cookie and delete it's key & data from memcache
cookies = get_cookies(environ)
cookie = cookies.get(self.cookie_name)
if cookie and cookie.value:
self.mc.delete(cookie.value)
logger.debug('Forgetting cookie: {0}'.format(cookie.value))
# return a set of expires Set-Cookie headers
return self._get_cookies(environ, 'INVALID', 0)
def forget(self, environ, identity):
logger.debug('Forget - repoze.who')
#get the cookie and delete it's key & data from memcache
cookies = get_cookies(environ)
cookie = cookies.get(self.cookie_name)
if cookie and cookie.value:
self.mc.delete(cookie.value)
logger.debug('Forgetting cookie: {0}'.format(cookie.value))
# return a set of expires Set-Cookie headers
return self._get_cookies(environ, 'INVALID', 0)
def identify(self, environ):
logger.debug('identify: START')
logger.debug('identify -- Environ: {0}'.format(environ))
cookies = get_cookies(environ)
logger.debug('identify -- Cookies: {0} '.format(cookies))
logger.debug('identify -- Cookie Name: {0} '.format(self.cookie_name))
cookie = cookies.get(self.cookie_name)
logger.debug('identify -- Cookie: {0} '.format(cookie))
if cookie is None or not cookie.value:
return None
if self.include_ip:
remote_addr = environ['REMOTE_ADDR']
else:
remote_addr = '0.0.0.0'
try:
timestamp, userid, tokens, user_data = auth_tkt.parse_ticket(
self.secret, cookie.value, remote_addr)
except auth_tkt.BadTicket:
return None
if self.timeout and ( (timestamp + self.timeout) < time.time() ):
return None
user_data_dict = dict(parse_qsl(user_data))
userid_type = user_data_dict.get(self.userid_typename)
if userid_type:
decoder = self.userid_type_decoders.get(userid_type)
if decoder:
userid = decoder(userid)
environ['REMOTE_USER_TOKENS'] = tokens
environ['REMOTE_USER_DATA'] = user_data
environ['AUTH_TYPE'] = 'cookie'
identity = {}
identity['timestamp'] = timestamp
identity['repoze.who.plugins.auth_tkt.userid'] = userid
identity['tokens'] = tokens
identity['userdata'] = user_data_dict
return identity
def identify(self, environ):
cookies = get_cookies(environ)
cookie = cookies.get(self.cookie_name)
if cookie is None or not cookie.value:
return None
if self.include_ip:
remote_addr = environ['REMOTE_ADDR']
else:
remote_addr = '0.0.0.0'
try:
timestamp, userid, tokens, user_data = auth_tkt.parse_ticket(
self.secret, cookie.value, remote_addr)
except auth_tkt.BadTicket:
return None
if self.timeout and ( (timestamp + self.timeout) < time.time() ):
return None
userid_typename = 'userid_type:'
user_data_info = user_data.split('|')
for datum in filter(None, user_data_info):
if datum.startswith(userid_typename):
userid_type = datum[len(userid_typename):]
decoder = self.userid_type_decoders.get(userid_type)
if decoder:
userid = decoder(userid)
environ['REMOTE_USER_TOKENS'] = tokens
environ['REMOTE_USER_DATA'] = user_data
environ['AUTH_TYPE'] = 'cookie'
identity = {}
identity['timestamp'] = timestamp
identity['repoze.who.plugins.auth_tkt.userid'] = userid
identity['tokens'] = tokens
identity['userdata'] = user_data
return identity
def identify(self, environ):
cookies = get_cookies(environ)
cookie = cookies.get(self.cookie_name)
if cookie is None or not cookie.value:
return None
if self.include_ip:
remote_addr = environ['REMOTE_ADDR']
else:
remote_addr = '0.0.0.0'
try:
timestamp, userid, tokens, user_data = auth_tkt.parse_ticket(
self.secret, cookie.value, remote_addr)
except auth_tkt.BadTicket:
return None
if self.timeout and ((timestamp + self.timeout) < time.time()):
return None
userid_typename = 'userid_type:'
user_data_info = user_data.split('|')
for datum in filter(None, user_data_info):
if datum.startswith(userid_typename):
userid_type = datum[len(userid_typename):]
decoder = self.userid_type_decoders.get(userid_type)
if decoder:
userid = decoder(userid)
environ['REMOTE_USER_TOKENS'] = tokens
environ['REMOTE_USER_DATA'] = user_data
environ['AUTH_TYPE'] = 'cookie'
identity = {}
identity['timestamp'] = timestamp
identity['repoze.who.plugins.auth_tkt.userid'] = userid
identity['tokens'] = tokens
identity['userdata'] = user_data
return identity
def identify(self, environ):
cookies = get_cookies(environ)
cookie = cookies.get(self.cookie_name)
if cookie is None or not cookie.value:
return None
if self.include_ip:
remote_addr = environ['REMOTE_ADDR']
else:
remote_addr = '0.0.0.0'
try:
timestamp, userid, tokens, user_data = auth_tkt.parse_ticket(
self.secret, cookie.value, remote_addr, self.digest_algo)
except auth_tkt.BadTicket:
return None
if self.timeout and ( (timestamp + self.timeout) < time.time() ):
return None
user_data_dict = dict(parse_qsl(user_data))
userid_type = user_data_dict.get(self.userid_typename)
if userid_type:
decoder = self.userid_type_decoders.get(userid_type)
if decoder:
userid = decoder(userid)
environ['REMOTE_USER_TOKENS'] = tokens
environ['REMOTE_USER_DATA'] = user_data
environ['AUTH_TYPE'] = 'cookie'
identity = {}
identity['timestamp'] = timestamp
identity['repoze.who.plugins.auth_tkt.userid'] = userid
identity['tokens'] = tokens
identity['userdata'] = user_data_dict
return identity
def remember(self, environ, identity):
logger.debug('remember: START')
if self.include_ip:
remote_addr = environ['REMOTE_ADDR']
else:
remote_addr = '0.0.0.0'
cookies = get_cookies(environ)
logger.debug('remember -- cookies: %s' % (cookies))
old_cookie = cookies.get(self.cookie_name)
logger.debug('remember -- old_cookie: %s' % (old_cookie))
existing = cookies.get(self.cookie_name)
logger.debug('remember -- existing cookies: %s' % (existing))
old_cookie_value = getattr(existing, 'value', None)
logger.debug('remember -- old_cookie_value: %s' % (old_cookie_value))
max_age = identity.get('max_age', None)
logger.debug('remember -- max_age: %s' % (max_age))
timestamp, userid, tokens, userdata = None, '', (), ''
if old_cookie_value:
try:
timestamp,userid,tokens,userdata = auth_tkt.parse_ticket(
self.secret, old_cookie_value, remote_addr)
except auth_tkt.BadTicket:
pass
tokens = tuple(tokens)
who_userid = identity['repoze.who.userid']
logger.debug('remember -- who_userid: {0}'.format(who_userid))
who_tokens = tuple(identity.get('tokens', ()))
logger.debug('remember -- who_token: {0}'.format(who_tokens))
who_userdata_dict = identity.get('userdata', {})
logger.debug('remember -- who_userdata_dict: {0}'.format(who_userdata_dict))
encoding_data = self.userid_type_encoders.get(type(who_userid))
if encoding_data:
logger.debug('remember -- Encoding Data')
encoding, encoder = encoding_data
who_userid = encoder(who_userid)
who_userdata_dict[self.userid_typename] = encoding
who_userdata = urlencode(who_userdata_dict)
old_data = (userid, tokens, userdata)
new_data = (who_userid, who_tokens, who_userdata)
logger.debug('remember -- old_data: {0}'.format(old_data))
logger.debug('remember -- new_data : {0}'.format(new_data ))
if old_data != new_data or (self.reissue_time and
( (timestamp + self.reissue_time) < time.time() )):
ticket = auth_tkt.AuthTicket(
self.secret,
who_userid,
remote_addr,
tokens=who_tokens,
user_data=who_userdata,
cookie_name=self.cookie_name,
secure=self.secure)
new_cookie_value = ticket.cookie_value()
logger.debug('remember -- old_cookie_value : {0}'.format(old_cookie_value ))
logger.debug('remember -- new_cookie_value : {0}'.format(new_cookie_value ))
if old_cookie_value != new_cookie_value:
# return a set of Set-Cookie headers
return self._get_cookies(environ, new_cookie_value, max_age)
def identify(self, environ):
log.debug('identify')
cookies = get_cookies(environ)
cookie = cookies.get(self.cookie_name)
got_new_user = False
if self.is_authenticated_checker \
and self.is_authenticated_checker(environ):
log.debug('User is authenticated')
return None
if cookie is None or not cookie.value:
log.debug('No visitor cookie')
if not self.visitor_id_creator:
return None
timestamp, user_id, tokens, user_data = self.visitor_id_creator(
environ)
got_new_user = True
if not got_new_user:
if self.include_ip:
remote_addr = environ['REMOTE_ADDR']
else:
remote_addr = '0.0.0.0'
try:
timestamp, user_id, tokens, user_data = auth_tkt.parse_ticket(
self.secret,
cookie.value,
remote_addr,
digest_algo=self.digest_algo)
except auth_tkt.BadTicket:
log.debug('Bad ticket')
return None
if self.user_id_checker and not self.user_id_checker(user_id):
log.debug('invalid user_id')
return None
if self.timeout and ((timestamp + self.timeout) < time.time()):
log.debug('Timed out')
return None
userid_typename = 'userid_type:'
user_data_info = user_data.split('|')
for datum in filter(None, user_data_info):
if datum.startswith(userid_typename):
userid_type = datum[len(userid_typename):]
decoder = self.userid_type_decoders.get(userid_type)
if decoder:
user_id = decoder(user_id)
environ['VISITOR_ID'] = user_id
environ['VISITOR_TOKENS'] = tokens
environ['VISITOR_DATA'] = user_data
identity = {
'timestamp': timestamp,
'repoze.who.plugins.visitor_tracker.userid': user_id,
'tokens': tokens,
'userdata': user_data,
'is_new_visitor': got_new_user,
'max_age': self.timeout,
}
environ['visitor_identity'] = identity
return None
def remember(self, environ, identity):
cookies = get_cookies(environ)
cookie = cookies.get(self.cookie_name)
max_age = identity.get('max_age', None)
#if no timestamp then set to 0 as earliest to can be reissued
timestamp = 0
old_user = {}
#get users data from memcache and compare it to new data received
if cookie and cookie.value:
old_user = self.mc.get(cookie.value)
logger.debug('Cookie val: {0}'.format(cookie.value))
else:
logger.debug('No Old Cookie')
logger.debug('Got Old User: {0}'.format(old_user))
if not old_user:
old_user = {}
timestamp = old_user.get('timestamp', 0)
#get the users IP address to be stored
users_ip = environ['REMOTE_ADDR'] or old_user.get('ip')
#get the new users data, or if blank, use the new users
new_user_data = identity.get('userdata', {})
logger.debug('Remembering userdata: {0}'.format(new_user_data))
new_user_altid = identity.get('repoze.who.userid')
new_user_given = new_user_data.get('givenName', old_user.get('given'))
new_user_sn = new_user_data.get('sn', old_user.get('sn'))
new_user_uid = new_user_data.get('uid', old_user.get('uid'))
new_user_ip = users_ip
old_user_altid = old_user.get('altid')
old_user_given = old_user.get('given')
old_user_sn = old_user.get('sn')
old_user_uid = old_user.get('uid')
old_user_ip = old_user.get('ip')
#build objects to compare
old_data = (old_user_altid, old_user_given, old_user_sn, old_user_uid)
new_data = (new_user_altid, new_user_given, new_user_sn, new_user_uid)
data_diff = old_data != new_data
reissue = self.reissue_time and ((timestamp + self.reissue_time) < time.time())
#TODO: Is it better to change userdata if it changes but keep key until timeout, then only
#TODO-cont: reissue once timeout is reached?
#if new data or reissue time is reached, then create new timestamp and store data
if data_diff or reissue:
logger.debug('Data Diff: {0} ::: Reissue: {1}'.format(data_diff, reissue))
#get a new hash for the new cookie
new_cookie_value = self._get_hash()
#delete the old cookie's data from memcache
if cookie and cookie.value:
self.mc.delete(cookie.value)
logger.debug('Old Userdata: {0}'.format(old_data))
logger.debug('New Userdata: {0}'.format(new_data))
#add the new data for the new cookie
new_user = {}
new_user['timestamp'] = time.time()
new_user['altid'] = new_user_altid
new_user['uid'] = new_user_uid
new_user['given'] = new_user_given
new_user['sn'] = new_user_sn
new_user['ip'] = new_user_ip
logger.debug('Saving new user {0} ::: {1}'.format(new_cookie_value, new_user))
self.mc.set(new_cookie_value, new_user)
# return a set of Set-Cookie headers
return self._get_cookies(environ, new_cookie_value, max_age)
def remember(self, environ, identity):
cookies = get_cookies(environ)
cookie = cookies.get(self.cookie_name)
max_age = identity.get('max_age', None)
#if no timestamp then set to 0 as earliest to can be reissued
timestamp = 0
old_user = {}
#get users data from memcache and compare it to new data received
if cookie and cookie.value:
old_user = self.mc.get(cookie.value)
logger.debug('Cookie val: {0}'.format(cookie.value))
else:
logger.debug('No Old Cookie')
logger.debug('Got Old User: {0}'.format(old_user))
if not old_user:
old_user = {}
timestamp = old_user.get('timestamp', 0)
#get the users IP address to be stored
users_ip = environ['REMOTE_ADDR'] or old_user.get('ip')
#get the new users data, or if blank, use the new users
new_user_data = identity.get('userdata', {})
logger.debug('Remembering userdata: {0}'.format(new_user_data))
new_user_altid = identity.get('repoze.who.userid')
new_user_given = new_user_data.get('givenName', old_user.get('given'))
new_user_sn = new_user_data.get('sn', old_user.get('sn'))
new_user_uid = new_user_data.get('uid', old_user.get('uid'))
new_user_ip = users_ip
old_user_altid = old_user.get('altid')
old_user_given = old_user.get('given')
old_user_sn = old_user.get('sn')
old_user_uid = old_user.get('uid')
old_user_ip = old_user.get('ip')
#build objects to compare
old_data = (old_user_altid, old_user_given, old_user_sn, old_user_uid)
new_data = (new_user_altid, new_user_given, new_user_sn, new_user_uid)
data_diff = old_data != new_data
reissue = self.reissue_time and (
(timestamp + self.reissue_time) < time.time())
#TODO: Is it better to change userdata if it changes but keep key until timeout, then only
#TODO-cont: reissue once timeout is reached?
#if new data or reissue time is reached, then create new timestamp and store data
if data_diff or reissue:
logger.debug('Data Diff: {0} ::: Reissue: {1}'.format(
data_diff, reissue))
#get a new hash for the new cookie
new_cookie_value = self._get_hash()
#delete the old cookie's data from memcache
if cookie and cookie.value:
self.mc.delete(cookie.value)
logger.debug('Old Userdata: {0}'.format(old_data))
logger.debug('New Userdata: {0}'.format(new_data))
#add the new data for the new cookie
new_user = {}
new_user['timestamp'] = time.time()
new_user['altid'] = new_user_altid
new_user['uid'] = new_user_uid
new_user['given'] = new_user_given
new_user['sn'] = new_user_sn
new_user['ip'] = new_user_ip
logger.debug('Saving new user {0} ::: {1}'.format(
new_cookie_value, new_user))
self.mc.set(new_cookie_value, new_user)
# return a set of Set-Cookie headers
return self._get_cookies(environ, new_cookie_value, max_age)
