def authenticate(self, id):
"""
id is MaKaC.user.LoginInfo instance, self.user is Avatar
"""
log = Logger.get('auth.ldap')
log.info("authenticate(%s)" % id.getLogin())
data = AuthenticatorMgr.getInstance().getById(self.getAuthenticatorTag()).checkLoginPassword(id.getLogin(),
id.getPassword())
if not data or self.getLogin() != id.getLogin():
return None
# modify Avatar with the up-to-date info from LDAP
av = self.user
av.clearAuthenticatorPersonalData()
udata = LDAPTools.extractUserDataFromLdapData(data)
mail = udata.get('email', '').strip()
if mail != '' and mail != av.getEmail():
av.setEmail(mail, reindex=True)
av.setAuthenticatorPersonalData('firstName', udata.get('name'))
av.setAuthenticatorPersonalData('surName', udata.get('surName'))
av.setAuthenticatorPersonalData('affiliation', udata.get('organisation'))
av.setAuthenticatorPersonalData('address', udata.get('address'))
av.setAuthenticatorPersonalData('phone', udata.get('phone'))
av.setAuthenticatorPersonalData('fax', udata.get('fax'))
return self.user
def _process(self):
if self._params.get("Cancel") is not None:
self._redirect(urlHandlers.UHUserDetails.getURL(self._avatar))
return
msg = ""
if self._ok:
ok = True
authManager = AuthenticatorMgr.getInstance()
#first, check if login is free
if not authManager.isLoginAvailable(self._login):
msg += "Sorry, the login you requested is already in use. Please choose another one.<br>"
ok = False
if not self._pwd:
msg += "you must enter a password<br>"
ok = False
#then, check if password is OK
if self._pwd != self._pwdBis:
msg += "You must enter the same password twice<br>"
ok = False
if ok:
#create the indentity
li = user.LoginInfo( self._login, self._pwd )
id = authManager.createIdentity( li, self._avatar, self._system )
authManager.add( id )
self._redirect( urlHandlers.UHUserDetails.getURL( self._avatar ) )
return
self._params["msg"] = msg
p = adminPages.WPIdentityCreation( self, self._avatar, self._params )
return p.display()
def _process( self ):
authManager = AuthenticatorMgr.getInstance()
for i in self._identityList:
identity = authManager.getIdentityById(i)
if len(identity.getUser().getIdentityList()) > 1:
authManager.removeIdentity(identity)
self._avatar.removeIdentity(identity)
self._redirect( urlHandlers.UHUserDetails.getURL( self._avatar ) )
def containsUser(self, avatar):
# used when checking acces to private events restricted for certain groups
if not avatar:
return False
login = None
for aid in avatar.getIdentityList():
if aid.getAuthenticatorTag() == 'LDAP':
login = aid.getLogin()
if not login:
return False
return AuthenticatorMgr.getInstance().getById('LDAP').isUserInGroup((login, self.getName()))
def getMemberList(self):
uidList = AuthenticatorMgr.getInstance().getById('LDAP').getGroupMemberList(self.getName())
avatarLists = []
for uid in uidList:
# First, try locally (fast)
lst = PrincipalHolder().match(uid , exact=1, searchInAuthenticators=False)
print "Result", lst
if not lst:
# If not found, try external
lst = PrincipalHolder().match(uid, exact=1)
avatarLists.append(lst)
return [avList[0] for avList in avatarLists if avList]
def createUser(name, email, org, password):
#has problem that if no email exists and 2 users with same name will clash
#perhaps change getUser() to check for same name if no email exist.
#problem being that more than one person can have same name. Email unique.
dummy = user.Avatar()
#sets the user properties
if name == '':#if there is no username makes the email address appear in it's place
dummy.setName(email)
else:
dummy.setName(name)
dummy.setEmail(email)
dummy.setOrganisation(org)
ah.add(dummy)
avatar = ah.getById(dummy.id)
if email != '':#creates the identity and sets the password for chairs etc.
id = user.LocalIdentity(name, password, avatar)
else:#user with no email address - identity not created
return avatar
try:
AuthenticatorMgr.getInstance().add(id)
except (UserError):
pass
avatar.activateAccount()
return avatar
def _process(self):
authenticator = session.pop('Authenticator', None)
if authenticator is not None:
authManager = AuthenticatorMgr.getInstance()
if not authManager.isSSOLoginActive():
raise MaKaCError(_("SSO Login is not active."))
av = authManager.SSOLogin(self, authenticator)
if not av:
raise MaKaCError(_("You could not login through SSO."))
self._setSessionVars(av)
self._redirect(self._url)
elif self._authId:
session['Authenticator'] = self._authId
if self._returnURL:
session['loginReturnURL'] = self._returnURL
self._redirect(str(urlHandlers.UHSignInSSO.getURL(authId=self._authId)))
else:
raise MaKaCError(_("You did not pass the authenticator"))
def _process( self ):
authManager = AuthenticatorMgr.getInstance()
#first, check if login is free
if not authManager.isLoginAvailable(self._login):
self._redirect(self._fromURL + "&msg=Login not avaible")
return
#then, check if password is OK
if self._pwd != self._pwdBis:
self._redirect(self._fromURL + "&msg=You must enter the same password twice")
return
#create the indentity
li = user.LoginInfo( self._login, self._pwd )
id = authManager.createIdentity( li, self._avatar, self._system )
authManager.add( id )
#commit and if OK, send activation mail
DBMgr.getInstance().commit()
scr = mail.sendConfirmationRequest(self._avatar)
scr.send()
self._redirect( urlHandlers.UHUserDetails.getURL( self._avatar ) ) #to set to the returnURL
def _process( self ):
li = LoginInfo( self._login, self._password )
av = AuthenticatorMgr.getInstance().getAvatar(li)
value = "OK"
message = ""
if not av:
value = "ERROR"
message = "Login failed"
elif not av.isActivated():
if av.isDisabled():
value = "ERROR"
message = "Acount is disabled"
else:
value = "ERROR"
message = "Acount is not activated"
else:
value = "OK"
message = "Login succesful"
session.user = av
return self._createResponse(value, message)
def _makeLoginProcess( self ):
#Check for automatic login
authManager = AuthenticatorMgr.getInstance()
if (authManager.isSSOLoginActive() and len(authManager.getList()) == 1 and
not Config.getInstance().getDisplayLoginPage()):
self._redirect(urlHandlers.UHSignInSSO.getURL(authId=authManager.getDefaultAuthenticator().getId()))
return
if not self._signIn:
return self._signInPage.display( returnURL = self._returnURL )
else:
li = LoginInfo( self._login, self._password )
av = authManager.getAvatar(li)
if not av:
return self._signInPageFailed.display( returnURL = self._returnURL )
elif not av.isActivated():
if av.isDisabled():
self._redirect(self._disabledAccountURL(av))
else:
self._redirect(self._unactivatedAccountURL(av))
return _("your account is not activate\nPlease active it and retry")
else:
self._setSessionVars(av)
self._addExtraParamsToURL()
self._redirect(self._url)
from MaKaC.authentication import AuthenticatorMgr
from MaKaC.authentication.LocalAuthentication import LocalIdentity
print('This script will remove all local identities from users.')
print('This will remove passwords from the database and prevent them from')
print('logging in locally (so you need e.g. LDAP authentication)')
print
if raw_input('Do you want to continue? [yes|NO]: ').lower() != 'yes':
print 'Cancelled.'
sys.exit(0)
i = 0
dbi = DBMgr.getInstance()
dbi.startRequest()
ah = AvatarHolder()
am = AuthenticatorMgr.getInstance()
for aid, avatar in ah._getIdx().iteritems():
for identity in avatar.getIdentityList():
if isinstance(identity, LocalIdentity):
print('Removing LocalIdentity(%s, %s) from %s' %
(identity.getLogin(), len(identity.password) * '*',
avatar.getFullName()))
am.removeIdentity(identity)
avatar.removeIdentity(identity)
if i % 100 == 99:
dbi.commit()
i += 1
DBMgr.getInstance().endRequest()
def _process( self ):
save = False
authManager = AuthenticatorMgr.getInstance()
minfo = info.HelperMaKaCInfo.getMaKaCInfoInstance()
self._params["msg"] = ""
if self._save:
save = True
#check submited data
if not self._params.get("name",""):
self._params["msg"] += _("You must enter a name.")+"<br>"
save = False
if not self._params.get("surName",""):
self._params["msg"] += _("You must enter a surname.")+"<br>"
save = False
if not self._params.get("organisation",""):
self._params["msg"] += _("You must enter the name of your organisation.")+"<br>"
save = False
if not self._params.get("email",""):
self._params["msg"] += _("You must enter an email address.")+"<br>"
save = False
if not self._params.get("login",""):
self._params["msg"] += _("You must enter a login.")+"<br>"
save = False
if not self._params.get("password",""):
self._params["msg"] += _("You must define a password.")+"<br>"
save = False
if self._params.get("password","") != self._params.get("passwordBis",""):
self._params["msg"] += _("You must enter the same password twice.")+"<br>"
save = False
if not authManager.isLoginAvailable(self._params.get("login", "")):
self._params["msg"] += _("Sorry, the login you requested is already in use. Please choose another one.")+"<br>"
save = False
if not self._validMail(self._params.get("email","")):
self._params["msg"]+= _("You must enter a valid email address")
save = False
if save:
#Data are OK, Now check if there is an existing user or create a new one
ah = user.AvatarHolder()
res = ah.match({"email": self._params["email"]}, exact=1, searchInAuthenticators=False)
if res:
#we find a user with the same email
a = res[0]
#check if the user have an identity:
if a.getIdentityList():
self._redirect( urlHandlers.UHUserExistWithIdentity.getURL(a))
return
else:
#create the identity to the user and send the comfirmatio email
_UserUtils.setUserData( a, self._params )
li = user.LoginInfo( self._params["login"], self._params["password"] )
id = authManager.createIdentity( li, a, "Local" )
authManager.add( id )
DBMgr.getInstance().commit()
if minfo.getModerateAccountCreation():
mail.sendAccountCreationModeration(a).send()
else:
mail.sendConfirmationRequest(a).send()
if minfo.getNotifyAccountCreation():
mail.sendAccountCreationNotification(a).send()
else:
a = user.Avatar()
_UserUtils.setUserData( a, self._params )
ah.add(a)
li = user.LoginInfo( self._params["login"], self._params["password"] )
id = authManager.createIdentity( li, a, "Local" )
authManager.add( id )
DBMgr.getInstance().commit()
if minfo.getModerateAccountCreation():
mail.sendAccountCreationModeration(a).send()
else:
mail.sendConfirmationRequest(a).send()
if minfo.getNotifyAccountCreation():
mail.sendAccountCreationNotification(a).send()
self._redirect(urlHandlers.UHUserCreated.getURL( a ))
else:
cp=None
if self._params.has_key("cpEmail"):
ph=pendingQueues.PendingQueuesHolder()
cp=ph.getFirstPending(self._params["cpEmail"])
if self._aw.getUser() and self._aw.getUser() in minfo.getAdminList().getList():
p = adminPages.WPUserCreation( self, self._params, cp )
else:
p = adminPages.WPUserCreationNonAdmin( self, self._params, cp )
return p.display()
def _process(self):
if self._getUser():
self._returnURL = AuthenticatorMgr.getInstance().getLogoutCallbackURL(self) or self._returnURL
self._setUser(None)
session.clear()
self._redirect(self._returnURL)
