def _do_authenticate(auth_hdr, method):
user = None
response = quixote.get_response()
session = quixote.get_session()
try:
if auth_hdr is None:
return None
scheme,dict = parse_auth_header(auth_hdr)
if scheme not in _schemes_allowed:
return None
method = dict.get('method', method)
dict['method'] = method
try:
if _schemes[scheme](dict, method):
username = dict.get('username')
user = db.User.byUsername(username)
except (KeyError, SQLObjectNotFound):
pass
# If we got an auth string but login failed, then delay a bit
# to prevent being pounded with bad requests.
if user is None:
time.sleep(2)
finally:
if user is None:
response.expire_cookie(_auth_cookie, path=imagestore.path())
else:
response.set_cookie(_auth_cookie, _format_auth('digest', dict), path=imagestore.path())
return user
def _auth_challenge(scheme, realm, stale=False):
if scheme == 'basic':
ret =(0, { 'realm': realm })
if scheme == 'digest':
expire = 0
life=config.get('auth', 'nonce_life')
if life != 'unlimited' and int(life) != 0:
expire = int(time.time()) + int(life)
ret = (expire, {
'realm': realm,
'nonce': makenonce(expire),
'uri': imagestore.path(),
'algorithm': 'MD5',
'qop': 'auth',
'stale': stale and 'true' or 'false'
})
return ret
def path():
return imagestore.path() + 'user/'
def editmode_url(onoff):
return '%suser/editmode?wantedit=%d' % (imagestore.path(), onoff)
def _q_access(request):
sess_user = auth.login_user(quiet=True)
if sess_user and sess_user.mayAdmin:
request.context_menu += [ menu.Separator(),
menu.Link('User admin', '%suser/editusers' % imagestore.path()) ]