def authenticate(url,
account,
key,
by='name',
expires=0,
timestamp=None,
timeout=None,
request_type="xml",
admin_auth=False,
use_password=False,
raise_on_error=False):
""" Authenticate to the Zimbra server
:param url: URL of Zimbra SOAP service
:param account: The account to be authenticated against
:param key: The preauth key of the domain of the account or a password (if
admin_auth or use_password is True)
:param by: If the account is specified as a name, an ID or a
ForeignPrincipal
:param expires: When the token expires (or 0 for default expiration)
:param timestamp: When the token was requested (None for "now")
:param timeout: Timeout for the communication with the server. Defaults
to the urllib2-default
:param request_type: Which type of request to use ("xml" (default) or
"json")
:param admin_auth: This request should authenticate and generate an admin
token. The "key"-parameter therefore holds the admin password (implies
use_password)
:param use_password: The "key"-parameter holds a password. Do a password-
based user authentication.
:param raise_on_error: Should I raise an exception when an authentication
error occurs or just return None?
:return: The authentication token or None
:rtype: str or None or unicode
"""
if timestamp is None:
timestamp = int(time.time()) * 1000
pak = ""
if not admin_auth:
pak = preauth.create_preauth(account, key, by, expires, timestamp)
if request_type == 'xml':
auth_request = RequestXml()
else:
auth_request = RequestJson()
request_data = {'account': {'by': by, '_content': account}}
ns = "urn:zimbraAccount"
if admin_auth:
ns = "urn:zimbraAdmin"
request_data['password'] = key
elif use_password:
request_data['password'] = {"_content": key}
else:
request_data['preauth'] = {
'timestamp': timestamp,
'expires': expires,
'_content': pak
}
auth_request.add_request('AuthRequest', request_data, ns)
server = Communication(url, timeout)
if request_type == 'xml':
response = ResponseXml()
else:
response = ResponseJson()
server.send_request(auth_request, response)
if response.is_fault():
if raise_on_error:
raise AuthenticationFailed(
"Cannot authenticate user: (%s) %s" %
(response.get_fault_code(), response.get_fault_message()))
return None
return response.get_response()['AuthResponse']['authToken']['_content']
def authenticate(url, account, key, by='name', expires=0, timestamp=None,
timeout=None, request_type="xml", admin_auth=False,
use_password=False, raise_on_error=False):
""" Authenticate to the Zimbra server
:param url: URL of Zimbra SOAP service
:param account: The account to be authenticated against
:param key: The preauth key of the domain of the account or a password (if
admin_auth or use_password is True)
:param by: If the account is specified as a name, an ID or a
ForeignPrincipal
:param expires: When the token expires (or 0 for default expiration)
:param timestamp: When the token was requested (None for "now")
:param timeout: Timeout for the communication with the server. Defaults
to the urllib2-default
:param request_type: Which type of request to use ("xml" (default) or
"json")
:param admin_auth: This request should authenticate and generate an admin
token. The "key"-parameter therefore holds the admin password (implies
use_password)
:param use_password: The "key"-parameter holds a password. Do a password-
based user authentication.
:param raise_on_error: Should I raise an exception when an authentication
error occurs or just return None?
:return: The authentication token or None
:rtype: str or None or unicode
"""
if timestamp is None:
timestamp = int(time.time()) * 1000
pak = ""
if not admin_auth:
pak = preauth.create_preauth(account, key, by, expires, timestamp)
if request_type == 'xml':
auth_request = RequestXml()
else:
auth_request = RequestJson()
request_data = {
'account': {
'by': by,
'_content': account
}
}
ns = "urn:zimbraAccount"
if admin_auth:
ns = "urn:zimbraAdmin"
request_data['password'] = key
elif use_password:
request_data['password'] = {
"_content": key
}
else:
request_data['preauth'] = {
'timestamp': timestamp,
'expires': expires,
'_content': pak
}
auth_request.add_request(
'AuthRequest',
request_data,
ns
)
server = Communication(url, timeout)
if request_type == 'xml':
response = ResponseXml()
else:
response = ResponseJson()
server.send_request(auth_request, response)
if response.is_fault():
if raise_on_error:
raise AuthenticationFailed(
"Cannot authenticate user: (%s) %s" % (
response.get_fault_code(),
response.get_fault_message()
)
)
return None
return response.get_response()['AuthResponse']['authToken']
def run_admin_test(self, request_type):
""" Actually do the work
"""
config = get_config()
if config.getboolean("admin_request_test", "enabled"):
# Run only if enabled
token = authenticate(
config.get("admin_request_test", "admin_url"),
config.get("admin_request_test", "admin_account"),
config.get("admin_request_test", "admin_password"),
config.get("admin_request_test", "admin_account_by"),
admin_auth=True,
request_type=request_type
)
if token is None:
self.fail("Authentication with the configured settings "
"was not successful")
# Create an account
comm = Communication(config.get("admin_request_test", "admin_url"))
if request_type == "xml":
request = RequestXml()
else:
request = RequestJson()
request.set_auth_token(token)
test_account = config.get("admin_request_test", "test_account")
if "TEMP" in test_account:
# Generate a random number and add it to the test account
random.seed()
temp_account = random.randint(1000000, 5000000)
test_account = test_account.replace("TEMP", str(temp_account))
test_displayname = config.get(
"admin_request_test",
"test_displayname"
)
if sys.version < '3':
# Create unicode string for py2
test_displayname = test_displayname.decode("utf-8")
request.add_request(
"CreateAccountRequest",
{
"name": test_account,
"password": config.get(
"admin_request_test",
"test_password"
),
"a": {
"n": "displayName",
"_content": test_displayname
}
},
"urn:zimbraAdmin"
)
if request_type == "xml":
response = ResponseXml()
else:
response = ResponseJson()
comm.send_request(request, response)
if response.is_fault():
self.fail(
"CreateAccount faulted. (%s) %s" % (
response.get_fault_code(),
response.get_fault_message()
)
)
account_id = response.get_response(
)["CreateAccountResponse"]["account"]["id"]
# Get account from database and compare display name to the setting
request.clean()
request.set_auth_token(token)
response.clean()
request.add_request(
"GetAccountRequest",
{
"account": {
"by": "name",
"_content": test_account
}
},
"urn:zimbraAdmin"
)
comm.send_request(request, response)
if response.is_fault():
self.fail(
"GetAccount faulted. (%s) %s" % (
response.get_fault_code(),
response.get_fault_message()
)
)
returned_name = get_value(
response.get_response()["GetAccountResponse"]["account"]["a"],
"displayName"
)
self.assertEqual(
returned_name,
test_displayname,
"Zimbra didn't save the display name as requested."
)
# Try to log in as the new account
user_token = authenticate(
config.get("admin_request_test", "url"),
test_account,
config.get("admin_request_test", "test_password"),
"name",
request_type=request_type,
use_password=True
)
if user_token is None:
self.fail("Cannot log in as the test user.")
# Remove account
request.clean()
response.clean()
request.set_auth_token(token)
request.add_request(
"DeleteAccountRequest",
{
"id": account_id
},
"urn:zimbraAdmin"
)
comm.send_request(request, response)
if response.is_fault():
self.fail(
"Cannot remove test account: (%s) %s" % (
response.get_fault_code(),
response.get_fault_message()
)
)
def run_admin_test(self, request_type):
""" Actually do the work
"""
config = get_config()
if config.getboolean("admin_request_test", "enabled"):
# Run only if enabled
token = authenticate(config.get("admin_request_test", "admin_url"),
config.get("admin_request_test",
"admin_account"),
config.get("admin_request_test",
"admin_password"),
config.get("admin_request_test",
"admin_account_by"),
admin_auth=True,
request_type=request_type)
if token is None:
self.fail("Authentication with the configured settings "
"was not successful")
# Create an account
comm = Communication(config.get("admin_request_test", "admin_url"))
if request_type == "xml":
request = RequestXml()
else:
request = RequestJson()
request.set_auth_token(token)
request.add_request(
"CreateAccountRequest", {
"name": config.get("admin_request_test", "test_account"),
"password": config.get("admin_request_test",
"test_password")
}, "urn:zimbraAdmin")
if request_type == "xml":
response = ResponseXml()
else:
response = ResponseJson()
comm.send_request(request, response)
if response.is_fault():
self.fail(
"CreateAccount faulted. (%s) %s" %
(response.get_fault_code(), response.get_fault_message()))
account_id = response.get_response(
)["CreateAccountResponse"]["account"]["id"]
# Try to log in as the new account
user_token = authenticate(config.get("admin_request_test", "url"),
config.get("admin_request_test",
"test_account"),
config.get("admin_request_test",
"test_password"),
"name",
request_type=request_type,
use_password=True)
if user_token is None:
self.fail("Cannot log in as the test user.")
# Remove account
request.clean()
response.clean()
request.set_auth_token(token)
request.add_request("DeleteAccountRequest", {"id": account_id},
"urn:zimbraAdmin")
comm.send_request(request, response)
if response.is_fault():
self.fail(
"Cannot remove test account: (%s) %s" %
(response.get_fault_code(), response.get_fault_message()))
