# Zope User Folder for ScoDoc
# Adapte de l'Extensible User Folder
# simplifie pour les besoins de ScoDoc.
# Emmanuel Viennet 2013

#
# Extensible User Folder
#
# (C) Copyright 2000,2001 The Internet (Aust) Pty Ltd
# ACN: 082 081 472  ABN: 83 082 081 472
# All Rights Reserved
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# Author: Andrew Milton <akm@theinternet.com.au>
# $Id: exUserFolder.py,v 1.93 2004/11/10 14:15:33 akm Exp $

##############################################################################
#
# Zope Public License (ZPL) Version 0.9.4
# ---------------------------------------
# 
# Copyright (c) Digital Creations.  All rights reserved.
# 
# Redistribution and use in source and binary forms, with or
# without modification, are permitted provided that the following
# conditions are met:
# 
# 1. Redistributions in source code must retain the above
#    copyright notice, this list of conditions, and the following
#    disclaimer.
# 
# 6. Redistributions of any form whatsoever must retain the
#    following acknowledgment:
# 
#      "This product includes software developed by Digital
#      Creations for use in the Z Object Publishing Environment
#      (http://www.zope.org/)."
# 
# Disclaimer
# 
#   THIS SOFTWARE IS PROVIDED BY DIGITAL CREATIONS ``AS IS'' AND
#   ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
#   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
#   FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT
#   SHALL DIGITAL CREATIONS OR ITS CONTRIBUTORS BE LIABLE FOR ANY
#   DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
#   CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
#   PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
#   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
#   ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
#   LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
#   IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
#   THE POSSIBILITY OF SUCH DAMAGE.
#
##############################################################################

# Portions Copyright (c) 2002 Nuxeo SARL <http://nuxeo.com>,
#          Copyright (c) 2002 Florent Guillaume <mailto:fg@nuxeo.com>.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in
#    the documentation and/or other materials provided with the
#    distribution.
# 
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
# IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

import Globals, App.Undo, socket, os, string, sha, random, sys, zLOG

from Globals import DTMLFile, PersistentMapping
from string import join,strip,split,lower,upper,find

from OFS.Folder import Folder
from OFS.CopySupport import CopyContainer

from base64 import decodestring, encodestring
from urllib import quote, unquote

from Acquisition import aq_base
from AccessControl import ClassSecurityInfo
from AccessControl.Role import RoleManager
from AccessControl.User import BasicUser, BasicUserFolder, readUserAccessFile
from AccessControl.PermissionRole import PermissionRole
from AccessControl.ZopeSecurityPolicy import _noroles
from OFS.DTMLMethod import DTMLMethod
from time import time
from OFS.ObjectManager import REPLACEABLE
from Persistence import Persistent

from PropertyEditor import *

from User import User, AnonUser
from UserCache.UserCache import GlobalUserCache, GlobalNegativeUserCache, GlobalAdvancedCookieCache, SessionExpiredException

from LoginRequiredMessages import LoginRequiredMessages

from AccessControl import Unauthorized

class LoginRequired(Exception):
    """Login required"""
    pass


# If there is no NUG Product just define a dummy class
try:
	from Products.NuxUserGroups.UserFolderWithGroups import BasicGroupFolderMixin, _marker
except ImportError:
	class BasicGroupFolderMixin:
		pass
	_marker = None

# Little function to create temp usernames
def createTempName():
	t=time()
	t1=time()
	t2=time()
	t3 = 0.0
	t3 = (t + t1 + t2) / 3
	un = "Anonymous %.0f"%(t3)
	return(un)


manage_addexUserFolderForm=DTMLFile('dtml/manage_addexUserFolder', globals(), __name__='manage_addexUserFolderForm')



def manage_addexUserFolder(self, authId, propId, memberId,
						   cookie_mode=0, session_length=0,
						   not_session_length=0,
						   sessionTracking=None, idleTimeout=None,
						   REQUEST={}, groupId=None, cryptoId=None):
	""" """
	if hasattr(self.aq_base, 'acl_users'):
		return Globals.MessageDialog(self,REQUEST,
			title  ='Item Exists',
			message='This object already contains a User Folder',
			action ='%s/manage_main' % REQUEST['URL1'])
	ob=exUserFolder(authId, propId, memberId, groupId, cryptoId, cookie_mode,
					session_length, sessionTracking, idleTimeout,
					not_session_length)
			
	self._setObject('acl_users', ob, None, None, 0)
	self.__allow_groups__=self.acl_users
	ob=getattr(self, 'acl_users')
	ob.postInitialisation(REQUEST)

	if REQUEST:
		return self.manage_main(self, REQUEST)
	return ''

#
# Module level caches
#
XUFUserCache=GlobalUserCache()
XUFNotUserCache=GlobalNegativeUserCache()
XUFCookieCache=GlobalAdvancedCookieCache()

class exUserFolder(Folder,BasicUserFolder,BasicGroupFolderMixin,
				   CopyContainer):
	""" """

	# HACK! We use this meta_type internally so we can be pasted into
	# the root. We registered with 'exUserFolder' meta_type however, so
	# our constructors work.
	meta_type='User Folder'
	id       ='acl_users'
	title    ='Extensible User Folder'
	icon     ='misc_/exUserFolder/exUserFolder.gif'

	isPrincipiaFolderish=1
	isAUserFolder=1
	__allow_access_to_unprotected_subobjects__=1
	authSources={}
	propSources={}
	cryptoSources={}
	membershipSources={}
	groupSources={} # UNUSED by ScoDoc

	manage_options=(
		{'label':'Users',      'action':'manage_main'},
		{'label':'Groups',	   'action':'manage_userGroups'},
		{'label':'Parameters', 'action':'manage_editexUserFolderForm'},
		{'label':'Authentication Source','action':'manage_editAuthSourceForm'},
		{'label':'Properties Source','action':'manage_editPropSourceForm'},
		{'label':'Membership Source', 'action':'manage_editMembershipSourceForm'},
		{'label':'Cache Data', 'action':'manage_showCacheData'},
		{'label':'Security',   'action':'manage_access'},
		{'label':'Contents',   'action':'manage_contents'},
		{'label':'Ownership',  'action':'manage_owner'},
		{'label':'Undo',       'action':'manage_UndoForm'},
		)

	__ac_permissions__=(
		('View management screens', ('manage','manage_menu','manage_main',
									 'manage_copyright', 'manage_tabs',
									 'manage_properties', 'manage_UndoForm',
									 'manage_edit', 'manage_contents',
									 'manage_cutObjects','manage_copyObjects',
									 'manage_pasteObjects',
									 'manage_renameForm',
									 'manage_renameObject',
									 'manage_renameObjects', ),
		 ('Manager',)),
		
		('Undo changes',            ('manage_undo_transactions',),
		 ('Manager',)),
		
		('Change permissions',      ('manage_access',),
		 ('Manager',)),
		
		('Manage users',            ('manage_users', 'manage_editUserForm',
									 'manage_editUser', 'manage_addUserForm',
									 'manage_addUser', 'manage_userActions',
									 'userFolderAddGroup',
									 'userFolderDelGroups',
									 'getGroupNames',
					                                 'getGroupById',
								         'manage_userGroups',
									 'manage_addGroup',
									 'manage_showGroup',),
		 ('Manager',)),
		
		('Change exUser Folders',   ('manage_edit',),
		 ('Manager',)),
		
		('View',                    ('manage_changePassword',
									 'manage_forgotPassword','docLoginRedirect',
									 'logout', 'DialogHeader',
									 'DialogFooter', 'manage_signupUser',
									 'MessageDialog', 'redirectToLogin','manage_changeProps'),
		 ('Anonymous', 'Authenticated', 'Manager')),
		
		('Manage properties',       ('manage_addProperty',
									 'manage_editProperties',
									 'manage_delProperties',
									 'manage_changeProperties',
									 'manage_propertiesForm',
									 'manage_propertyTypeForm',
									 'manage_changePropertyTypes',
									 ),
		 ('Manager',)),
		('Access contents information', ('hasProperty', 'propertyIds',
										 'propertyValues','propertyItems',
										 'getProperty', 'getPropertyType',
										 'propertyMap', 'docLoginRedirect',
										 'DialogHeader', 'DialogFooter',
										 'MessageDialog', 'redirectToLogin',),
		 ('Anonymous', 'Authenticated', 'Manager')),
		)
	manage_access=DTMLFile('dtml/access',globals())
	manage_tabs=DTMLFile('common/manage_tabs',globals())
	manage_properties=DTMLFile('dtml/properties', globals())
	manage_main=DTMLFile('dtml/mainUser', globals())
	manage_contents=Folder.manage_main
	manage_showCacheData=DTMLFile('dtml/manage_showCacheData', globals())

	# This is going away soon...
	docLoginRedirect=DTMLFile('dtml/docLoginRedirect', globals())	

	# Stupid crap
	try:
		manage_contents._setName('manage_contents')
	except AttributeError:
		pass


	MessageDialog=DTMLFile('common/MessageDialog', globals())
	MessageDialog.__replaceable__ = REPLACEABLE
	
	manage_addUserForm=DTMLFile('dtml/manage_addUserForm',globals())
	manage_editUserForm=DTMLFile('dtml/manage_editUserForm',globals())

	DialogHeader__roles__=()
	DialogHeader=DTMLFile('common/DialogHeader',globals())
	DialogFooter__roles__=()
	DialogFooter=DTMLFile('common/DialogFooter',globals())

	manage_editAuthSourceForm=DTMLFile('dtml/manage_editAuthSourceForm',globals())
	manage_editPropSourceForm=DTMLFile('dtml/manage_editPropSourceForm',globals())
	manage_editMembershipSourceForm=DTMLFile('dtml/manage_editMembershipSourceForm', globals())

	manage_addPropertyForm=DTMLFile('dtml/manage_addPropertyForm', globals())
	manage_createPropertyForm=DTMLFile('dtml/manage_createPropertyForm', globals())
	manage_editUserPropertyForm=DTMLFile('dtml/manage_editUserPropertyForm', globals())

	manage_editexUserFolderForm=DTMLFile('dtml/manage_editexUserFolderForm', globals())

	manage_userGroups=DTMLFile('dtml/mainGroup',globals())


	# Use pages from NUG if it's there, otherwise no group support
	try:
		manage_addGroup = BasicGroupFolderMixin.manage_addGroup
		manage_showGroup = BasicGroupFolderMixin.manage_showGroup
	except:
		manage_addGroup = None
		manage_showGroup = None

	# No more class globals
	
	# sessionLength=0 # Upgrading users should get no caching.
	# notSessionLength=0 # bad cache limit
	# cookie_mode=0
	# sessionTracking=None # Or session tracking.
	# idleTimeout=0
	
	def __init__(self, authId, propId, memberId, groupId, cryptoId,
				 cookie_mode=0, session_length=0, sessionTracking=None,
				 idleTimeout=0, not_session_length=0):
		self.cookie_mode=cookie_mode
		self.sessionLength=session_length
		self.notSessionLength=not_session_length
		self.sessionTracking=sessionTracking
		self.idleTimeout=idleTimeout
		
		_docLogin=DTMLFile('dtml/docLogin',globals())
		_docLogout=DTMLFile('dtml/docLogout',globals())

		docLogin=DTMLMethod(__name__='docLogin')
		docLogin.manage_edit(data=_docLogin, title='Login Page')
		self._setObject('docLogin', docLogin, None, None, 0)

		docLogout=DTMLMethod(__name__='docLogout')
		docLogout.manage_edit(data=_docLogout, title='Logout Page')
		self._setObject('docLogout', docLogout, None, None, 0)

		postUserCreate=DTMLMethod(__name__='postUserCreate')
		postUserCreate.manage_edit(data=_postUserCreate, title='Post User Creation methods')
		self._setObject('postUserCreate', postUserCreate, None, None, 0)

		self.manage_addAuthSource=self.authSources[authId].manage_addMethod
		self.manage_addPropSource=self.propSources[propId].manage_addMethod
		self.manage_addMembershipSource=self.membershipSources[memberId].manage_addMethod

		self.manage_addGroupSource=None # UNUSED by ScoDoc
		self.currentGroupsSource=None

		if cryptoId:
			self.cryptoId = cryptoId
		else:
			self.cryptoId = 'Crypt'
			
	def __setstate__(self, state):
		Persistent.__setstate__(self, state)
		if not hasattr(self, 'currentGroupSource'):
			self.currentGroupSource = None
		if not hasattr(self, 'sessionLength'):
			self.sessionLength = 0
		if not hasattr(self, 'notSessionLength'):
			self.notSessionLength = 0
		if not hasattr(self, 'cookie_mode'):
			self.cookie_mode = 0
		if not hasattr(self, 'sessionTraining'):
			self.sessionTracking = None
		if not hasattr(self, 'idleTimeout'):
			self.idleTimeout=0

	def manage_beforeDelete(self, item, container):
		zLOG.LOG("exUserFolder", zLOG.BLATHER, "Attempting to delete an exUserFolder instance")
		if item is self:
			try:
				self.cache_deleteCache()
				self.xcache_deleteCache()
				zLOG.LOG("exUserFolder", zLOG.BLATHER, "-- Caches deleted")
			except:
				#pass
				zLOG.LOG("exUserFolder", zLOG.BLATHER, "-- Cache deletion failed")

			try:
				del container.__allow_groups__
				zLOG.LOG("exUserFolder", zLOG.BLATHER, "-- container.__allow_groups_ deleted")
			except:
				#pass
				zLOG.LOG("exUserFolder", zLOG.BLATHER, "-- container.__allow_groups_ deletion failed")


	def manage_afterAdd(self, item, container):
		zLOG.LOG("exUserFolder", zLOG.BLATHER, "Adding an exUserFolder")
                         
		if item is self:
			if hasattr(self, 'aq_base'): self=self.aq_base
			container.__allow_groups__=self

	def manage_editPropSource(self, REQUEST):
		""" Edit Prop Source """
		if self.currentPropSource:
			self.currentPropSource.manage_editPropSource(REQUEST)
		return self.manage_main(self, REQUEST)

	def manage_editAuthSource(self, REQUEST):
		""" Edit Auth Source """
		self.currentAuthSource.manage_editAuthSource(REQUEST)
		return self.manage_main(self, REQUEST)

	def manage_editMembershipSource(self, REQUEST):
		""" Edit Membership Source """
		if self.currentMembershipSource:
			return self.currentMembershipSource.manage_editMembershipSource(REQUEST)

	def postInitialisation(self, REQUEST):
		self.manage_addAuthSource(self=self,REQUEST=REQUEST)
		self.manage_addPropSource(self=self,REQUEST=REQUEST)
		self.manage_addMembershipSource(self=self,REQUEST=REQUEST)
		self.currentGroupSource = None
	
	def addAuthSource(self, REQUEST={}):
		return self.manage_addAuthSourceForm(self, REQUEST)

	def addPropSource(self, REQUEST={}):
		return self.manage_addPropSourceForm(self, REQUEST)

	def addMembershipSource(self, REQUEST={}):
		return self.manage_editMembershipSourceForm(self, REQUEST)

	def listUserProperties(self, username):
		if self.currentPropSource:
			return self.currentPropSource.listUserProperties(username=username)

	def getUserProperty(self, username, key):
		if self.currentPropSource:
			return self.currentPropSource.getUserProperty(key=key, username=username)
	
	def reqattr(self, request, attr, default=None):
		try:    return request[attr]
		except: return default

	def getAuthFailedMessage(self, code):
		""" Return a code """
		if LoginRequiredMessages.has_key(code):
			return LoginRequiredMessages[code]
		return 'Login Required'

	# Called when we are deleted
	def cache_deleteCache(self):
		pp = string.join(self.getPhysicalPath(), '/')
		XUFUserCache.deleteCache(pp)
		
	def cache_addToCache(self, username, password, user):
		if not self.sessionLength:
			return
		# fix by emmanuel
		if username == self._emergency_user.getUserName():
			return
		# /fix
		pp = string.join(self.getPhysicalPath(), '/')
		x = XUFUserCache.getCache(pp)
		if not x:
			x = XUFUserCache.createCache(pp, self.sessionLength)
		x.addToCache(username, password, user)

	def cache_getUser(self, username, password, checkpassword=1):
		if not self.sessionLength:
			return None
		pp = string.join(self.getPhysicalPath(), '/')
		x = XUFUserCache.getCache(pp)
		if not x:
			return None
		u = x.getUser(self, username, password, checkpassword)
		if u is not None:
			u = u.__of__(self)
		return u

	def cache_removeUser(self, username):
		if not self.sessionLength:
			return
		pp = string.join(self.getPhysicalPath(), '/')
		x = XUFUserCache.getCache(pp)
		if x:
			x.removeUser(username)

	def cache_getCacheStats(self):
		pp = string.join(self.getPhysicalPath(), '/')
		x = XUFUserCache.getCache(pp)
		if not x:
			x = XUFUserCache.createCache(pp, self.sessionLength)			
		if x:
			return x.getCacheStats()

	def cache_getCurrentUsers(self):
		pp = string.join(self.getPhysicalPath(), '/')
		x = XUFUserCache.getCache(pp)
		if x:
			return x.getCurrentUsers(self)

	# negative cache functions
	def xcache_deleteCache(self):
		pp = string.join(self.getPhysicalPath(), '/')
		XUFNotUserCache.deleteCache(pp)
		
	def xcache_addToCache(self, username):
		if not self.notSessionLength:
			return
		pp = string.join(self.getPhysicalPath(), '/')
		x = XUFNotUserCache.getCache(pp)
		if not x:
			x = XUFNotUserCache.createCache(pp, self.notSessionLength)
		x.addToCache(username)

	def xcache_getUser(self, username):
		if not self.notSessionLength:
			return None
		pp = string.join(self.getPhysicalPath(), '/')
		x = XUFNotUserCache.getCache(pp)
		if not x:
			return None
		return x.getUser(username)

	def xcache_removeUser(self, username):
		#zLOG.LOG('exUserFolder', zLOG.PANIC, 'xcache_removeUser(%s)' % username)
		if not self.notSessionLength:
			return
		pp = string.join(self.getPhysicalPath(), '/')
		x = XUFNotUserCache.getCache(pp)
		if x:
			#zLOG.LOG('exUserFolder', zLOG.PANIC, 'xcache_removeUser removing')
			x.removeUser(username)

	# Cookie Cache Functions
	def cache_deleteCookieCache(self):
		pp = string.join(self.getPhysicalPath(), '/')
		XUFCookieCache.deleteCache(pp)

	def cache_addToCookieCache(self, username, password, key):
		pp = string.join(self.getPhysicalPath(), '/')
		c = XUFCookieCache.getCache(pp)
		if not c:
			c = XUFCookieCache.createCache(pp, 86400)
		c.addToCache(username, password, key)

	def cache_getCookieCacheUser(self, key):
		pp = string.join(self.getPhysicalPath(), '/')
		c = XUFCookieCache.getCache(pp)
		if not c:
			return None
		return c.getUser(key)

	def cache_removeCookieCacheUser(self, key):
		pp = string.join(self.getPhysicalPath(), '/')
		c = XUFCookieCache.getCache(pp)
		if c:
			c.removeUser(key)
    
	def manage_editUser(self, username, REQUEST={}): # UNUSED by ScoDoc
 		""" Edit a User """
		# username=self.reqattr(REQUEST,'username')
		password=self.reqattr(REQUEST,'password')
		password_confirm=self.reqattr(REQUEST,'password_confirm')
		roles=self.reqattr(REQUEST,'roles', [])
		groups=self.reqattr(REQUEST, 'groupnames', [])
        
		if not username:
			return self.MessageDialog(self,REQUEST=REQUEST,
				title  ='Illegal value', 
				message='A username must be specified',
				action ='manage_main')

		if (password or password_confirm) and (password != password_confirm):
			return self.MessageDialog(self,REQUEST=REQUEST,
				title  ='Illegal value', 
				message='Password and confirmation do not match',
				action ='manage_main')
		
		self._doChangeUser(username, password, roles, domains='', groups=groups, REQUEST=REQUEST)
		
		return self.MessageDialog(self,REQUEST=REQUEST,
			title = 'User Updated',
			message= 'User %s was updated.'%(username),
			action = 'manage_main')
    
    
    # Methode special pour ScoDoc: evite le code inutile dans notre contexte
    # et accede a la BD via le curseur psycopg2 fourni
    # (facilitera la separation de Zope)
	def scodoc_editUser(self, cursor, username, password=None, roles=[]):
		"""Edit a ScoDoc user"""
		roles = list(roles)
		rolestring= ','.join(roles)
		# Don't change passwords if it's null
		if password:
			secret=self.cryptPassword(username, password)
			# Update just the password:			   
			# self.sqlUpdateUserPassword(username=username, password=secret)
			cursor.execute("UPDATE sco_users SET passwd=%(secret)s WHERE user_name=%(username)s",
						   { 'secret':secret, 'username': username } )
		
		#self.sqlUpdateUser(username=username, roles=rolestring)
		cursor.execute("UPDATE sco_users SET roles=%(rolestring)s WHERE user_name=%(username)s",
					   { 'rolestring':rolestring, 'username': username } )

		if hasattr(self.currentAuthSource, '_v_lastUser'):
			# Specific for pgAuthSource:
			self.currentAuthSource._v_lastUser={} # clear pg user cache
		
		# We may have updated roles or passwords... flush the user...
		self.cache_removeUser(username)
		self.xcache_removeUser(username)
    
	#
	# Membership helper
	#
	def goHome(self, REQUEST, RESPONSE):
		""" Go to home directory """
		if self.currentMembershipSource:
			self.currentMembershipSource.goHome(REQUEST, RESPONSE)


	# 
	# Membership method of changing user properties
	# 

	def manage_changeProps(self, REQUEST):
		""" Change Properties """
		if self.currentMembershipSource:
			return self.currentMembershipSource.changeProperties(REQUEST)
		else:
			
			return self.MessageDialog(self,REQUEST,
				title = 'This is a test',
				message= 'This was a test',
				action = '..')
 

	#
	# Membership method of adding a new user.
	# If everything goes well the membership plugin calls manage_addUser()
	#
	
	def manage_signupUser(self, REQUEST):
		""" Signup a new user """
		""" This is seperate so you can add users using the normal """
		""" interface w/o going through membership policy """

		username=self.reqattr(REQUEST,'username')
		roles=self.reqattr(REQUEST,'roles')

		if not username:
			return self.MessageDialog(self,REQUEST=REQUEST,
				title  ='Illegal value', 
				message='A username must be specified',
				action ='manage_main')

		if (self.getUser(username) or
			(self._emergency_user and
			 username == self._emergency_user.getUserName())):
			return self.MessageDialog(self,REQUEST=REQUEST,
				title  ='Illegal value', 
				message='A user with the specified name already exists',
				action ='manage_main')

		if self.currentMembershipSource:
			return self.currentMembershipSource.createUser(REQUEST)

	#
	# Membership method of changing passwords
	#
	def manage_changePassword(self, REQUEST):
		""" Change a password """
		if self.currentMembershipSource:
			return self.currentMembershipSource.changePassword(REQUEST)
		
	#
	# User says they can't remember their password
	#
	def manage_forgotPassword(self, REQUEST):
		""" So something about forgetting your password """
		if self.currentMembershipSource:
			return self.currentMembershipSource.forgotPassword(REQUEST)
		
	def __creatable_by_emergency_user__(self): return 1

	def manage_addUser(self, REQUEST):
		""" Add a New User """
		username=self.reqattr(REQUEST,'username')
		password=self.reqattr(REQUEST,'password')
		password_confirm=self.reqattr(REQUEST,'password_confirm')
		roles=self.reqattr(REQUEST,'roles')
		groups=self.reqattr(REQUEST, 'groupnames', [])

		if not username:
			return self.MessageDialog(self,REQUEST=REQUEST,
				title  ='Illegal value', 
				message='A username must be specified',
				action ='manage_main')

		if not password or not password_confirm:
			return self.MessageDialog(self,REQUEST=REQUEST,
				title  ='Illegal value', 
				message='Password and confirmation must be specified',
				action ='manage_main')

		if (self.getUser(username) or
			(self._emergency_user and
			 username == self._emergency_user.getUserName())):
			return self.MessageDialog(self,REQUEST=REQUEST,
				title  ='Illegal value', 
				message='A user with the specified name already exists',
				action ='manage_main')

		if (password or password_confirm) and (password != password_confirm):
			return self.MessageDialog(self,REQUEST=REQUEST,
				title  ='Illegal value', 
				message='Password and confirmation do not match',
				action ='manage_main')

		self._doAddUser(username, password, roles, domains='', groups=groups, REQUEST=REQUEST)
		#
		# Explicitly check our contents, do not just acquire postUserCreate
		#
		if 'postUserCreate' in self.objectIds():
			self.postUserCreate(self, REQUEST)
		
		return self.MessageDialog(self,REQUEST=REQUEST,
			title = 'User Created',
			message= 'User %s was created.'%(username),
			action = 'manage_main')

	def _doAddUser(self, name, password, roles, domains='', groups=(), **kw):
		""" For programatically adding simple users """
		self.currentAuthSource.createUser(name, password, roles)
		if self.currentPropSource:
			# copy items not in kw from REQUEST
			REQUEST = kw.get('REQUEST', self.REQUEST)
			map(kw.setdefault, REQUEST.keys(), REQUEST.values())
			self.currentPropSource.createUser(name, kw)

	def _doChangeUser(self, name, password, roles, domains='', groups=(), **kw):
		self.currentAuthSource.updateUser(name, password, roles)
		if self.currentPropSource:
			# copy items not in kw from REQUEST
			REQUEST = kw.get('REQUEST', self.REQUEST)
			map(kw.setdefault, REQUEST.keys(), REQUEST.values())
			self.currentPropSource.updateUser(name, kw)
		# We may have updated roles or passwords... flush the user...
		self.cache_removeUser(name)
		self.xcache_removeUser(name)
		
	def _doDelUsers(self, names):
		self.deleteUsers(names)

	def _createInitialUser(self):
		if len(self.getUserNames()) <= 1:
			info = readUserAccessFile('inituser')
			if info:
				name, password, domains, remote_user_mode = info
				self._doAddUser(name, password, ('Manager',), domains)


	def getUsers(self):
		"""Return a list of user objects or [] if no users exist"""
		data=[]
		try:
			items=self.listUsers()
			for people in items:
				user=User({'name':		people['username'],
						   'password':	people['password'],
						   'roles':		people['roles'], 
						   'domains':	''},
						  self.currentPropSource,
						  self.cryptPassword,
						  self.currentAuthSource,
						  self.currentGroupSource)
				data.append(user)
		except:
			import traceback
			traceback.print_exc()
			pass
			
		return data

	getUsers__roles__=('Anonymous','Authenticated')
	
	def getUser(self, name):
		"""Return the named user object or None if no such user exists"""
		user = self.cache_getUser(name, '', 0)
		#zLOG.LOG('exUserFolder.getUser', zLOG.PANIC, 'cache_getUser(%s)=%s' % (name,user))
		if user:
			return user
		try:
			items=self.listOneUser(name)
			#zLOG.LOG('exUserFolder.getUser', zLOG.PANIC, 'listOneUser=%s' % items) 
		except:
			zLOG.LOG("exUserFolder", zLOG.ERROR,
                                 "error trying to list user %s" % name,
                                 '',
                                 sys.exc_info())
			return None

		if not items:
			return None
		
		for people in items:
			user =  User({'name':    people['username'],
						  'password':people['password'],
						  'roles':   people['roles'],
						  'domains':	''},
						 self.currentPropSource,
						 self.cryptPassword,
						 self.currentAuthSource,
						 self.currentGroupSource)
			return user
		return None
		
	def manage_userActions(self, submit=None, userids=None, REQUEST={}):
		""" Do things to users """
		if submit==' Add ':
			if hasattr(self.currentAuthSource,'manage_addUserForm'):
				return self.currentAuthSource.manage_addUserForm(self, REQUEST)
			else:
				return self.manage_addUserForm(self, REQUEST)
		if submit==' Delete ':
			self.deleteUsers(userids)
			return self.MessageDialog(self,REQUEST=REQUEST,
				title  ='Users Deleted',
				message='Selected Users have been deleted',
				action =REQUEST['URL1']+'/manage_main',
				target ='manage_main')

		if REQUEST:
			return self.manage_main(self,REQUEST)
		return ''

	def identify(self, auth):
		# Identify the username and password.  This is where new modes should
		# be called from, and if pluggable modes ever take shape, here ya go!

		if self.cookie_mode and not auth:
			# The identify signature does not include the request, sadly.
			# I think that's dumb.
			request = self.REQUEST
			response = request.RESPONSE
	
			if request.has_key('__ac_name') and request.has_key('__ac_password'):
				return request['__ac_name'], request['__ac_password']
			elif request.has_key('__ac') and self.cookie_mode == 1:
				return self.decodeBasicCookie(request, response)
			elif request.has_key('__aca') and self.cookie_mode == 2:
				return self.decodeAdvancedCookie(request, response)

		if auth and lower(auth[:6]) == 'basic ':
				return tuple(split(decodestring(split(auth)[-1]), ':', 1))

		return None, None

	def decodeUserCookie(self, request, response):
		return self.identify('')

	def validate(self, request, auth='', roles=_noroles):
		"""
		Perform identification, authentication, and authorization.
		"""
		# Called at each web request
		#zLOG.LOG('exUserFolder', zLOG.PANIC, 'validate')
		v = request['PUBLISHED']
		a, c, n, v = self._getobcontext(v, request)

		name, password = self.identify(auth) # decode cookie, and raises LoginRequired if no ident info
        # password is the cleartext passwd
		# zLOG.LOG('exUserFolder', zLOG.DEBUG, 'identify returned %s, %s' % (name, password))

		response = request.RESPONSE
		if name is not None:
			try:
				xcached_user = self.xcache_getUser(name)
				#zLOG.LOG('exUserFolder.validate', zLOG.PANIC, 'xcached_user=%s' % xcached_user)
				if xcached_user:
					#zLOG.LOG('exUserFolder.validate', zLOG.PANIC, 'returning None')
					return None
			except:
				zLOG.LOG('exUserFolder', zLOG.ERROR,
						 "error while looking up '%s' on the xcache" % name,
						 '',
						 sys.exc_info())

			user = self.authenticate(name, password, request)
			#zLOG.LOG('exUserFolder.validate', zLOG.PANIC, 'user=%s' % user) 
			if user is None:
				# If it's none, because there's no user by that name,
				# don't raise a login, allow it to go higher...
				# This kinda breaks for people putting in the wrong username
				# when the Folder above uses a different auth method.
				# But it doesn't lock Manager users out inside Zope.
				# Perhaps this should be a tunable.

				# modified by Emmanuel
				try:
					lou = self.listOneUser(name) 
				except:
					lou = None
				if lou:
					self.challenge(request, response, 'login_failed', auth)
				return None
			self.remember(name, password, request)
			self.cache_addToCache(name, password, user)
			emergency = self._emergency_user
			if emergency and user is emergency:
				if self._isTop():
					return emergency.__of__(self)
				else:
					return None
			if self.authorize(user, a, c, n, v, roles):
				return user.__of__(self)
			if self._isTop() and self.authorize(self._nobody, a, c, n, v, roles):
				return self._nobody.__of__(self)
			self.challenge(request, response, 'unauthorized')
			return None
		else:
			if self.sessionTracking and self.currentPropSource:
				user = self.createAnonymousUser(request, response)
				if self.authorize(user, a, c, n, v, roles):
					return user.__of__(self)
			if self.authorize(self._nobody, a, c, n, v, roles):
				if self._isTop():
					return self._nobody.__of__(self)
				else:
					return None
			else:
				self.challenge(request, response, None, auth)
				return None
	
	def authenticate(self, name, password, request):
		#zLOG.LOG('exUserFolder.authenticate', zLOG.PANIC, '%s %s' % (name, password)) 
		emergency = self._emergency_user
		if emergency and name == emergency.getUserName():
			return emergency
		try:
			user = self.cache_getUser(name, password)
			#zLOG.LOG('exUserFolder.authenticate', zLOG.PANIC, 'cache_getUser=%s' % user) 
			if user:
				return user
		except SessionExpiredException:
			if self.idleTimeout:
				self.logout(request)
				self.challenge(request, request.RESPONSE, 'session_expired')
				return None
		user = self.getUser(name)
		#zLOG.LOG('exUserFolder.authenticate', zLOG.PANIC, 'getUser=%s' % user) 
		if user is not None:
			if user.authenticate(self.currentAuthSource.listOneUser,
								 password,
								 request,
								 self.currentAuthSource.remoteAuthMethod):
				return user
		return None

	def challenge(self, request, response, reason_code='unauthorized',
				  auth=''):
		# Give whatever mode we're in a chance to challenge the validation
		# failure.  We do this to preserve LoginRequired behavior.  The
		# other thing we could do is let the None propagate on up and patch
		# the request's unauthorized method to 

		if self.cookie_mode and not auth:
			zLOG.LOG('exUserFolder', zLOG.DEBUG, 'raising LoginRequired for %s' % reason_code)
			if reason_code == 'login_failed':
				response.expireCookie('__ac', path='/')
				response.expireCookie('__aca', path='/')
			if reason_code:
				request.set('authFailedCode', reason_code)
			raise LoginRequired(self.docLogin(self, request))
		else:
			zLOG.LOG('exUserFolder', zLOG.DEBUG, 'not raising LoginRequired for %s' % reason_code)

	def remember(self, name, password, request):
		response = request.RESPONSE
		if self.cookie_mode == 1:
			self.setBasicCookie(name, password, request, response)
		elif self.cookie_mode == 2:
			self.setAdvancedCookie(name, password, request, response)

		if self.cookie_mode:
			try:
				del request.form['__ac_name']
				del request.form['__ac_password']
			except KeyError:
				pass

	def makeRedirectPath(self):
		REQUEST=self.REQUEST
		if not REQUEST.has_key('destination'):
			script=REQUEST['SCRIPT_NAME']
			pathinfo=REQUEST['PATH_INFO']
			redirectstring=script+pathinfo
			if REQUEST.has_key('QUERY_STRING'):
				querystring='?'+quote(REQUEST['QUERY_STRING'])
				redirectstring=redirectstring+querystring

			REQUEST['destination']=redirectstring
		
	def redirectToLogin(self, REQUEST):
		""" Allow methods to call from Web """
		script=''
		pathinfo=''
		querystring=''
		redirectstring=''
		authFailedCode=''
		
		if not REQUEST.has_key('destination'):
			if self.currentMembershipSource:
				redirectstring = self.currentMembershipSource.getLoginDestination(REQUEST)
			else:
				script=REQUEST['SCRIPT_NAME']
				pathinfo=REQUEST['PATH_INFO']
				redirectstring=script+pathinfo
				if REQUEST.has_key('QUERY_STRING'):
					querystring='?'+REQUEST['QUERY_STRING']
					redirectstring=redirectstring+querystring

			REQUEST['destination']=redirectstring

		
		if REQUEST.has_key('authFailedCode'):
			authFailedCode='&authFailedCode='+REQUEST['authFailedCode']
		
			
			
		if self.currentMembershipSource and self.currentMembershipSource.loginPage:
			try:
				REQUEST.RESPONSE.redirect('%s/%s?destination=%s%s'%(self.currentMembershipSource.baseURL, self.currentMembershipSource.loginPage,REQUEST['destination'],authFailedCode))				
				return
			except:
				pass
		return self.docLogin(self,REQUEST)

	def decodeBasicCookie(self, request, response):
		c=request['__ac']
		c=unquote(c)
		try:
			c=decodestring(c)
		except:
			response.expireCookie('__ac', path='/')
			raise LoginRequired(self.docLogin(self, request))
		
		name,password=tuple(split(c, ':', 1))
		return name, password
		
	def decodeAdvancedCookie(self, request, response):
		c = ''
		try:
			c = request['__aca']
			c = unquote(c)
		except:
			response.expireCookie('__aca', path='/')
			response.expireCookie('__ac', path='/')	# Precaution
			response.flush()
			raise LoginRequired(self.docLogin(self, request))

		u = self.cache_getCookieCacheUser(c)
		if u:
			return u

		response.expireCookie('__aca', path='/')
		response.expireCookie('__ac', path='/')	# Precaution
		response.flush()
		raise LoginRequired(self.docLogin(self, request))

	def setBasicCookie(self, name, password, request, response):
		token='%s:%s' % (name, password)
		token=encodestring(token)
		token=quote(token)
		response.setCookie('__ac', token, path='/')
		request['__ac']=token
		
	def setAdvancedCookie(self, name, password, request, response):
		xufid = self._p_oid
		hash = encodestring(sha.new('%s%s%f%f%s'%(
			name, password, time(), random.random(), str(request))).digest())
		token=quote(hash)
		response.setCookie('__aca', token, path='/')
		response.flush()
		request['__aca']=token
		self.cache_addToCookieCache(name, password, hash)
		
	def setAnonCookie(self, name, request, resp):
		token='%s:%s' % (name, '')
		token=encodestring(token)
		token=quote(token)
		resp.setCookie('__ac', token, path='/')
		request['__ac']=token

	def createAnonymousUser(self, request, resp):
		aName=createTempName()
		bogusREQUEST={}
		bogusREQUEST['user_realname']='Guest User'
		self.currentPropSource.createUser(aName, bogusREQUEST)
		ob = AnonUser(aName, [], self.currentPropSource)
		ob = ob.__of__(self)
		self.cache_addToCache(aName, '', ob)			
		self.setAnonCookie(aName, request, resp)
		return ob
		
	def manage_edit(self, cookie_mode, session_length, sessionTracking=None,
					idleTimeout=0, not_session_length=0,
			                title=None,
					REQUEST=None):
		"""Change properties"""

		self.cookie_mode=cookie_mode
		self.sessionLength=session_length
		self.notSessionLength=not_session_length
		self.sessionTracking=sessionTracking
		self.idleTimeout=idleTimeout
		if title:
			self.title = title
		
		if REQUEST:
			return self.MessageDialog(self,REQUEST=REQUEST,
				title  ='exUserFolder Changed',
				message='exUserFolder properties have been updated',
				action =REQUEST['URL1']+'/manage_main',
				target ='manage_main')

	def logout(self, REQUEST):
		"""Logout"""
		try:
			self.cache_removeUser(REQUEST['AUTHENTICATED_USER'].getUserName())
		except:
			pass
		
		REQUEST['RESPONSE'].expireCookie('__ac', path='/')
		REQUEST.cookies['__ac']=''
		try:
			acc = REQUEST['__aca']
			self.cache_removeCookieCacheUser(acc)
			REQUEST.cookies['__aca']=''
		except:
			pass
		REQUEST['RESPONSE'].expireCookie('__aca', path='/')

		
		
		return self.docLogout(self, REQUEST)

	#
	# Methods to be supplied by Auth Source
	#
	def deleteUsers(self, userids):
		self.currentAuthSource.deleteUsers(userids)

		# Comment out to use Andreas' pgSchema
		if self.currentPropSource:
			self.currentPropSource.deleteUsers(userids)

		if self.currentGroupSource:
			self.currentGroupSource.deleteUsers(userids)
			

	def listUsers(self):
		return self.currentAuthSource.listUsers()

	def user_names(self):
		return self.currentAuthSource.listUserNames()
	
	def getUserNames(self):
		return self.currentAuthSource.listUserNames()

	def listOneUser(self,username):
		return self.currentAuthSource.listOneUser(username)

	def cryptPassword(self, username, password):
		if hasattr(aq_base(self.currentAuthSource), 'cryptPassword'):
			return self.currentAuthSource.cryptPassword(username, password)

		if hasattr(self, 'cryptoId'):
			return self.cryptoSources[self.cryptoId].plugin(self, username, password)
		return self.cryptoSources['Crypt'].plugin(self, username, password)

	def PropertyEditor(self):
		""" """
		if self.REQUEST.has_key(self.REQUEST['propName']):
			return PropertyEditor.EditMethods[self.REQUEST['propType']](self.REQUEST['propName'], self.REQUEST[self.REQUEST['propName']])
		return PropertyEditor.EditMethods[self.REQUEST['propType']](self.REQUEST['propName'], None)

	def PropertyView(self):
		""" """
		if self.REQUEST.has_key(self.REQUEST['propName']):
			return PropertyEditor.ViewMethods[self.REQUEST['propType']](self.REQUEST['propName'], self.REQUEST[self.REQUEST['propName']])
		return PropertyEditor.ViewMethods[self.REQUEST['propType']](self.REQUEST['propName'], None)

	def manage_addUserProperty(self, username, propName, propValue, REQUEST):
		""" add a new property """
		self.currentPropSource.setUserProperty(propName, username, propValue)
		if hasattr(self.currentAuthSource,'manage_editUserForm'):
			return self.currentAuthSource.manage_editUserForm(self, REQUEST)
		else:
			return self.manage_editUserForm(self,REQUEST)

	def getUserCacheStats(self):
		""" Stats """
		if self.sessionLength:
			if self.cache_getCacheStats()['attempts']:
				return self.cache_getCacheStats()
		return None

	def getUserCacheUsers(self):
		""" Current Users """
		if self.sessionLength:
			return self.cache_getCurrentUsers()
		return None

	def userFolderAddGroup(self, groupname, title='', **kw):
		"""Creates a group"""
		if self.currentGroupSource:
			apply(self.currentGroupSource.addGroup, (groupname, title), kw)
	
	def userFolderDelGroups(self, groupnames):
		"""Deletes groups"""
		if self.currentGroupSource:
			for groupname in groupnames:
				self.currentGroupSource.delGroup(groupname)

	def getGroupNames(self):
		"""Returns a list of group names"""
		if self.currentGroupSource:
			return self.currentGroupSource.listGroups()
		else:
			return []


	def getGroupById(self, groupname, default=_marker):
		"""Returns the given group"""
		if self.currentGroupSource:
			group = self.currentGroupSource.getGroup(groupname, default)
			if group:
				return group.__of__(self)
			else:
				return None

	def setUsersOfGroup(self, usernames, groupname):
		"""Sets the users of the group"""
		if self.currentGroupSource:
			return self.currentGroupSource.setUsersOfGroup(usernames, groupname)

	def addUsersToGroup(self, usernames, groupname):
		"""Adds users to a group"""
		if self.currentGroupSource:
			return self.currentGroupSource.addUsersToGroup(usernames, groupname)

	def delUsersFromGroup(self, usernames, groupname):
		"""Deletes users from a group"""
		if self.currentGroupSource:
			return self.currentGroupSource.delUsersFromGroup(usernames, groupname)

	def setGroupsOfUser(self, groupnames, username):
		"""Sets the groups of a user"""
		if self.currentGroupSource:
			return self.currentGroupSource.setGroupsOfUser(groupnames, username)

	def addGroupsOfUser(self, groupnames, username):
		"""Add groups to a user"""
		if self.currentGroupSource:
			return self.currentGroupSource.addGroupsToUser(groupnames, username)

	def delGroupsOfUser(self, groupnames, username):
		"""Deletes groups from a user"""
		if self.currentGroupSource:
			return self.currentGroupSource.delGroupsFromUser(groupnames, username)

	# We lie.
	def hasUsers(self):
		return 1


def doAuthSourceForm(self,authId):
	""" la de da """
	return exUserFolder.authSources[authId].manage_addForm

def doPropSourceForm(self,propId):
	""" la de da """
	return exUserFolder.propSources[propId].manage_addForm

def doMembershipSourceForm(self, memberId):
	""" doot de doo """
	return exUserFolder.membershipSources[memberId].manage_addForm

#def doGroupSourceForm(self,groupId):
#	""" la de da """
#	return exUserFolder.groupSources[groupId].manage_addForm

def getAuthSources(self):
	""" Hrm I need a docstring """
	l=[]
	for o in exUserFolder.authSources.keys():
		l.append(
			exUserFolder.authSources[o]
			)
	return l

def getPropSources(self):
	""" Hrm I need a docstring """
	l=[]
	for o in exUserFolder.propSources.keys():
		l.append(
			exUserFolder.propSources[o]
			)
	return l

def getMembershipSources(self):
	""" Hrm I need a docstring """
	l=[]
	for o in exUserFolder.membershipSources.keys():
		l.append(
			exUserFolder.membershipSources[o]
			)
	return l

def getGroupSources(self):
	""" Hrm I need a docstring """
	return [] # UNUSED by ScoDoc: empty

def getCryptoSources(self):
	""" Doc String """
	l = []
	for o in exUserFolder.cryptoSources.keys():
		l.append(
			exUserFolder.cryptoSources[o]
			)
	return l

def MailHostIDs(self):
    """Find SQL database connections in the current folder and above

    This function return a list of ids.
    """
    return [] # UNUSED BY SCODOC

from types import ListType, IntType, LongType, FloatType, NoneType, DictType, StringType

def getVariableType(self, o):

	if type(o) == ListType:
		return 'List'
	if type(o) == IntType:
		return 'Int'
	if type(o) == LongType:
		return 'Long'
	if type(o) == FloatType:
		return 'Float'
	if type(o) == NoneType:
		return 'None'
	if type(o) == DictType:
		return 'Dict'
	if type(o) == StringType:
		return 'String'
	return 'Unknown or Restricted'

_postUserCreate='''
<dtml-comment>
Replace this method with whatever you want to do
when a user is created, you can use a Python Script,
or External Method, or keep it as a DTML Method if you
want to
</dtml-comment>
'''