1381 lines
44 KiB
Python
1381 lines
44 KiB
Python
|
# Zope User Folder for ScoDoc
|
||
|
# Adapte de l'Extensible User Folder
|
||
|
# simplifie pour les besoins de ScoDoc.
|
||
|
# Emmanuel Viennet 2013
|
||
|
|
||
|
#
|
||
|
# Extensible User Folder
|
||
|
#
|
||
|
# (C) Copyright 2000,2001 The Internet (Aust) Pty Ltd
|
||
|
# ACN: 082 081 472 ABN: 83 082 081 472
|
||
|
# All Rights Reserved
|
||
|
#
|
||
|
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||
|
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||
|
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||
|
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||
|
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||
|
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||
|
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||
|
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||
|
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||
|
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||
|
# SUCH DAMAGE.
|
||
|
#
|
||
|
# Author: Andrew Milton <akm@theinternet.com.au>
|
||
|
# $Id: exUserFolder.py,v 1.93 2004/11/10 14:15:33 akm Exp $
|
||
|
|
||
|
##############################################################################
|
||
|
#
|
||
|
# Zope Public License (ZPL) Version 0.9.4
|
||
|
# ---------------------------------------
|
||
|
#
|
||
|
# Copyright (c) Digital Creations. All rights reserved.
|
||
|
#
|
||
|
# Redistribution and use in source and binary forms, with or
|
||
|
# without modification, are permitted provided that the following
|
||
|
# conditions are met:
|
||
|
#
|
||
|
# 1. Redistributions in source code must retain the above
|
||
|
# copyright notice, this list of conditions, and the following
|
||
|
# disclaimer.
|
||
|
#
|
||
|
# 6. Redistributions of any form whatsoever must retain the
|
||
|
# following acknowledgment:
|
||
|
#
|
||
|
# "This product includes software developed by Digital
|
||
|
# Creations for use in the Z Object Publishing Environment
|
||
|
# (http://www.zope.org/)."
|
||
|
#
|
||
|
# Disclaimer
|
||
|
#
|
||
|
# THIS SOFTWARE IS PROVIDED BY DIGITAL CREATIONS ``AS IS'' AND
|
||
|
# ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||
|
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
|
||
|
# FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
|
||
|
# SHALL DIGITAL CREATIONS OR ITS CONTRIBUTORS BE LIABLE FOR ANY
|
||
|
# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||
|
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||
|
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||
|
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
|
||
|
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||
|
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
|
||
|
# IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
|
||
|
# THE POSSIBILITY OF SUCH DAMAGE.
|
||
|
#
|
||
|
##############################################################################
|
||
|
|
||
|
# Portions Copyright (c) 2002 Nuxeo SARL <http://nuxeo.com>,
|
||
|
# Copyright (c) 2002 Florent Guillaume <mailto:fg@nuxeo.com>.
|
||
|
#
|
||
|
# Redistribution and use in source and binary forms, with or without
|
||
|
# modification, are permitted provided that the following conditions are
|
||
|
# met:
|
||
|
#
|
||
|
# 1. Redistributions of source code must retain the above copyright
|
||
|
# notice, this list of conditions and the following disclaimer.
|
||
|
#
|
||
|
# 2. Redistributions in binary form must reproduce the above copyright
|
||
|
# notice, this list of conditions and the following disclaimer in
|
||
|
# the documentation and/or other materials provided with the
|
||
|
# distribution.
|
||
|
#
|
||
|
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
|
||
|
# IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
||
|
# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
||
|
# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||
|
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||
|
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||
|
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||
|
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||
|
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||
|
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||
|
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||
|
|
||
|
import Globals, App.Undo, socket, os, string, sha, random, sys, zLOG
|
||
|
|
||
|
from Globals import DTMLFile, PersistentMapping
|
||
|
from string import join,strip,split,lower,upper,find
|
||
|
|
||
|
from OFS.Folder import Folder
|
||
|
from OFS.CopySupport import CopyContainer
|
||
|
|
||
|
from base64 import decodestring, encodestring
|
||
|
from urllib import quote, unquote
|
||
|
|
||
|
from Acquisition import aq_base
|
||
|
from AccessControl import ClassSecurityInfo
|
||
|
from AccessControl.Role import RoleManager
|
||
|
from AccessControl.User import BasicUser, BasicUserFolder, readUserAccessFile
|
||
|
from AccessControl.PermissionRole import PermissionRole
|
||
|
from AccessControl.ZopeSecurityPolicy import _noroles
|
||
|
from OFS.DTMLMethod import DTMLMethod
|
||
|
from time import time
|
||
|
from OFS.ObjectManager import REPLACEABLE
|
||
|
from Persistence import Persistent
|
||
|
|
||
|
from PropertyEditor import *
|
||
|
|
||
|
from User import User, AnonUser
|
||
|
from UserCache.UserCache import GlobalUserCache, GlobalNegativeUserCache, GlobalAdvancedCookieCache, SessionExpiredException
|
||
|
|
||
|
from LoginRequiredMessages import LoginRequiredMessages
|
||
|
|
||
|
from AccessControl import Unauthorized
|
||
|
|
||
|
class LoginRequired(Exception):
|
||
|
"""Login required"""
|
||
|
pass
|
||
|
|
||
|
|
||
|
# If there is no NUG Product just define a dummy class
|
||
|
try:
|
||
|
from Products.NuxUserGroups.UserFolderWithGroups import BasicGroupFolderMixin, _marker
|
||
|
except ImportError:
|
||
|
class BasicGroupFolderMixin:
|
||
|
pass
|
||
|
_marker = None
|
||
|
|
||
|
# Little function to create temp usernames
|
||
|
def createTempName():
|
||
|
t=time()
|
||
|
t1=time()
|
||
|
t2=time()
|
||
|
t3 = 0.0
|
||
|
t3 = (t + t1 + t2) / 3
|
||
|
un = "Anonymous %.0f"%(t3)
|
||
|
return(un)
|
||
|
|
||
|
|
||
|
manage_addexUserFolderForm=DTMLFile('dtml/manage_addexUserFolder', globals(), __name__='manage_addexUserFolderForm')
|
||
|
|
||
|
|
||
|
|
||
|
def manage_addexUserFolder(self, authId, propId, memberId,
|
||
|
cookie_mode=0, session_length=0,
|
||
|
not_session_length=0,
|
||
|
sessionTracking=None, idleTimeout=None,
|
||
|
REQUEST={}, groupId=None, cryptoId=None):
|
||
|
""" """
|
||
|
if hasattr(self.aq_base, 'acl_users'):
|
||
|
return Globals.MessageDialog(self,REQUEST,
|
||
|
title ='Item Exists',
|
||
|
message='This object already contains a User Folder',
|
||
|
action ='%s/manage_main' % REQUEST['URL1'])
|
||
|
ob=exUserFolder(authId, propId, memberId, groupId, cryptoId, cookie_mode,
|
||
|
session_length, sessionTracking, idleTimeout,
|
||
|
not_session_length)
|
||
|
|
||
|
self._setObject('acl_users', ob, None, None, 0)
|
||
|
self.__allow_groups__=self.acl_users
|
||
|
ob=getattr(self, 'acl_users')
|
||
|
ob.postInitialisation(REQUEST)
|
||
|
|
||
|
if REQUEST:
|
||
|
return self.manage_main(self, REQUEST)
|
||
|
return ''
|
||
|
|
||
|
#
|
||
|
# Module level caches
|
||
|
#
|
||
|
XUFUserCache=GlobalUserCache()
|
||
|
XUFNotUserCache=GlobalNegativeUserCache()
|
||
|
XUFCookieCache=GlobalAdvancedCookieCache()
|
||
|
|
||
|
class exUserFolder(Folder,BasicUserFolder,BasicGroupFolderMixin,
|
||
|
CopyContainer):
|
||
|
""" """
|
||
|
|
||
|
# HACK! We use this meta_type internally so we can be pasted into
|
||
|
# the root. We registered with 'exUserFolder' meta_type however, so
|
||
|
# our constructors work.
|
||
|
meta_type='User Folder'
|
||
|
id ='acl_users'
|
||
|
title ='Extensible User Folder'
|
||
|
icon ='misc_/exUserFolder/exUserFolder.gif'
|
||
|
|
||
|
isPrincipiaFolderish=1
|
||
|
isAUserFolder=1
|
||
|
__allow_access_to_unprotected_subobjects__=1
|
||
|
authSources={}
|
||
|
propSources={}
|
||
|
cryptoSources={}
|
||
|
membershipSources={}
|
||
|
groupSources={} # UNUSED by ScoDoc
|
||
|
|
||
|
manage_options=(
|
||
|
{'label':'Users', 'action':'manage_main'},
|
||
|
{'label':'Groups', 'action':'manage_userGroups'},
|
||
|
{'label':'Parameters', 'action':'manage_editexUserFolderForm'},
|
||
|
{'label':'Authentication Source','action':'manage_editAuthSourceForm'},
|
||
|
{'label':'Properties Source','action':'manage_editPropSourceForm'},
|
||
|
{'label':'Membership Source', 'action':'manage_editMembershipSourceForm'},
|
||
|
{'label':'Cache Data', 'action':'manage_showCacheData'},
|
||
|
{'label':'Security', 'action':'manage_access'},
|
||
|
{'label':'Contents', 'action':'manage_contents'},
|
||
|
{'label':'Ownership', 'action':'manage_owner'},
|
||
|
{'label':'Undo', 'action':'manage_UndoForm'},
|
||
|
)
|
||
|
|
||
|
__ac_permissions__=(
|
||
|
('View management screens', ('manage','manage_menu','manage_main',
|
||
|
'manage_copyright', 'manage_tabs',
|
||
|
'manage_properties', 'manage_UndoForm',
|
||
|
'manage_edit', 'manage_contents',
|
||
|
'manage_cutObjects','manage_copyObjects',
|
||
|
'manage_pasteObjects',
|
||
|
'manage_renameForm',
|
||
|
'manage_renameObject',
|
||
|
'manage_renameObjects', ),
|
||
|
('Manager',)),
|
||
|
|
||
|
('Undo changes', ('manage_undo_transactions',),
|
||
|
('Manager',)),
|
||
|
|
||
|
('Change permissions', ('manage_access',),
|
||
|
('Manager',)),
|
||
|
|
||
|
('Manage users', ('manage_users', 'manage_editUserForm',
|
||
|
'manage_editUser', 'manage_addUserForm',
|
||
|
'manage_addUser', 'manage_userActions',
|
||
|
'userFolderAddGroup',
|
||
|
'userFolderDelGroups',
|
||
|
'getGroupNames',
|
||
|
'getGroupById',
|
||
|
'manage_userGroups',
|
||
|
'manage_addGroup',
|
||
|
'manage_showGroup',),
|
||
|
('Manager',)),
|
||
|
|
||
|
('Change exUser Folders', ('manage_edit',),
|
||
|
('Manager',)),
|
||
|
|
||
|
('View', ('manage_changePassword',
|
||
|
'manage_forgotPassword', 'docLogin','docLoginRedirect',
|
||
|
'docLogout', 'logout', 'DialogHeader',
|
||
|
'DialogFooter', 'manage_signupUser',
|
||
|
'MessageDialog', 'redirectToLogin','manage_changeProps'),
|
||
|
('Anonymous', 'Authenticated', 'Manager')),
|
||
|
|
||
|
('Manage properties', ('manage_addProperty',
|
||
|
'manage_editProperties',
|
||
|
'manage_delProperties',
|
||
|
'manage_changeProperties',
|
||
|
'manage_propertiesForm',
|
||
|
'manage_propertyTypeForm',
|
||
|
'manage_changePropertyTypes',
|
||
|
),
|
||
|
('Manager',)),
|
||
|
('Access contents information', ('hasProperty', 'propertyIds',
|
||
|
'propertyValues','propertyItems',
|
||
|
'getProperty', 'getPropertyType',
|
||
|
'propertyMap', 'docLogin','docLoginRedirect',
|
||
|
'DialogHeader', 'DialogFooter',
|
||
|
'MessageDialog', 'redirectToLogin',),
|
||
|
('Anonymous', 'Authenticated', 'Manager')),
|
||
|
)
|
||
|
manage_access=DTMLFile('dtml/access',globals())
|
||
|
manage_tabs=DTMLFile('common/manage_tabs',globals())
|
||
|
manage_properties=DTMLFile('dtml/properties', globals())
|
||
|
manage_main=DTMLFile('dtml/mainUser', globals())
|
||
|
manage_contents=Folder.manage_main
|
||
|
manage_showCacheData=DTMLFile('dtml/manage_showCacheData', globals())
|
||
|
|
||
|
# This is going away soon...
|
||
|
docLoginRedirect=DTMLFile('dtml/docLoginRedirect', globals())
|
||
|
|
||
|
# Stupid crap
|
||
|
try:
|
||
|
manage_contents._setName('manage_contents')
|
||
|
except AttributeError:
|
||
|
pass
|
||
|
|
||
|
|
||
|
MessageDialog=DTMLFile('common/MessageDialog', globals())
|
||
|
MessageDialog.__replaceable__ = REPLACEABLE
|
||
|
|
||
|
manage_addUserForm=DTMLFile('dtml/manage_addUserForm',globals())
|
||
|
manage_editUserForm=DTMLFile('dtml/manage_editUserForm',globals())
|
||
|
|
||
|
DialogHeader__roles__=()
|
||
|
DialogHeader=DTMLFile('common/DialogHeader',globals())
|
||
|
DialogFooter__roles__=()
|
||
|
DialogFooter=DTMLFile('common/DialogFooter',globals())
|
||
|
|
||
|
manage_editAuthSourceForm=DTMLFile('dtml/manage_editAuthSourceForm',globals())
|
||
|
manage_editPropSourceForm=DTMLFile('dtml/manage_editPropSourceForm',globals())
|
||
|
manage_editMembershipSourceForm=DTMLFile('dtml/manage_editMembershipSourceForm', globals())
|
||
|
|
||
|
manage_addPropertyForm=DTMLFile('dtml/manage_addPropertyForm', globals())
|
||
|
manage_createPropertyForm=DTMLFile('dtml/manage_createPropertyForm', globals())
|
||
|
manage_editUserPropertyForm=DTMLFile('dtml/manage_editUserPropertyForm', globals())
|
||
|
|
||
|
manage_editexUserFolderForm=DTMLFile('dtml/manage_editexUserFolderForm', globals())
|
||
|
|
||
|
manage_userGroups=DTMLFile('dtml/mainGroup',globals())
|
||
|
|
||
|
|
||
|
# Use pages from NUG if it's there, otherwise no group support
|
||
|
try:
|
||
|
manage_addGroup = BasicGroupFolderMixin.manage_addGroup
|
||
|
manage_showGroup = BasicGroupFolderMixin.manage_showGroup
|
||
|
except:
|
||
|
manage_addGroup = None
|
||
|
manage_showGroup = None
|
||
|
|
||
|
# No more class globals
|
||
|
|
||
|
# sessionLength=0 # Upgrading users should get no caching.
|
||
|
# notSessionLength=0 # bad cache limit
|
||
|
# cookie_mode=0
|
||
|
# sessionTracking=None # Or session tracking.
|
||
|
# idleTimeout=0
|
||
|
|
||
|
def __init__(self, authId, propId, memberId, groupId, cryptoId,
|
||
|
cookie_mode=0, session_length=0, sessionTracking=None,
|
||
|
idleTimeout=0, not_session_length=0):
|
||
|
self.cookie_mode=cookie_mode
|
||
|
self.sessionLength=session_length
|
||
|
self.notSessionLength=not_session_length
|
||
|
self.sessionTracking=sessionTracking
|
||
|
self.idleTimeout=idleTimeout
|
||
|
|
||
|
_docLogin=DTMLFile('dtml/docLogin',globals())
|
||
|
_docLogout=DTMLFile('dtml/docLogout',globals())
|
||
|
|
||
|
docLogin=DTMLMethod(__name__='docLogin')
|
||
|
docLogin.manage_edit(data=_docLogin, title='Login Page')
|
||
|
self._setObject('docLogin', docLogin, None, None, 0)
|
||
|
|
||
|
docLogout=DTMLMethod(__name__='docLogout')
|
||
|
docLogout.manage_edit(data=_docLogout, title='Logout Page')
|
||
|
self._setObject('docLogout', docLogout, None, None, 0)
|
||
|
|
||
|
postUserCreate=DTMLMethod(__name__='postUserCreate')
|
||
|
postUserCreate.manage_edit(data=_postUserCreate, title='Post User Creation methods')
|
||
|
self._setObject('postUserCreate', postUserCreate, None, None, 0)
|
||
|
|
||
|
self.manage_addAuthSource=self.authSources[authId].manage_addMethod
|
||
|
self.manage_addPropSource=self.propSources[propId].manage_addMethod
|
||
|
self.manage_addMembershipSource=self.membershipSources[memberId].manage_addMethod
|
||
|
|
||
|
self.manage_addGroupSource=None # UNUSED by ScoDoc
|
||
|
self.currentGroupsSource=None
|
||
|
|
||
|
if cryptoId:
|
||
|
self.cryptoId = cryptoId
|
||
|
else:
|
||
|
self.cryptoId = 'Crypt'
|
||
|
|
||
|
def __setstate__(self, state):
|
||
|
Persistent.__setstate__(self, state)
|
||
|
if not hasattr(self, 'currentGroupSource'):
|
||
|
self.currentGroupSource = None
|
||
|
if not hasattr(self, 'sessionLength'):
|
||
|
self.sessionLength = 0
|
||
|
if not hasattr(self, 'notSessionLength'):
|
||
|
self.notSessionLength = 0
|
||
|
if not hasattr(self, 'cookie_mode'):
|
||
|
self.cookie_mode = 0
|
||
|
if not hasattr(self, 'sessionTraining'):
|
||
|
self.sessionTracking = None
|
||
|
if not hasattr(self, 'idleTimeout'):
|
||
|
self.idleTimeout=0
|
||
|
|
||
|
def manage_beforeDelete(self, item, container):
|
||
|
zLOG.LOG("exUserFolder", zLOG.BLATHER, "Attempting to delete an exUserFolder instance")
|
||
|
if item is self:
|
||
|
try:
|
||
|
self.cache_deleteCache()
|
||
|
self.xcache_deleteCache()
|
||
|
zLOG.LOG("exUserFolder", zLOG.BLATHER, "-- Caches deleted")
|
||
|
except:
|
||
|
#pass
|
||
|
zLOG.LOG("exUserFolder", zLOG.BLATHER, "-- Cache deletion failed")
|
||
|
|
||
|
try:
|
||
|
del container.__allow_groups__
|
||
|
zLOG.LOG("exUserFolder", zLOG.BLATHER, "-- container.__allow_groups_ deleted")
|
||
|
except:
|
||
|
#pass
|
||
|
zLOG.LOG("exUserFolder", zLOG.BLATHER, "-- container.__allow_groups_ deletion failed")
|
||
|
|
||
|
|
||
|
def manage_afterAdd(self, item, container):
|
||
|
zLOG.LOG("exUserFolder", zLOG.BLATHER, "Adding an exUserFolder")
|
||
|
|
||
|
if item is self:
|
||
|
if hasattr(self, 'aq_base'): self=self.aq_base
|
||
|
container.__allow_groups__=self
|
||
|
|
||
|
def manage_editPropSource(self, REQUEST):
|
||
|
""" Edit Prop Source """
|
||
|
if self.currentPropSource:
|
||
|
self.currentPropSource.manage_editPropSource(REQUEST)
|
||
|
return self.manage_main(self, REQUEST)
|
||
|
|
||
|
def manage_editAuthSource(self, REQUEST):
|
||
|
""" Edit Auth Source """
|
||
|
self.currentAuthSource.manage_editAuthSource(REQUEST)
|
||
|
return self.manage_main(self, REQUEST)
|
||
|
|
||
|
def manage_editMembershipSource(self, REQUEST):
|
||
|
""" Edit Membership Source """
|
||
|
if self.currentMembershipSource:
|
||
|
return self.currentMembershipSource.manage_editMembershipSource(REQUEST)
|
||
|
|
||
|
def postInitialisation(self, REQUEST):
|
||
|
self.manage_addAuthSource(self=self,REQUEST=REQUEST)
|
||
|
self.manage_addPropSource(self=self,REQUEST=REQUEST)
|
||
|
self.manage_addMembershipSource(self=self,REQUEST=REQUEST)
|
||
|
self.currentGroupSource = None
|
||
|
|
||
|
def addAuthSource(self, REQUEST={}):
|
||
|
return self.manage_addAuthSourceForm(self, REQUEST)
|
||
|
|
||
|
def addPropSource(self, REQUEST={}):
|
||
|
return self.manage_addPropSourceForm(self, REQUEST)
|
||
|
|
||
|
def addMembershipSource(self, REQUEST={}):
|
||
|
return self.manage_editMembershipSourceForm(self, REQUEST)
|
||
|
|
||
|
def listUserProperties(self, username):
|
||
|
if self.currentPropSource:
|
||
|
return self.currentPropSource.listUserProperties(username=username)
|
||
|
|
||
|
def getUserProperty(self, username, key):
|
||
|
if self.currentPropSource:
|
||
|
return self.currentPropSource.getUserProperty(key=key, username=username)
|
||
|
|
||
|
def reqattr(self, request, attr, default=None):
|
||
|
try: return request[attr]
|
||
|
except: return default
|
||
|
|
||
|
def getAuthFailedMessage(self, code):
|
||
|
""" Return a code """
|
||
|
if LoginRequiredMessages.has_key(code):
|
||
|
return LoginRequiredMessages[code]
|
||
|
return 'Login Required'
|
||
|
|
||
|
# Called when we are deleted
|
||
|
def cache_deleteCache(self):
|
||
|
pp = string.join(self.getPhysicalPath(), '/')
|
||
|
XUFUserCache.deleteCache(pp)
|
||
|
|
||
|
def cache_addToCache(self, username, password, user):
|
||
|
if not self.sessionLength:
|
||
|
return
|
||
|
# fix by emmanuel
|
||
|
if username == self._emergency_user.getUserName():
|
||
|
return
|
||
|
# /fix
|
||
|
pp = string.join(self.getPhysicalPath(), '/')
|
||
|
x = XUFUserCache.getCache(pp)
|
||
|
if not x:
|
||
|
x = XUFUserCache.createCache(pp, self.sessionLength)
|
||
|
x.addToCache(username, password, user)
|
||
|
|
||
|
def cache_getUser(self, username, password, checkpassword=1):
|
||
|
if not self.sessionLength:
|
||
|
return None
|
||
|
pp = string.join(self.getPhysicalPath(), '/')
|
||
|
x = XUFUserCache.getCache(pp)
|
||
|
if not x:
|
||
|
return None
|
||
|
u = x.getUser(self, username, password, checkpassword)
|
||
|
if u is not None:
|
||
|
u = u.__of__(self)
|
||
|
return u
|
||
|
|
||
|
def cache_removeUser(self, username):
|
||
|
if not self.sessionLength:
|
||
|
return
|
||
|
pp = string.join(self.getPhysicalPath(), '/')
|
||
|
x = XUFUserCache.getCache(pp)
|
||
|
if x:
|
||
|
x.removeUser(username)
|
||
|
|
||
|
def cache_getCacheStats(self):
|
||
|
pp = string.join(self.getPhysicalPath(), '/')
|
||
|
x = XUFUserCache.getCache(pp)
|
||
|
if not x:
|
||
|
x = XUFUserCache.createCache(pp, self.sessionLength)
|
||
|
if x:
|
||
|
return x.getCacheStats()
|
||
|
|
||
|
def cache_getCurrentUsers(self):
|
||
|
pp = string.join(self.getPhysicalPath(), '/')
|
||
|
x = XUFUserCache.getCache(pp)
|
||
|
if x:
|
||
|
return x.getCurrentUsers(self)
|
||
|
|
||
|
# negative cache functions
|
||
|
def xcache_deleteCache(self):
|
||
|
pp = string.join(self.getPhysicalPath(), '/')
|
||
|
XUFNotUserCache.deleteCache(pp)
|
||
|
|
||
|
def xcache_addToCache(self, username):
|
||
|
if not self.notSessionLength:
|
||
|
return
|
||
|
pp = string.join(self.getPhysicalPath(), '/')
|
||
|
x = XUFNotUserCache.getCache(pp)
|
||
|
if not x:
|
||
|
x = XUFNotUserCache.createCache(pp, self.notSessionLength)
|
||
|
x.addToCache(username)
|
||
|
|
||
|
def xcache_getUser(self, username):
|
||
|
if not self.notSessionLength:
|
||
|
return None
|
||
|
pp = string.join(self.getPhysicalPath(), '/')
|
||
|
x = XUFNotUserCache.getCache(pp)
|
||
|
if not x:
|
||
|
return None
|
||
|
return x.getUser(username)
|
||
|
|
||
|
def xcache_removeUser(self, username):
|
||
|
#zLOG.LOG('exUserFolder', zLOG.PANIC, 'xcache_removeUser(%s)' % username)
|
||
|
if not self.notSessionLength:
|
||
|
return
|
||
|
pp = string.join(self.getPhysicalPath(), '/')
|
||
|
x = XUFNotUserCache.getCache(pp)
|
||
|
if x:
|
||
|
#zLOG.LOG('exUserFolder', zLOG.PANIC, 'xcache_removeUser removing')
|
||
|
x.removeUser(username)
|
||
|
|
||
|
# Cookie Cache Functions
|
||
|
def cache_deleteCookieCache(self):
|
||
|
pp = string.join(self.getPhysicalPath(), '/')
|
||
|
XUFCookieCache.deleteCache(pp)
|
||
|
|
||
|
def cache_addToCookieCache(self, username, password, key):
|
||
|
pp = string.join(self.getPhysicalPath(), '/')
|
||
|
c = XUFCookieCache.getCache(pp)
|
||
|
if not c:
|
||
|
c = XUFCookieCache.createCache(pp, 86400)
|
||
|
c.addToCache(username, password, key)
|
||
|
|
||
|
def cache_getCookieCacheUser(self, key):
|
||
|
pp = string.join(self.getPhysicalPath(), '/')
|
||
|
c = XUFCookieCache.getCache(pp)
|
||
|
if not c:
|
||
|
return None
|
||
|
return c.getUser(key)
|
||
|
|
||
|
def cache_removeCookieCacheUser(self, key):
|
||
|
pp = string.join(self.getPhysicalPath(), '/')
|
||
|
c = XUFCookieCache.getCache(pp)
|
||
|
if c:
|
||
|
c.removeUser(key)
|
||
|
|
||
|
def manage_editUser(self, username, REQUEST={}): # UNUSED by ScoDoc
|
||
|
""" Edit a User """
|
||
|
# username=self.reqattr(REQUEST,'username')
|
||
|
password=self.reqattr(REQUEST,'password')
|
||
|
password_confirm=self.reqattr(REQUEST,'password_confirm')
|
||
|
roles=self.reqattr(REQUEST,'roles', [])
|
||
|
groups=self.reqattr(REQUEST, 'groupnames', [])
|
||
|
|
||
|
if not username:
|
||
|
return self.MessageDialog(self,REQUEST=REQUEST,
|
||
|
title ='Illegal value',
|
||
|
message='A username must be specified',
|
||
|
action ='manage_main')
|
||
|
|
||
|
if (password or password_confirm) and (password != password_confirm):
|
||
|
return self.MessageDialog(self,REQUEST=REQUEST,
|
||
|
title ='Illegal value',
|
||
|
message='Password and confirmation do not match',
|
||
|
action ='manage_main')
|
||
|
|
||
|
self._doChangeUser(username, password, roles, domains='', groups=groups, REQUEST=REQUEST)
|
||
|
|
||
|
return self.MessageDialog(self,REQUEST=REQUEST,
|
||
|
title = 'User Updated',
|
||
|
message= 'User %s was updated.'%(username),
|
||
|
action = 'manage_main')
|
||
|
|
||
|
|
||
|
# Methode special pour ScoDoc: evite le code inutile dans notre contexte
|
||
|
# et accede a la BD via le curseur psycopg2 fourni
|
||
|
# (facilitera la separation de Zope)
|
||
|
def scodoc_editUser(self, cursor, username, password=None, roles=[]):
|
||
|
"""Edit a ScoDoc user"""
|
||
|
roles = list(roles)
|
||
|
rolestring= ','.join(roles)
|
||
|
# Don't change passwords if it's null
|
||
|
if password:
|
||
|
secret=self.cryptPassword(username, password)
|
||
|
# Update just the password:
|
||
|
# self.sqlUpdateUserPassword(username=username, password=secret)
|
||
|
cursor.execute("UPDATE sco_users SET passwd=%(secret)s WHERE user_name=%(username)s",
|
||
|
{ 'secret':secret, 'username': username } )
|
||
|
|
||
|
#self.sqlUpdateUser(username=username, roles=rolestring)
|
||
|
cursor.execute("UPDATE sco_users SET roles=%(rolestring)s WHERE user_name=%(username)s",
|
||
|
{ 'rolestring':rolestring, 'username': username } )
|
||
|
|
||
|
if hasattr(self.currentAuthSource, '_v_lastUser'):
|
||
|
# Specific for pgAuthSource:
|
||
|
self.currentAuthSource._v_lastUser={} # clear pg user cache
|
||
|
|
||
|
# We may have updated roles or passwords... flush the user...
|
||
|
self.cache_removeUser(username)
|
||
|
self.xcache_removeUser(username)
|
||
|
|
||
|
#
|
||
|
# Membership helper
|
||
|
#
|
||
|
def goHome(self, REQUEST, RESPONSE):
|
||
|
""" Go to home directory """
|
||
|
if self.currentMembershipSource:
|
||
|
self.currentMembershipSource.goHome(REQUEST, RESPONSE)
|
||
|
|
||
|
|
||
|
#
|
||
|
# Membership method of changing user properties
|
||
|
#
|
||
|
|
||
|
def manage_changeProps(self, REQUEST):
|
||
|
""" Change Properties """
|
||
|
if self.currentMembershipSource:
|
||
|
return self.currentMembershipSource.changeProperties(REQUEST)
|
||
|
else:
|
||
|
|
||
|
return self.MessageDialog(self,REQUEST,
|
||
|
title = 'This is a test',
|
||
|
message= 'This was a test',
|
||
|
action = '..')
|
||
|
|
||
|
|
||
|
#
|
||
|
# Membership method of adding a new user.
|
||
|
# If everything goes well the membership plugin calls manage_addUser()
|
||
|
#
|
||
|
|
||
|
def manage_signupUser(self, REQUEST):
|
||
|
""" Signup a new user """
|
||
|
""" This is seperate so you can add users using the normal """
|
||
|
""" interface w/o going through membership policy """
|
||
|
|
||
|
username=self.reqattr(REQUEST,'username')
|
||
|
roles=self.reqattr(REQUEST,'roles')
|
||
|
|
||
|
if not username:
|
||
|
return self.MessageDialog(self,REQUEST=REQUEST,
|
||
|
title ='Illegal value',
|
||
|
message='A username must be specified',
|
||
|
action ='manage_main')
|
||
|
|
||
|
if (self.getUser(username) or
|
||
|
(self._emergency_user and
|
||
|
username == self._emergency_user.getUserName())):
|
||
|
return self.MessageDialog(self,REQUEST=REQUEST,
|
||
|
title ='Illegal value',
|
||
|
message='A user with the specified name already exists',
|
||
|
action ='manage_main')
|
||
|
|
||
|
if self.currentMembershipSource:
|
||
|
return self.currentMembershipSource.createUser(REQUEST)
|
||
|
|
||
|
#
|
||
|
# Membership method of changing passwords
|
||
|
#
|
||
|
def manage_changePassword(self, REQUEST):
|
||
|
""" Change a password """
|
||
|
if self.currentMembershipSource:
|
||
|
return self.currentMembershipSource.changePassword(REQUEST)
|
||
|
|
||
|
#
|
||
|
# User says they can't remember their password
|
||
|
#
|
||
|
def manage_forgotPassword(self, REQUEST):
|
||
|
""" So something about forgetting your password """
|
||
|
if self.currentMembershipSource:
|
||
|
return self.currentMembershipSource.forgotPassword(REQUEST)
|
||
|
|
||
|
def __creatable_by_emergency_user__(self): return 1
|
||
|
|
||
|
def manage_addUser(self, REQUEST):
|
||
|
""" Add a New User """
|
||
|
username=self.reqattr(REQUEST,'username')
|
||
|
password=self.reqattr(REQUEST,'password')
|
||
|
password_confirm=self.reqattr(REQUEST,'password_confirm')
|
||
|
roles=self.reqattr(REQUEST,'roles')
|
||
|
groups=self.reqattr(REQUEST, 'groupnames', [])
|
||
|
|
||
|
if not username:
|
||
|
return self.MessageDialog(self,REQUEST=REQUEST,
|
||
|
title ='Illegal value',
|
||
|
message='A username must be specified',
|
||
|
action ='manage_main')
|
||
|
|
||
|
if not password or not password_confirm:
|
||
|
return self.MessageDialog(self,REQUEST=REQUEST,
|
||
|
title ='Illegal value',
|
||
|
message='Password and confirmation must be specified',
|
||
|
action ='manage_main')
|
||
|
|
||
|
if (self.getUser(username) or
|
||
|
(self._emergency_user and
|
||
|
username == self._emergency_user.getUserName())):
|
||
|
return self.MessageDialog(self,REQUEST=REQUEST,
|
||
|
title ='Illegal value',
|
||
|
message='A user with the specified name already exists',
|
||
|
action ='manage_main')
|
||
|
|
||
|
if (password or password_confirm) and (password != password_confirm):
|
||
|
return self.MessageDialog(self,REQUEST=REQUEST,
|
||
|
title ='Illegal value',
|
||
|
message='Password and confirmation do not match',
|
||
|
action ='manage_main')
|
||
|
|
||
|
self._doAddUser(username, password, roles, domains='', groups=groups, REQUEST=REQUEST)
|
||
|
#
|
||
|
# Explicitly check our contents, do not just acquire postUserCreate
|
||
|
#
|
||
|
if 'postUserCreate' in self.objectIds():
|
||
|
self.postUserCreate(self, REQUEST)
|
||
|
|
||
|
return self.MessageDialog(self,REQUEST=REQUEST,
|
||
|
title = 'User Created',
|
||
|
message= 'User %s was created.'%(username),
|
||
|
action = 'manage_main')
|
||
|
|
||
|
def _doAddUser(self, name, password, roles, domains='', groups=(), **kw):
|
||
|
""" For programatically adding simple users """
|
||
|
self.currentAuthSource.createUser(name, password, roles)
|
||
|
if self.currentPropSource:
|
||
|
# copy items not in kw from REQUEST
|
||
|
REQUEST = kw.get('REQUEST', self.REQUEST)
|
||
|
map(kw.setdefault, REQUEST.keys(), REQUEST.values())
|
||
|
self.currentPropSource.createUser(name, kw)
|
||
|
|
||
|
def _doChangeUser(self, name, password, roles, domains='', groups=(), **kw):
|
||
|
self.currentAuthSource.updateUser(name, password, roles)
|
||
|
if self.currentPropSource:
|
||
|
# copy items not in kw from REQUEST
|
||
|
REQUEST = kw.get('REQUEST', self.REQUEST)
|
||
|
map(kw.setdefault, REQUEST.keys(), REQUEST.values())
|
||
|
self.currentPropSource.updateUser(name, kw)
|
||
|
# We may have updated roles or passwords... flush the user...
|
||
|
self.cache_removeUser(name)
|
||
|
self.xcache_removeUser(name)
|
||
|
|
||
|
def _doDelUsers(self, names):
|
||
|
self.deleteUsers(names)
|
||
|
|
||
|
def _createInitialUser(self):
|
||
|
if len(self.getUserNames()) <= 1:
|
||
|
info = readUserAccessFile('inituser')
|
||
|
if info:
|
||
|
name, password, domains, remote_user_mode = info
|
||
|
self._doAddUser(name, password, ('Manager',), domains)
|
||
|
|
||
|
|
||
|
def getUsers(self):
|
||
|
"""Return a list of user objects or [] if no users exist"""
|
||
|
data=[]
|
||
|
try:
|
||
|
items=self.listUsers()
|
||
|
for people in items:
|
||
|
user=User({'name': people['username'],
|
||
|
'password': people['password'],
|
||
|
'roles': people['roles'],
|
||
|
'domains': ''},
|
||
|
self.currentPropSource,
|
||
|
self.cryptPassword,
|
||
|
self.currentAuthSource,
|
||
|
self.currentGroupSource)
|
||
|
data.append(user)
|
||
|
except:
|
||
|
import traceback
|
||
|
traceback.print_exc()
|
||
|
pass
|
||
|
|
||
|
return data
|
||
|
|
||
|
getUsers__roles__=('Anonymous','Authenticated')
|
||
|
|
||
|
def getUser(self, name):
|
||
|
"""Return the named user object or None if no such user exists"""
|
||
|
user = self.cache_getUser(name, '', 0)
|
||
|
#zLOG.LOG('exUserFolder.getUser', zLOG.PANIC, 'cache_getUser(%s)=%s' % (name,user))
|
||
|
if user:
|
||
|
return user
|
||
|
try:
|
||
|
items=self.listOneUser(name)
|
||
|
#zLOG.LOG('exUserFolder.getUser', zLOG.PANIC, 'listOneUser=%s' % items)
|
||
|
except:
|
||
|
zLOG.LOG("exUserFolder", zLOG.ERROR,
|
||
|
"error trying to list user %s" % name,
|
||
|
'',
|
||
|
sys.exc_info())
|
||
|
return None
|
||
|
|
||
|
if not items:
|
||
|
return None
|
||
|
|
||
|
for people in items:
|
||
|
user = User({'name': people['username'],
|
||
|
'password':people['password'],
|
||
|
'roles': people['roles'],
|
||
|
'domains': ''},
|
||
|
self.currentPropSource,
|
||
|
self.cryptPassword,
|
||
|
self.currentAuthSource,
|
||
|
self.currentGroupSource)
|
||
|
return user
|
||
|
return None
|
||
|
|
||
|
def manage_userActions(self, submit=None, userids=None, REQUEST={}):
|
||
|
""" Do things to users """
|
||
|
if submit==' Add ':
|
||
|
if hasattr(self.currentAuthSource,'manage_addUserForm'):
|
||
|
return self.currentAuthSource.manage_addUserForm(self, REQUEST)
|
||
|
else:
|
||
|
return self.manage_addUserForm(self, REQUEST)
|
||
|
if submit==' Delete ':
|
||
|
self.deleteUsers(userids)
|
||
|
return self.MessageDialog(self,REQUEST=REQUEST,
|
||
|
title ='Users Deleted',
|
||
|
message='Selected Users have been deleted',
|
||
|
action =REQUEST['URL1']+'/manage_main',
|
||
|
target ='manage_main')
|
||
|
|
||
|
if REQUEST:
|
||
|
return self.manage_main(self,REQUEST)
|
||
|
return ''
|
||
|
|
||
|
def identify(self, auth):
|
||
|
# Identify the username and password. This is where new modes should
|
||
|
# be called from, and if pluggable modes ever take shape, here ya go!
|
||
|
|
||
|
if self.cookie_mode and not auth:
|
||
|
# The identify signature does not include the request, sadly.
|
||
|
# I think that's dumb.
|
||
|
request = self.REQUEST
|
||
|
response = request.RESPONSE
|
||
|
|
||
|
if request.has_key('__ac_name') and request.has_key('__ac_password'):
|
||
|
return request['__ac_name'], request['__ac_password']
|
||
|
elif request.has_key('__ac') and self.cookie_mode == 1:
|
||
|
return self.decodeBasicCookie(request, response)
|
||
|
elif request.has_key('__aca') and self.cookie_mode == 2:
|
||
|
return self.decodeAdvancedCookie(request, response)
|
||
|
|
||
|
if auth and lower(auth[:6]) == 'basic ':
|
||
|
return tuple(split(decodestring(split(auth)[-1]), ':', 1))
|
||
|
|
||
|
return None, None
|
||
|
|
||
|
def decodeUserCookie(self, request, response):
|
||
|
return self.identify('')
|
||
|
|
||
|
def validate(self, request, auth='', roles=_noroles):
|
||
|
"""
|
||
|
Perform identification, authentication, and authorization.
|
||
|
"""
|
||
|
# Called at each web request
|
||
|
#zLOG.LOG('exUserFolder', zLOG.PANIC, 'validate')
|
||
|
v = request['PUBLISHED']
|
||
|
a, c, n, v = self._getobcontext(v, request)
|
||
|
|
||
|
name, password = self.identify(auth) # decode cookie, and raises LoginRequired if no ident info
|
||
|
# password is the cleartext passwd
|
||
|
# zLOG.LOG('exUserFolder', zLOG.DEBUG, 'identify returned %s, %s' % (name, password))
|
||
|
|
||
|
response = request.RESPONSE
|
||
|
if name is not None:
|
||
|
try:
|
||
|
xcached_user = self.xcache_getUser(name)
|
||
|
#zLOG.LOG('exUserFolder.validate', zLOG.PANIC, 'xcached_user=%s' % xcached_user)
|
||
|
if xcached_user:
|
||
|
#zLOG.LOG('exUserFolder.validate', zLOG.PANIC, 'returning None')
|
||
|
return None
|
||
|
except:
|
||
|
zLOG.LOG('exUserFolder', zLOG.ERROR,
|
||
|
"error while looking up '%s' on the xcache" % name,
|
||
|
'',
|
||
|
sys.exc_info())
|
||
|
|
||
|
user = self.authenticate(name, password, request)
|
||
|
#zLOG.LOG('exUserFolder.validate', zLOG.PANIC, 'user=%s' % user)
|
||
|
if user is None:
|
||
|
# If it's none, because there's no user by that name,
|
||
|
# don't raise a login, allow it to go higher...
|
||
|
# This kinda breaks for people putting in the wrong username
|
||
|
# when the Folder above uses a different auth method.
|
||
|
# But it doesn't lock Manager users out inside Zope.
|
||
|
# Perhaps this should be a tunable.
|
||
|
|
||
|
# modified by Emmanuel
|
||
|
try:
|
||
|
lou = self.listOneUser(name)
|
||
|
except:
|
||
|
lou = None
|
||
|
if lou:
|
||
|
self.challenge(request, response, 'login_failed', auth)
|
||
|
return None
|
||
|
self.remember(name, password, request)
|
||
|
self.cache_addToCache(name, password, user)
|
||
|
emergency = self._emergency_user
|
||
|
if emergency and user is emergency:
|
||
|
if self._isTop():
|
||
|
return emergency.__of__(self)
|
||
|
else:
|
||
|
return None
|
||
|
if self.authorize(user, a, c, n, v, roles):
|
||
|
return user.__of__(self)
|
||
|
if self._isTop() and self.authorize(self._nobody, a, c, n, v, roles):
|
||
|
return self._nobody.__of__(self)
|
||
|
self.challenge(request, response, 'unauthorized')
|
||
|
return None
|
||
|
else:
|
||
|
if self.sessionTracking and self.currentPropSource:
|
||
|
user = self.createAnonymousUser(request, response)
|
||
|
if self.authorize(user, a, c, n, v, roles):
|
||
|
return user.__of__(self)
|
||
|
if self.authorize(self._nobody, a, c, n, v, roles):
|
||
|
if self._isTop():
|
||
|
return self._nobody.__of__(self)
|
||
|
else:
|
||
|
return None
|
||
|
else:
|
||
|
self.challenge(request, response, None, auth)
|
||
|
return None
|
||
|
|
||
|
def authenticate(self, name, password, request):
|
||
|
#zLOG.LOG('exUserFolder.authenticate', zLOG.PANIC, '%s %s' % (name, password))
|
||
|
emergency = self._emergency_user
|
||
|
if emergency and name == emergency.getUserName():
|
||
|
return emergency
|
||
|
try:
|
||
|
user = self.cache_getUser(name, password)
|
||
|
#zLOG.LOG('exUserFolder.authenticate', zLOG.PANIC, 'cache_getUser=%s' % user)
|
||
|
if user:
|
||
|
return user
|
||
|
except SessionExpiredException:
|
||
|
if self.idleTimeout:
|
||
|
self.logout(request)
|
||
|
self.challenge(request, request.RESPONSE, 'session_expired')
|
||
|
return None
|
||
|
user = self.getUser(name)
|
||
|
#zLOG.LOG('exUserFolder.authenticate', zLOG.PANIC, 'getUser=%s' % user)
|
||
|
if user is not None:
|
||
|
if user.authenticate(self.currentAuthSource.listOneUser,
|
||
|
password,
|
||
|
request,
|
||
|
self.currentAuthSource.remoteAuthMethod):
|
||
|
return user
|
||
|
return None
|
||
|
|
||
|
def challenge(self, request, response, reason_code='unauthorized',
|
||
|
auth=''):
|
||
|
# Give whatever mode we're in a chance to challenge the validation
|
||
|
# failure. We do this to preserve LoginRequired behavior. The
|
||
|
# other thing we could do is let the None propagate on up and patch
|
||
|
# the request's unauthorized method to
|
||
|
|
||
|
if self.cookie_mode and not auth:
|
||
|
zLOG.LOG('exUserFolder', zLOG.DEBUG, 'raising LoginRequired for %s' % reason_code)
|
||
|
if reason_code == 'login_failed':
|
||
|
response.expireCookie('__ac', path='/')
|
||
|
response.expireCookie('__aca', path='/')
|
||
|
if reason_code:
|
||
|
request.set('authFailedCode', reason_code)
|
||
|
raise LoginRequired(self.docLogin(self, request))
|
||
|
else:
|
||
|
zLOG.LOG('exUserFolder', zLOG.DEBUG, 'not raising LoginRequired for %s' % reason_code)
|
||
|
|
||
|
def remember(self, name, password, request):
|
||
|
response = request.RESPONSE
|
||
|
if self.cookie_mode == 1:
|
||
|
self.setBasicCookie(name, password, request, response)
|
||
|
elif self.cookie_mode == 2:
|
||
|
self.setAdvancedCookie(name, password, request, response)
|
||
|
|
||
|
if self.cookie_mode:
|
||
|
try:
|
||
|
del request.form['__ac_name']
|
||
|
del request.form['__ac_password']
|
||
|
except KeyError:
|
||
|
pass
|
||
|
|
||
|
def makeRedirectPath(self):
|
||
|
REQUEST=self.REQUEST
|
||
|
if not REQUEST.has_key('destination'):
|
||
|
script=REQUEST['SCRIPT_NAME']
|
||
|
pathinfo=REQUEST['PATH_INFO']
|
||
|
redirectstring=script+pathinfo
|
||
|
if REQUEST.has_key('QUERY_STRING'):
|
||
|
querystring='?'+quote(REQUEST['QUERY_STRING'])
|
||
|
redirectstring=redirectstring+querystring
|
||
|
|
||
|
REQUEST['destination']=redirectstring
|
||
|
|
||
|
def redirectToLogin(self, REQUEST):
|
||
|
""" Allow methods to call from Web """
|
||
|
script=''
|
||
|
pathinfo=''
|
||
|
querystring=''
|
||
|
redirectstring=''
|
||
|
authFailedCode=''
|
||
|
|
||
|
if not REQUEST.has_key('destination'):
|
||
|
if self.currentMembershipSource:
|
||
|
redirectstring = self.currentMembershipSource.getLoginDestination(REQUEST)
|
||
|
else:
|
||
|
script=REQUEST['SCRIPT_NAME']
|
||
|
pathinfo=REQUEST['PATH_INFO']
|
||
|
redirectstring=script+pathinfo
|
||
|
if REQUEST.has_key('QUERY_STRING'):
|
||
|
querystring='?'+REQUEST['QUERY_STRING']
|
||
|
redirectstring=redirectstring+querystring
|
||
|
|
||
|
REQUEST['destination']=redirectstring
|
||
|
|
||
|
|
||
|
if REQUEST.has_key('authFailedCode'):
|
||
|
authFailedCode='&authFailedCode='+REQUEST['authFailedCode']
|
||
|
|
||
|
|
||
|
|
||
|
if self.currentMembershipSource and self.currentMembershipSource.loginPage:
|
||
|
try:
|
||
|
REQUEST.RESPONSE.redirect('%s/%s?destination=%s%s'%(self.currentMembershipSource.baseURL, self.currentMembershipSource.loginPage,REQUEST['destination'],authFailedCode))
|
||
|
return
|
||
|
except:
|
||
|
pass
|
||
|
return self.docLogin(self,REQUEST)
|
||
|
|
||
|
def decodeBasicCookie(self, request, response):
|
||
|
c=request['__ac']
|
||
|
c=unquote(c)
|
||
|
try:
|
||
|
c=decodestring(c)
|
||
|
except:
|
||
|
response.expireCookie('__ac', path='/')
|
||
|
raise LoginRequired(self.docLogin(self, request))
|
||
|
|
||
|
name,password=tuple(split(c, ':', 1))
|
||
|
return name, password
|
||
|
|
||
|
def decodeAdvancedCookie(self, request, response):
|
||
|
c = ''
|
||
|
try:
|
||
|
c = request['__aca']
|
||
|
c = unquote(c)
|
||
|
except:
|
||
|
response.expireCookie('__aca', path='/')
|
||
|
response.expireCookie('__ac', path='/') # Precaution
|
||
|
response.flush()
|
||
|
raise LoginRequired(self.docLogin(self, request))
|
||
|
|
||
|
u = self.cache_getCookieCacheUser(c)
|
||
|
if u:
|
||
|
return u
|
||
|
|
||
|
response.expireCookie('__aca', path='/')
|
||
|
response.expireCookie('__ac', path='/') # Precaution
|
||
|
response.flush()
|
||
|
raise LoginRequired(self.docLogin(self, request))
|
||
|
|
||
|
def setBasicCookie(self, name, password, request, response):
|
||
|
token='%s:%s' % (name, password)
|
||
|
token=encodestring(token)
|
||
|
token=quote(token)
|
||
|
response.setCookie('__ac', token, path='/')
|
||
|
request['__ac']=token
|
||
|
|
||
|
def setAdvancedCookie(self, name, password, request, response):
|
||
|
xufid = self._p_oid
|
||
|
hash = encodestring(sha.new('%s%s%f%f%s'%(
|
||
|
name, password, time(), random.random(), str(request))).digest())
|
||
|
token=quote(hash)
|
||
|
response.setCookie('__aca', token, path='/')
|
||
|
response.flush()
|
||
|
request['__aca']=token
|
||
|
self.cache_addToCookieCache(name, password, hash)
|
||
|
|
||
|
def setAnonCookie(self, name, request, resp):
|
||
|
token='%s:%s' % (name, '')
|
||
|
token=encodestring(token)
|
||
|
token=quote(token)
|
||
|
resp.setCookie('__ac', token, path='/')
|
||
|
request['__ac']=token
|
||
|
|
||
|
def createAnonymousUser(self, request, resp):
|
||
|
aName=createTempName()
|
||
|
bogusREQUEST={}
|
||
|
bogusREQUEST['user_realname']='Guest User'
|
||
|
self.currentPropSource.createUser(aName, bogusREQUEST)
|
||
|
ob = AnonUser(aName, [], self.currentPropSource)
|
||
|
ob = ob.__of__(self)
|
||
|
self.cache_addToCache(aName, '', ob)
|
||
|
self.setAnonCookie(aName, request, resp)
|
||
|
return ob
|
||
|
|
||
|
def manage_edit(self, cookie_mode, session_length, sessionTracking=None,
|
||
|
idleTimeout=0, not_session_length=0,
|
||
|
title=None,
|
||
|
REQUEST=None):
|
||
|
"""Change properties"""
|
||
|
|
||
|
self.cookie_mode=cookie_mode
|
||
|
self.sessionLength=session_length
|
||
|
self.notSessionLength=not_session_length
|
||
|
self.sessionTracking=sessionTracking
|
||
|
self.idleTimeout=idleTimeout
|
||
|
if title:
|
||
|
self.title = title
|
||
|
|
||
|
if REQUEST:
|
||
|
return self.MessageDialog(self,REQUEST=REQUEST,
|
||
|
title ='exUserFolder Changed',
|
||
|
message='exUserFolder properties have been updated',
|
||
|
action =REQUEST['URL1']+'/manage_main',
|
||
|
target ='manage_main')
|
||
|
|
||
|
def logout(self, REQUEST):
|
||
|
"""Logout"""
|
||
|
try:
|
||
|
self.cache_removeUser(REQUEST['AUTHENTICATED_USER'].getUserName())
|
||
|
except:
|
||
|
pass
|
||
|
|
||
|
REQUEST['RESPONSE'].expireCookie('__ac', path='/')
|
||
|
REQUEST.cookies['__ac']=''
|
||
|
try:
|
||
|
acc = REQUEST['__aca']
|
||
|
self.cache_removeCookieCacheUser(acc)
|
||
|
REQUEST.cookies['__aca']=''
|
||
|
except:
|
||
|
pass
|
||
|
REQUEST['RESPONSE'].expireCookie('__aca', path='/')
|
||
|
|
||
|
|
||
|
|
||
|
return self.docLogout(self, REQUEST)
|
||
|
|
||
|
#
|
||
|
# Methods to be supplied by Auth Source
|
||
|
#
|
||
|
def deleteUsers(self, userids):
|
||
|
self.currentAuthSource.deleteUsers(userids)
|
||
|
|
||
|
# Comment out to use Andreas' pgSchema
|
||
|
if self.currentPropSource:
|
||
|
self.currentPropSource.deleteUsers(userids)
|
||
|
|
||
|
if self.currentGroupSource:
|
||
|
self.currentGroupSource.deleteUsers(userids)
|
||
|
|
||
|
|
||
|
def listUsers(self):
|
||
|
return self.currentAuthSource.listUsers()
|
||
|
|
||
|
def user_names(self):
|
||
|
return self.currentAuthSource.listUserNames()
|
||
|
|
||
|
def getUserNames(self):
|
||
|
return self.currentAuthSource.listUserNames()
|
||
|
|
||
|
def listOneUser(self,username):
|
||
|
return self.currentAuthSource.listOneUser(username)
|
||
|
|
||
|
def cryptPassword(self, username, password):
|
||
|
if hasattr(aq_base(self.currentAuthSource), 'cryptPassword'):
|
||
|
return self.currentAuthSource.cryptPassword(username, password)
|
||
|
|
||
|
if hasattr(self, 'cryptoId'):
|
||
|
return self.cryptoSources[self.cryptoId].plugin(self, username, password)
|
||
|
return self.cryptoSources['Crypt'].plugin(self, username, password)
|
||
|
|
||
|
def PropertyEditor(self):
|
||
|
""" """
|
||
|
if self.REQUEST.has_key(self.REQUEST['propName']):
|
||
|
return PropertyEditor.EditMethods[self.REQUEST['propType']](self.REQUEST['propName'], self.REQUEST[self.REQUEST['propName']])
|
||
|
return PropertyEditor.EditMethods[self.REQUEST['propType']](self.REQUEST['propName'], None)
|
||
|
|
||
|
def PropertyView(self):
|
||
|
""" """
|
||
|
if self.REQUEST.has_key(self.REQUEST['propName']):
|
||
|
return PropertyEditor.ViewMethods[self.REQUEST['propType']](self.REQUEST['propName'], self.REQUEST[self.REQUEST['propName']])
|
||
|
return PropertyEditor.ViewMethods[self.REQUEST['propType']](self.REQUEST['propName'], None)
|
||
|
|
||
|
def manage_addUserProperty(self, username, propName, propValue, REQUEST):
|
||
|
""" add a new property """
|
||
|
self.currentPropSource.setUserProperty(propName, username, propValue)
|
||
|
if hasattr(self.currentAuthSource,'manage_editUserForm'):
|
||
|
return self.currentAuthSource.manage_editUserForm(self, REQUEST)
|
||
|
else:
|
||
|
return self.manage_editUserForm(self,REQUEST)
|
||
|
|
||
|
def getUserCacheStats(self):
|
||
|
""" Stats """
|
||
|
if self.sessionLength:
|
||
|
if self.cache_getCacheStats()['attempts']:
|
||
|
return self.cache_getCacheStats()
|
||
|
return None
|
||
|
|
||
|
def getUserCacheUsers(self):
|
||
|
""" Current Users """
|
||
|
if self.sessionLength:
|
||
|
return self.cache_getCurrentUsers()
|
||
|
return None
|
||
|
|
||
|
def userFolderAddGroup(self, groupname, title='', **kw):
|
||
|
"""Creates a group"""
|
||
|
if self.currentGroupSource:
|
||
|
apply(self.currentGroupSource.addGroup, (groupname, title), kw)
|
||
|
|
||
|
def userFolderDelGroups(self, groupnames):
|
||
|
"""Deletes groups"""
|
||
|
if self.currentGroupSource:
|
||
|
for groupname in groupnames:
|
||
|
self.currentGroupSource.delGroup(groupname)
|
||
|
|
||
|
def getGroupNames(self):
|
||
|
"""Returns a list of group names"""
|
||
|
if self.currentGroupSource:
|
||
|
return self.currentGroupSource.listGroups()
|
||
|
else:
|
||
|
return []
|
||
|
|
||
|
|
||
|
def getGroupById(self, groupname, default=_marker):
|
||
|
"""Returns the given group"""
|
||
|
if self.currentGroupSource:
|
||
|
group = self.currentGroupSource.getGroup(groupname, default)
|
||
|
if group:
|
||
|
return group.__of__(self)
|
||
|
else:
|
||
|
return None
|
||
|
|
||
|
def setUsersOfGroup(self, usernames, groupname):
|
||
|
"""Sets the users of the group"""
|
||
|
if self.currentGroupSource:
|
||
|
return self.currentGroupSource.setUsersOfGroup(usernames, groupname)
|
||
|
|
||
|
def addUsersToGroup(self, usernames, groupname):
|
||
|
"""Adds users to a group"""
|
||
|
if self.currentGroupSource:
|
||
|
return self.currentGroupSource.addUsersToGroup(usernames, groupname)
|
||
|
|
||
|
def delUsersFromGroup(self, usernames, groupname):
|
||
|
"""Deletes users from a group"""
|
||
|
if self.currentGroupSource:
|
||
|
return self.currentGroupSource.delUsersFromGroup(usernames, groupname)
|
||
|
|
||
|
def setGroupsOfUser(self, groupnames, username):
|
||
|
"""Sets the groups of a user"""
|
||
|
if self.currentGroupSource:
|
||
|
return self.currentGroupSource.setGroupsOfUser(groupnames, username)
|
||
|
|
||
|
def addGroupsOfUser(self, groupnames, username):
|
||
|
"""Add groups to a user"""
|
||
|
if self.currentGroupSource:
|
||
|
return self.currentGroupSource.addGroupsToUser(groupnames, username)
|
||
|
|
||
|
def delGroupsOfUser(self, groupnames, username):
|
||
|
"""Deletes groups from a user"""
|
||
|
if self.currentGroupSource:
|
||
|
return self.currentGroupSource.delGroupsFromUser(groupnames, username)
|
||
|
|
||
|
# We lie.
|
||
|
def hasUsers(self):
|
||
|
return 1
|
||
|
|
||
|
|
||
|
def doAuthSourceForm(self,authId):
|
||
|
""" la de da """
|
||
|
return exUserFolder.authSources[authId].manage_addForm
|
||
|
|
||
|
def doPropSourceForm(self,propId):
|
||
|
""" la de da """
|
||
|
return exUserFolder.propSources[propId].manage_addForm
|
||
|
|
||
|
def doMembershipSourceForm(self, memberId):
|
||
|
""" doot de doo """
|
||
|
return exUserFolder.membershipSources[memberId].manage_addForm
|
||
|
|
||
|
#def doGroupSourceForm(self,groupId):
|
||
|
# """ la de da """
|
||
|
# return exUserFolder.groupSources[groupId].manage_addForm
|
||
|
|
||
|
def getAuthSources(self):
|
||
|
""" Hrm I need a docstring """
|
||
|
l=[]
|
||
|
for o in exUserFolder.authSources.keys():
|
||
|
l.append(
|
||
|
exUserFolder.authSources[o]
|
||
|
)
|
||
|
return l
|
||
|
|
||
|
def getPropSources(self):
|
||
|
""" Hrm I need a docstring """
|
||
|
l=[]
|
||
|
for o in exUserFolder.propSources.keys():
|
||
|
l.append(
|
||
|
exUserFolder.propSources[o]
|
||
|
)
|
||
|
return l
|
||
|
|
||
|
def getMembershipSources(self):
|
||
|
""" Hrm I need a docstring """
|
||
|
l=[]
|
||
|
for o in exUserFolder.membershipSources.keys():
|
||
|
l.append(
|
||
|
exUserFolder.membershipSources[o]
|
||
|
)
|
||
|
return l
|
||
|
|
||
|
def getGroupSources(self):
|
||
|
""" Hrm I need a docstring """
|
||
|
return [] # UNUSED by ScoDoc: empty
|
||
|
|
||
|
def getCryptoSources(self):
|
||
|
""" Doc String """
|
||
|
l = []
|
||
|
for o in exUserFolder.cryptoSources.keys():
|
||
|
l.append(
|
||
|
exUserFolder.cryptoSources[o]
|
||
|
)
|
||
|
return l
|
||
|
|
||
|
def MailHostIDs(self):
|
||
|
"""Find SQL database connections in the current folder and above
|
||
|
|
||
|
This function return a list of ids.
|
||
|
"""
|
||
|
return [] # UNUSED BY SCODOC
|
||
|
|
||
|
from types import ListType, IntType, LongType, FloatType, NoneType, DictType, StringType
|
||
|
|
||
|
def getVariableType(self, o):
|
||
|
|
||
|
if type(o) == ListType:
|
||
|
return 'List'
|
||
|
if type(o) == IntType:
|
||
|
return 'Int'
|
||
|
if type(o) == LongType:
|
||
|
return 'Long'
|
||
|
if type(o) == FloatType:
|
||
|
return 'Float'
|
||
|
if type(o) == NoneType:
|
||
|
return 'None'
|
||
|
if type(o) == DictType:
|
||
|
return 'Dict'
|
||
|
if type(o) == StringType:
|
||
|
return 'String'
|
||
|
return 'Unknown or Restricted'
|
||
|
|
||
|
_postUserCreate='''
|
||
|
<dtml-comment>
|
||
|
Replace this method with whatever you want to do
|
||
|
when a user is created, you can use a Python Script,
|
||
|
or External Method, or keep it as a DTML Method if you
|
||
|
want to
|
||
|
</dtml-comment>
|
||
|
'''
|