Back to index

moin  1.9.0~rc2
mysql_group.py
Go to the documentation of this file.
00001 # -*- coding: iso-8859-1 -*-
00002 """
00003     MoinMoin - auth plugin doing a check against MySQL group db
00004 
00005     @copyright: 2006 Nick Phillips,
00006                 2007 MoinMoin:JohannesBerg,
00007                 2008 MoinMoin:ThomasWaldmann
00008     @license: GNU GPL, see COPYING for details.
00009 """
00010 
00011 import MySQLdb
00012 
00013 from MoinMoin import log
00014 logging = log.getLogger(__name__)
00015 
00016 from MoinMoin.auth import BaseAuth, CancelLogin, ContinueLogin
00017 
00018 class MysqlGroupAuth(BaseAuth):
00019     """ Authorize via MySQL group DB.
00020 
00021     We require an already-authenticated user_obj and
00022     check that the user is part of an authorized group.
00023     """
00024     def __init__(self, host, user, passwd, dbname, query):
00025         BaseAuth.__init__(self)
00026         self.mysql_group_query = query
00027         self.host = host
00028         self.user = user
00029         self.passwd = passwd
00030         self.dbname = dbname
00031 
00032     def login(self, request, user_obj, **kw):
00033         _ = request.getText
00034 
00035         logging.debug("got: user_obj=%r" % user_obj)
00036 
00037         if not (user_obj and user_obj.valid):
00038             # No other method succeeded, so we cannot authorize
00039             # but maybe some following auth methods can still "fix" that.
00040             logging.debug("did not get valid user from previous auth method")
00041             return ContinueLogin(user_obj)
00042 
00043         # Got a valid user object - we can do stuff!
00044         logging.debug("got valid user (name=%r) from previous auth method" % user_obj.auth_username)
00045 
00046         # XXX Check auth_username for dodgy chars (should be none as it is authenticated, but...)
00047         # shouldn't really be necessary since execute() quotes them all...
00048 
00049         # OK, now check mysql!
00050         try:
00051             m = MySQLdb.connect(host=self.host, user=self.user,
00052                                 passwd=self.passwd, db=self.dbname)
00053         except:
00054             logging.exception("authorization failed due to exception when connecting to DB, traceback follows...")
00055             return CancelLogin(_('Failed to connect to database.'))
00056 
00057         c = m.cursor()
00058         c.execute(self.mysql_group_query, user_obj.auth_username)
00059         results = c.fetchall()
00060         if results:
00061             # Checked out OK
00062             logging.debug("got %d results -- authorized!" % len(results))
00063             return ContinueLogin(user_obj)
00064         else:
00065             logging.debug("did not get match from DB -- not authorized")
00066             return CancelLogin(_("Invalid username or password."))
00067 
00068     # XXX do we really want this? could it be enough to check when they log in?
00069     # of course then when you change the DB people who are logged in can still do stuff...
00070     def request(self, request, user_obj, **kw):
00071         retval = self.login(request, user_obj, **kw)
00072         return retval.user_obj, retval.continue_flag
00073