Back to index

plone3  3.1.7
HTTPBasicAuthHelper.py
Go to the documentation of this file.
00001 ##############################################################################
00002 #
00003 # Copyright (c) 2001 Zope Corporation and Contributors. All Rights
00004 # Reserved.
00005 #
00006 # This software is subject to the provisions of the Zope Public License,
00007 # Version 2.1 (ZPL).  A copy of the ZPL should accompany this
00008 # distribution.
00009 # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
00010 # WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
00011 # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
00012 # FOR A PARTICULAR PURPOSE.
00013 #
00014 ##############################################################################
00015 """ Class: HTTPBasicAuthHelper
00016 
00017 $Id: HTTPBasicAuthHelper.py 70851 2006-10-20 19:25:56Z jens $
00018 """
00019 
00020 from zExceptions import Unauthorized
00021 
00022 from AccessControl.SecurityInfo import ClassSecurityInfo
00023 from App.class_init import default__class_init__ as InitializeClass
00024 
00025 from zope.interface import Interface
00026 
00027 from Products.PageTemplates.PageTemplateFile import PageTemplateFile
00028 from Products.PluggableAuthService.interfaces.plugins import \
00029         ILoginPasswordHostExtractionPlugin
00030 from Products.PluggableAuthService.interfaces.plugins import \
00031         IChallengePlugin
00032 from Products.PluggableAuthService.interfaces.plugins import \
00033         ICredentialsResetPlugin
00034 from Products.PluggableAuthService.plugins.BasePlugin import BasePlugin
00035 from Products.PluggableAuthService.utils import classImplements
00036 
00037 
00038 manage_addHTTPBasicAuthHelperForm = PageTemplateFile(
00039     'www/hbAdd', globals(), __name__='manage_addHTTPBasicAuthHelperForm' )
00040 
00041 class IHTTPBasicAuthHelper(Interface):
00042     """ Marker interface.
00043     """
00044 
00045 def addHTTPBasicAuthHelper( dispatcher, id, title=None, REQUEST=None ):
00046 
00047     """ Add a HTTP Basic Auth Helper to a Pluggable Auth Service.
00048     """
00049     sp = HTTPBasicAuthHelper( id, title )
00050     dispatcher._setObject( sp.getId(), sp )
00051 
00052     if REQUEST is not None:
00053         REQUEST['RESPONSE'].redirect( '%s/manage_workspace'
00054                                       '?manage_tabs_message='
00055                                       'HTTPBasicAuthHelper+added.'
00056                                     % dispatcher.absolute_url() )
00057 
00058 
00059 class HTTPBasicAuthHelper( BasePlugin ):
00060 
00061     """ Multi-plugin for managing details of HTTP Basic Authentication.
00062     """
00063     meta_type = 'HTTP Basic Auth Helper'
00064 
00065     security = ClassSecurityInfo()
00066 
00067     protocol = "http" # The PAS challenge 'protocol' we use.
00068 
00069     def __init__( self, id, title=None ):
00070         self._setId( id )
00071         self.title = title
00072 
00073     security.declarePrivate( 'extractCredentials' )
00074     def extractCredentials( self, request ):
00075 
00076         """ Extract basic auth credentials from 'request'.
00077         """
00078         creds = {}
00079         login_pw = request._authUserPW()
00080 
00081         if login_pw is not None:
00082             name, password = login_pw
00083 
00084             creds[ 'login' ] = name
00085             creds[ 'password' ] = password
00086             creds[ 'remote_host' ] = request.get('REMOTE_HOST', '')
00087 
00088             try:
00089                 creds[ 'remote_address' ] = request.getClientAddr()
00090             except AttributeError:
00091                 creds[ 'remote_address' ] = ''
00092 
00093         return creds
00094 
00095     security.declarePrivate( 'challenge' )
00096     def challenge( self, request, response, **kw ):
00097 
00098         """ Challenge the user for credentials.
00099         """
00100         realm = response.realm
00101         if realm:
00102             response.addHeader('WWW-Authenticate',
00103                                'basic realm="%s"' % realm)
00104         m = "<strong>You are not authorized to access this resource.</strong>"
00105         if response.debug_mode:
00106             if response._auth:
00107                 m = m + '<p>\nUsername and password are not correct.'
00108             else:
00109                 m = m + '<p>\nNo Authorization header found.'
00110 
00111         response.setBody(m, is_error=1)
00112         response.setStatus(401)
00113         return 1
00114 
00115     security.declarePrivate( 'resetCredentials' )
00116     def resetCredentials( self, request, response ):
00117 
00118         """ Raise unauthorized to tell browser to clear credentials.
00119         """
00120         # XXX:  Does this need to check whether we have an HTTP response?
00121         response.unauthorized()
00122 
00123 classImplements( HTTPBasicAuthHelper
00124                , IHTTPBasicAuthHelper
00125                , ILoginPasswordHostExtractionPlugin
00126                , IChallengePlugin
00127                , ICredentialsResetPlugin
00128                )
00129 
00130 InitializeClass( HTTPBasicAuthHelper )