Back to index

plone3  3.1.7
Public Member Functions | Static Public Attributes | Private Member Functions | Static Private Attributes
PluggableAuthService.PluggableAuthService.PluggableAuthService Class Reference
Inheritance diagram for PluggableAuthService.PluggableAuthService.PluggableAuthService:
Inheritance graph
[legend]
Collaboration diagram for PluggableAuthService.PluggableAuthService.PluggableAuthService:
Collaboration graph
[legend]

List of all members.

Public Member Functions

def getId
def getUser
def getUserById
def validate
def searchUsers
def searchGroups
def searchPrincipals
def __creatable_by_emergency_user__
def resultsBatch
def all_meta_types
def manage_beforeDelete
def manage_afterAdd
def __call__
def challenge
def hasUsers
def updateCredentials
def logout
def resetCredentials

Static Public Attributes

tuple security = ClassSecurityInfo()
string meta_type = 'Pluggable Auth Service'
int maxlistusers = 1
tuple arrow_right_gif = ImageFile( 'www/arrow-right.gif', globals() )
tuple arrow_left_gif = ImageFile( 'www/arrow-left.gif', globals() )
tuple arrow_up_gif = ImageFile( 'www/arrow-up.gif', globals() )
tuple arrow_down_gif = ImageFile( 'www/arrow-down.gif', globals() )
tuple manage_search = PageTemplateFile('www/pasSearch', globals())
tuple manage_options

Private Member Functions

def _setObject
def _delOb
def _getBatchLink
def _extractUserIds
def _tryEmergencyUserAuthentication
def _getGroupsForPrincipal
def _createAnonymousUser
def _createUser
def _findUser
def _verifyUser
def _authorizeUser
def _isTop
def _getObjectContext
def _getEmergencyUser
def _doAddUser
def _unauthorized
def _cleanupResponse

Static Private Attributes

string _id = 'acl_users'
 _emergency_user = emergency_user
 _nobody = nobody

Detailed Description

All-singing, all-dancing user folder.

Definition at line 175 of file PluggableAuthService.py.


Member Function Documentation

The __before_publishing_traverse__ hook.

Definition at line 991 of file PluggableAuthService.py.

00991 
00992     def __call__(self, container, req):
00993         """ The __before_publishing_traverse__ hook.
00994         """
00995         resp = req['RESPONSE']
00996         req._hold(ResponseCleanup(resp))
00997         stack = getattr(resp, '_unauthorized_stack', [])
00998         stack.append(resp._unauthorized)
00999         resp._unauthorized_stack = stack
01000         resp._unauthorized = self._unauthorized
01001         resp._has_challenged = False

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 422 of file PluggableAuthService.py.

00422 
00423     def __creatable_by_emergency_user__( self ):
00424         return 1

def PluggableAuthService.PluggableAuthService.PluggableAuthService._authorizeUser (   self,
  user,
  accessed,
  container,
  name,
  value,
  roles = _noroles 
) [private]
-> boolean (whether user has roles).

o Add the user to the SM's stack, if successful.

o Return

Definition at line 812 of file PluggableAuthService.py.

00812 
00813                       ):
00814 
00815         """ -> boolean (whether user has roles).
00816 
00817         o Add the user to the SM's stack, if successful.
00818 
00819         o Return
00820         """
00821         user = aq_base( user ).__of__( self )
00822         newSecurityManager( None, user )
00823         security = getSecurityManager()
00824         try:
00825             try:
00826                 if roles is _noroles:
00827                     if security.validate( accessed
00828                                         , container
00829                                         , name
00830                                         , value
00831                                         ):
00832                         return 1
00833                 else:
00834                     if security.validate( accessed
00835                                         , container
00836                                         , name
00837                                         , value
00838                                         , roles
00839                                         ):
00840                         return 1
00841             except:
00842                 noSecurityManager()
00843                 raise
00844 
00845         except Unauthorized:
00846             pass
00847 
00848         return 0
00849 

Here is the caller graph for this function:

Definition at line 1059 of file PluggableAuthService.py.

01059 
01060     def _cleanupResponse(self):
01061         resp = self.REQUEST['RESPONSE']
01062         # No errors of any sort may propagate, and we don't care *what*
01063         # they are, even to log them.
01064         stack = getattr(resp, '_unauthorized_stack', [])
01065 
01066         if stack:
01067             resp._unauthorized = stack.pop()
01068         else:
01069             try:
01070                 del resp._unauthorized
01071             except:
01072                 pass
01073 
01074         return resp

Here is the caller graph for this function:

Allow IAnonymousUserFactoryPlugins to create or fall back.

Definition at line 676 of file PluggableAuthService.py.

00676 
00677     def _createAnonymousUser( self, plugins ):
00678 
00679         """ Allow IAnonymousUserFactoryPlugins to create or fall back.
00680         """
00681         factories = plugins.listPlugins( IAnonymousUserFactoryPlugin )
00682 
00683         for factory_id, factory in factories:
00684 
00685             anon = factory.createAnonymousUser()
00686 
00687             if anon is not None:
00688                 return anon.__of__( self )
00689 
00690         return nobody.__of__( self )

Here is the caller graph for this function:

def PluggableAuthService.PluggableAuthService.PluggableAuthService._createUser (   self,
  plugins,
  user_id,
  name 
) [private]
Allow IUserFactoryPlugins to create, or fall back to default.

Definition at line 692 of file PluggableAuthService.py.

00692 
00693     def _createUser( self, plugins, user_id, name ):
00694 
00695         """ Allow IUserFactoryPlugins to create, or fall back to default.
00696         """
00697         factories = plugins.listPlugins( IUserFactoryPlugin )
00698 
00699         for factory_id, factory in factories:
00700 
00701             user = factory.createUser( user_id, name )
00702 
00703             if user is not None:
00704                 return user.__of__( self )
00705 
00706         return PropertiedUser( user_id, name ).__of__( self )

Here is the caller graph for this function:

Definition at line 434 of file PluggableAuthService.py.

00434 
00435     def _delOb( self, id ):
00436         #
00437         #   Override ObjectManager's version to clean up any plugin
00438         #   registrations for the deleted object
00439         #
00440         plugins = self._getOb( 'plugins', None )
00441 
00442         if plugins is not None:
00443             plugins.removePluginById( id )
00444 
00445         Folder._delOb( self, id )

Here is the call graph for this function:

def PluggableAuthService.PluggableAuthService.PluggableAuthService._doAddUser (   self,
  login,
  password,
  roles,
  domains,
  kw 
) [private]
Create a user with login, password and roles if, and only if,
    we have a registered user manager and role manager that will
    accept specific plugin interfaces.

Definition at line 924 of file PluggableAuthService.py.

00924 
00925     def _doAddUser( self, login, password, roles, domains, **kw ):
00926         """ Create a user with login, password and roles if, and only if,
00927             we have a registered user manager and role manager that will
00928             accept specific plugin interfaces.
00929         """
00930         plugins = self._getOb( 'plugins' )
00931         useradders = plugins.listPlugins( IUserAdderPlugin )
00932         roleassigners = plugins.listPlugins( IRoleAssignerPlugin )
00933 
00934         user = None
00935 
00936         if not (useradders and roleassigners):
00937             raise NotImplementedError( "There are no plugins"
00938                                        " that can create"
00939                                        " users and assign roles to them." )
00940 
00941         for useradder_id, useradder in useradders:
00942             if useradder.doAddUser( login, password ):
00943                 # XXX: Adds user to cache, but without roles...
00944                 user = self.getUser( login )
00945                 break
00946 
00947         # XXX What should we do if no useradder was succesfull?
00948 
00949         for roleassigner_id, roleassigner in roleassigners:
00950             for role in roles:
00951                 try:
00952                     roleassigner.doAssignRoleToPrincipal( user.getId(), role )
00953                 except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
00954                     logger.debug( 'RoleAssigner %s error' % roleassigner_id
00955                                 , exc_info=True
00956                                 )
00957                     pass
00958 
00959         if user is not None:
00960             event.notify(PrincipalCreated(user))
00961 

Here is the call graph for this function:

def PluggableAuthService.PluggableAuthService.PluggableAuthService._extractUserIds (   self,
  request,
  plugins 
) [private]
request -> [ validated_user_id ]

o For each set of extracted credentials, try to authenticate
  a user;  accumulate a list of the IDs of such users over all
  our authentication and extraction plugins.

Definition at line 531 of file PluggableAuthService.py.

00531 
00532     def _extractUserIds( self, request, plugins ):
00533 
00534         """ request -> [ validated_user_id ]
00535 
00536         o For each set of extracted credentials, try to authenticate
00537           a user;  accumulate a list of the IDs of such users over all
00538           our authentication and extraction plugins.
00539         """
00540         try:
00541             extractors = plugins.listPlugins( IExtractionPlugin )
00542         except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
00543             logger.debug('Extractor plugin listing error', exc_info=True)
00544             extractors = ()
00545 
00546         if not extractors:
00547             extractors = ( ( 'default', DumbHTTPExtractor() ), )
00548 
00549         try:
00550             authenticators = plugins.listPlugins( IAuthenticationPlugin )
00551         except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
00552             logger.debug('Authenticator plugin listing error', exc_info=True)
00553             authenticators = ()
00554 
00555         result = []
00556 
00557         for extractor_id, extractor in extractors:
00558 
00559             try:
00560                 credentials = extractor.extractCredentials( request )
00561             except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
00562                 logger.debug( 'ExtractionPlugin %s error' % extractor_id
00563                             , exc_info=True
00564                             )
00565                 continue
00566 
00567             if credentials:
00568 
00569                 try:
00570                     credentials[ 'extractor' ] = extractor_id # XXX: in key?
00571                     # Test if ObjectCacheEntries.aggregateIndex would work
00572                     items = credentials.items()
00573                     items.sort()
00574                 except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
00575                     logger.debug( 'Credentials error: %s' % credentials
00576                                 , exc_info=True
00577                                 )
00578                     continue
00579 
00580                 # First try to authenticate against the emergency
00581                 # user and return immediately if authenticated
00582                 user_id, name = self._tryEmergencyUserAuthentication(
00583                                                             credentials )
00584 
00585                 if user_id is not None:
00586                     return [ ( user_id, name ) ]
00587 
00588                 # Now see if the user ids can be retrieved from the cache
00589                 view_name = createViewName('_extractUserIds', credentials.get('login'))
00590                 keywords = createKeywords(**credentials)
00591                 user_ids = self.ZCacheable_get( view_name=view_name
00592                                               , keywords=keywords
00593                                               , default=None
00594                                               )
00595                 if user_ids is None:
00596                     user_ids = []
00597 
00598                     for authenticator_id, auth in authenticators:
00599 
00600                         try:
00601                             uid_and_info = auth.authenticateCredentials(
00602                                 credentials )
00603 
00604                             if uid_and_info is None:
00605                                 continue
00606 
00607                             user_id, info = uid_and_info
00608 
00609                         except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
00610                             msg = 'AuthenticationPlugin %s error' % ( 
00611                                     authenticator_id, )
00612                             logger.debug(msg, exc_info=True) 
00613                             continue
00614 
00615                         if user_id is not None:
00616                             user_ids.append( (user_id, info) )
00617 
00618                     if user_ids:
00619                         self.ZCacheable_set( user_ids
00620                                            , view_name=view_name
00621                                            , keywords=keywords
00622                                            )
00623 
00624                 result.extend( user_ids )
00625 
00626         # Emergency user via HTTP basic auth always wins
00627         user_id, name = self._tryEmergencyUserAuthentication(
00628                 DumbHTTPExtractor().extractCredentials( request ) )
00629 
00630         if user_id is not None:
00631             return [ ( user_id, name ) ]
00632 
00633         return result

Here is the call graph for this function:

Here is the caller graph for this function:

def PluggableAuthService.PluggableAuthService.PluggableAuthService._findUser (   self,
  plugins,
  user_id,
  name = None,
  request = None 
) [private]
user_id -> decorated_user

Definition at line 708 of file PluggableAuthService.py.

00708 
00709     def _findUser( self, plugins, user_id, name=None, request=None ):
00710 
00711         """ user_id -> decorated_user
00712         """
00713         if user_id == self._emergency_user.getUserName():
00714             return self._emergency_user
00715 
00716         # See if the user can be retrieved from the cache
00717         view_name = createViewName('_findUser', user_id)
00718         keywords = createKeywords(user_id=user_id, name=name)
00719         user = self.ZCacheable_get( view_name=view_name
00720                                   , keywords=keywords
00721                                   , default=None
00722                                   )
00723 
00724         if user is None:
00725 
00726             user = self._createUser( plugins, user_id, name )
00727             propfinders = plugins.listPlugins( IPropertiesPlugin )
00728 
00729             for propfinder_id, propfinder in propfinders:
00730 
00731                 data = propfinder.getPropertiesForUser( user, request )
00732                 if data:
00733                     user.addPropertysheet( propfinder_id, data )
00734 
00735             groups = self._getGroupsForPrincipal( user, request
00736                                                 , plugins=plugins )
00737             user._addGroups( groups )
00738 
00739             rolemakers = plugins.listPlugins( IRolesPlugin )
00740 
00741             for rolemaker_id, rolemaker in rolemakers:
00742 
00743                 roles = rolemaker.getRolesForPrincipal( user, request )
00744 
00745                 if roles:
00746                     user._addRoles( roles )
00747 
00748             user._addRoles( ['Authenticated'] )
00749 
00750             # Cache the user if caching is enabled
00751             base_user = aq_base(user)
00752             if getattr(base_user, '_p_jar', None) is None:
00753                 self.ZCacheable_set( base_user
00754                                    , view_name=view_name
00755                                    , keywords=keywords
00756                                    )
00757 
00758         return user.__of__( self )

Here is the call graph for this function:

Here is the caller graph for this function:

def PluggableAuthService.PluggableAuthService.PluggableAuthService._getBatchLink (   self,
  qs,
  old_start,
  new_start 
) [private]
Internal helper to generate correct query strings

Definition at line 507 of file PluggableAuthService.py.

00507 
00508     def _getBatchLink(self, qs, old_start, new_start):
00509         """ Internal helper to generate correct query strings
00510         """
00511         if new_start is not None:
00512             if not qs:
00513                 qs = 'batch_start=%d' % new_start
00514             elif qs.startswith('batch_start='):
00515                 qs = qs.replace( 'batch_start=%d' % old_start
00516                                , 'batch_start=%d' % new_start
00517                                )
00518             elif qs.find('&batch_start=') != -1:
00519                 qs = qs.replace( '&batch_start=%d' % old_start
00520                                , '&batch_start=%d' % new_start
00521                                )
00522             else:
00523                 qs = '%s&batch_start=%d' % (qs, new_start)
00524 
00525         return qs
00526 

Here is the caller graph for this function:

Definition at line 918 of file PluggableAuthService.py.

00918 
00919     def _getEmergencyUser( self ):
00920 
00921         return emergency_user.__of__( self )
00922 

def PluggableAuthService.PluggableAuthService.PluggableAuthService._getGroupsForPrincipal (   self,
  principal,
  request = None,
  plugins = None,
  ignore_plugins = None 
) [private]

Definition at line 654 of file PluggableAuthService.py.

00654 
00655                               ):
00656         all_groups = {}
00657 
00658         if ignore_plugins is None:
00659             ignore_plugins = ()
00660 
00661         if plugins is None:
00662             plugins = self._getOb( 'plugins' )
00663         groupmakers = plugins.listPlugins( IGroupsPlugin )
00664 
00665         for groupmaker_id, groupmaker in groupmakers:
00666 
00667             if groupmaker_id in ignore_plugins:
00668                 continue
00669             groups = groupmaker.getGroupsForPrincipal( principal, request )
00670             for group in groups:
00671                 principal._addGroups( [ group ] )
00672                 all_groups[ group ] = 1
00673 
00674         return all_groups.keys()

Here is the call graph for this function:

Here is the caller graph for this function:

request -> ( a, c, n, v )

o 'a 'is the object the object was accessed through

o 'c 'is the physical container of the object

o 'n 'is the name used to access the object

o 'v' is the object (value) we're validating access to

o XXX:  Lifted from AccessControl.User.BasicUserFolder._getobcontext

Definition at line 865 of file PluggableAuthService.py.

00865 
00866     def _getObjectContext( self, v, request ):
00867 
00868         """ request -> ( a, c, n, v )
00869 
00870         o 'a 'is the object the object was accessed through
00871 
00872         o 'c 'is the physical container of the object
00873 
00874         o 'n 'is the name used to access the object
00875 
00876         o 'v' is the object (value) we're validating access to
00877 
00878         o XXX:  Lifted from AccessControl.User.BasicUserFolder._getobcontext
00879         """
00880         if len( request.steps ) == 0: # someone deleted root index_html
00881 
00882             request[ 'RESPONSE' ].notFoundError(
00883                 'no default view (root default view was probably deleted)' )
00884 
00885         root = request[ 'PARENTS' ][ -1 ]
00886         request_container = aq_parent( root )
00887 
00888         n = request.steps[ -1 ]
00889 
00890         # default to accessed and container as v.aq_parent
00891         a = c = request[ 'PARENTS' ][ 0 ]
00892 
00893         # try to find actual container
00894         inner = aq_inner( v )
00895         innerparent = aq_parent( inner )
00896 
00897         if innerparent is not None:
00898 
00899             # this is not a method, we needn't treat it specially
00900             c = innerparent
00901 
00902         elif hasattr(v, 'im_self'):
00903 
00904             # this is a method, we need to treat it specially
00905             c = v.im_self
00906             c = aq_inner( v )
00907 
00908         # if pub's aq_parent or container is the request container, it
00909         # means pub was accessed from the root
00910         if a is request_container:
00911             a = root
00912 
00913         if c is request_container:
00914             c = root
00915 
00916         return a, c, n, v

Here is the caller graph for this function:

Are we the user folder in the root object?

Definition at line 851 of file PluggableAuthService.py.

00851 
00852     def _isTop( self ):
00853 
00854         """ Are we the user folder in the root object?
00855         """
00856         try:
00857             parent = aq_base( aq_parent( self ) )
00858             if parent is None:
00859                 return 0
00860             return parent.isTopLevelPrincipiaApplicationObject
00861         except AttributeError:
00862             return 0
00863 

Here is the caller graph for this function:

def PluggableAuthService.PluggableAuthService.PluggableAuthService._setObject (   self,
  id,
  object,
  roles = None,
  user = None,
  set_owner = 0 
) [private]

Definition at line 426 of file PluggableAuthService.py.

00426 
00427     def _setObject( self, id, object, roles=None, user=None, set_owner=0 ):
00428         #
00429         #   Override ObjectManager's version to change the default for
00430         #   'set_owner' (we don't want to enforce ownership on contained
00431         #   objects).
00432         Folder._setObject( self, id, object, roles, user, set_owner )

Here is the caller graph for this function:

credentials -> emergency_user or None

Definition at line 635 of file PluggableAuthService.py.

00635 
00636     def _tryEmergencyUserAuthentication( self, credentials ):
00637 
00638         """ credentials -> emergency_user or None
00639         """
00640         try:
00641             eua = EmergencyUserAuthenticator()
00642             user_id, name = eua.authenticateCredentials( credentials )
00643         except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
00644             logger.debug('Credentials error: %s' % credentials, exc_info=True)
00645             user_id, name = ( None, None )
00646 
00647         return ( user_id, name )

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 1005 of file PluggableAuthService.py.

01005 
01006     def _unauthorized(self):
01007         req = self.REQUEST
01008         resp = req['RESPONSE']
01009         if resp._has_challenged: # Been here already
01010             return
01011         if not self.challenge(req, resp):
01012             # Need to fall back here
01013             resp = self._cleanupResponse()
01014             resp._unauthorized()
01015         else:
01016             resp._has_challenged = True

Here is the call graph for this function:

Here is the caller graph for this function:

def PluggableAuthService.PluggableAuthService.PluggableAuthService._verifyUser (   self,
  plugins,
  user_id = None,
  login = None 
) [private]
user_id -> info_dict or None

Definition at line 760 of file PluggableAuthService.py.

00760 
00761     def _verifyUser( self, plugins, user_id=None, login=None ):
00762 
00763         """ user_id -> info_dict or None
00764         """
00765         criteria = {'exact_match': True}
00766 
00767         if user_id is not None:
00768             criteria[ 'id' ] = user_id
00769 
00770         if login is not None:
00771             criteria[ 'login' ] = login
00772 
00773         if criteria:
00774             view_name = createViewName('_verifyUser', user_id or login)
00775             keywords = createKeywords(**criteria)
00776             cached_info = self.ZCacheable_get( view_name=view_name
00777                                              , keywords=keywords
00778                                              , default=None
00779                                              )
00780 
00781             if cached_info is not None:
00782                 return cached_info
00783 
00784 
00785             enumerators = plugins.listPlugins( IUserEnumerationPlugin )
00786 
00787             for enumerator_id, enumerator in enumerators:
00788                 try:
00789                     info = enumerator.enumerateUsers( **criteria )
00790 
00791                     if info:
00792                         # Put the computed value into the cache
00793                         self.ZCacheable_set( info[0]
00794                                            , view_name=view_name
00795                                            , keywords=keywords
00796                                            )
00797                         return info[0]
00798 
00799                 except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
00800                     msg = 'UserEnumerationPlugin %s error' % enumerator_id
00801                     logger.debug(msg, exc_info=True)
00802 
00803         return None

Here is the call graph for this function:

Here is the caller graph for this function:

What objects can be put in here?

Definition at line 963 of file PluggableAuthService.py.

00963 
00964     def all_meta_types(self):
00965         """ What objects can be put in here?
00966         """
00967         allowed_types = tuple(MultiPlugins) + (RAMCacheManager.meta_type,)
00968 
00969         return [x for x in Products.meta_types if x['name'] in allowed_types]

Definition at line 1017 of file PluggableAuthService.py.

01017 
01018     def challenge(self, request, response):
01019         plugins = self._getOb('plugins')
01020 
01021         # Find valid protocols for this request type
01022         valid_protocols = []
01023         choosers = []
01024         try:
01025             choosers = plugins.listPlugins( IChallengeProtocolChooser )
01026         except KeyError:
01027             # Work around the fact that old instances might not have
01028             # IChallengeProtocolChooser registered with the
01029             # PluginRegistry.
01030             pass
01031 
01032         for chooser_id, chooser in choosers:
01033             choosen = chooser.chooseProtocols(request)
01034             if choosen is None:
01035                 continue
01036             valid_protocols.extend(choosen)
01037 
01038         # Go through all challenge plugins
01039         challengers = plugins.listPlugins( IChallengePlugin )
01040 
01041         protocol = None
01042 
01043         for challenger_id, challenger in challengers:
01044             challenger_protocol = getattr(challenger, 'protocol',
01045                                           challenger_id)
01046             if valid_protocols and challenger_protocol not in valid_protocols:
01047                 # Skip invalid protocol for this request type.
01048                 continue
01049             if protocol is None or protocol == challenger_protocol:
01050                 if challenger.challenge(request, response):
01051                     protocol = challenger_protocol
01052 
01053         if protocol is not None:
01054             # something fired, so it was a successful PAS challenge
01055             return True
01056 
01057         # nothing fired, so trigger the fallback
01058         return False

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 190 of file PluggableAuthService.py.

00190 
00191     def getId( self ):
00192 
00193         return self._id

See IUserFolder.

Definition at line 198 of file PluggableAuthService.py.

00198 
00199     def getUser( self, name ):
00200 
00201         """ See IUserFolder.
00202         """
00203         plugins = self._getOb( 'plugins' )
00204 
00205         user_info = self._verifyUser( plugins, login=name )
00206 
00207         if not user_info:
00208             return None
00209 
00210         return self._findUser( plugins, user_info['id'], user_info['login'])

Here is the call graph for this function:

Here is the caller graph for this function:

See IUserFolder.

Definition at line 212 of file PluggableAuthService.py.

00212 
00213     def getUserById( self, id, default=None ):
00214 
00215         """ See IUserFolder.
00216         """
00217         plugins = self._getOb( 'plugins' )
00218 
00219         user_info = self._verifyUser( plugins, user_id=id )
00220 
00221         if not user_info:
00222             return default
00223 
00224         return self._findUser( plugins, user_info['id'], user_info['login'])

Here is the call graph for this function:

Zope quick start sacrifice.

The quick start page expects a hasUsers() method.

Definition at line 1076 of file PluggableAuthService.py.

01076 
01077     def hasUsers(self):
01078         """Zope quick start sacrifice.
01079 
01080         The quick start page expects a hasUsers() method.
01081         """
01082         return True

Publicly accessible method to log out a user

Definition at line 1102 of file PluggableAuthService.py.

01102 
01103     def logout(self, REQUEST):
01104         """Publicly accessible method to log out a user
01105         """
01106         self.resetCredentials(REQUEST, REQUEST['RESPONSE'])
01107 
01108         # Little bit of a hack: Issuing a redirect to the same place
01109         # where the user was so that in the second request the now-destroyed
01110         # credentials can be acted upon to e.g. go back to the login page
01111         referrer = REQUEST.get('HTTP_REFERER') # HTTP_REFERER is optional header
01112         if referrer:
01113             REQUEST['RESPONSE'].redirect(referrer)

Here is the call graph for this function:

Definition at line 982 of file PluggableAuthService.py.

00982 
00983     def manage_afterAdd(self, item, container):
00984         if item is self:
00985             container.__allow_groups__ = aq_base(self)
00986 
00987             handle = self.meta_type + '/' + self.getId()
00988             container = container.this()
00989             nc = BeforeTraverse.NameCaller(self.getId())
00990             BeforeTraverse.registerBeforeTraverse(container, nc, handle)

Definition at line 971 of file PluggableAuthService.py.

00971 
00972     def manage_beforeDelete(self, item, container):
00973         if item is self:
00974             try:
00975                 del container.__allow_groups__
00976             except:
00977                 pass
00978 
00979             handle = self.meta_type + '/' + self.getId()
00980             BeforeTraverse.unregisterBeforeTraverse(container, handle)

Reset credentials by informing all active resetCredentials plugins

Definition at line 1115 of file PluggableAuthService.py.

01115 
01116     def resetCredentials(self, request, response):
01117         """Reset credentials by informing all active resetCredentials plugins
01118         """
01119         user = getSecurityManager().getUser()
01120         if aq_base(user) is not nobody:
01121             plugins = self._getOb('plugins')
01122             cred_resetters = plugins.listPlugins(ICredentialsResetPlugin)
01123 
01124             for resetter_id, resetter in cred_resetters:
01125                 resetter.resetCredentials(request, response)
01126 
01127 classImplements( PluggableAuthService
01128                , (IPluggableAuthService, IObjectManager, IPropertyManager)
01129                )
01130 
01131 InitializeClass( PluggableAuthService )

Here is the call graph for this function:

Here is the caller graph for this function:

def PluggableAuthService.PluggableAuthService.PluggableAuthService.resultsBatch (   self,
  results,
  REQUEST,
  size = 20,
  orphan = 2,
  overlap = 0 
)
ZMI helper for getting batching for displaying search results

Definition at line 468 of file PluggableAuthService.py.

00468 
00469     def resultsBatch(self, results, REQUEST, size=20, orphan=2, overlap=0):
00470         """ ZMI helper for getting batching for displaying search results
00471         """
00472         try:
00473             start_val = REQUEST.get('batch_start', '0')
00474             start = int(start_val)
00475             size = int(REQUEST.get('batch_size', size))
00476         except ValueError:
00477             start = 0
00478 
00479         batch = Batch(results, size, start, 0, orphan, overlap)
00480 
00481         if batch.end < len(results):
00482             qs = self._getBatchLink( REQUEST.get('QUERY_STRING', '')
00483                                    , start
00484                                    , batch.end
00485                                    )
00486             REQUEST.set( 'next_batch_url'
00487                        , '%s?%s' % (REQUEST.get('URL'), qs)
00488                        )
00489 
00490         if start > 0:
00491             new_start = start - size - 1
00492 
00493             if new_start < 0:
00494                 new_start = 0
00495 
00496             qs = self._getBatchLink( REQUEST.get('QUERY_STRING', '')
00497                                    , start
00498                                    , new_start
00499                                    )
00500             REQUEST.set( 'previous_batch_url'
00501                        , '%s?%s' % (REQUEST.get('URL'), qs)
00502                        )
00503 
00504         return batch
00505 

Here is the call graph for this function:

Search for groups

Definition at line 336 of file PluggableAuthService.py.

00336 
00337     def searchGroups(self, **kw):
00338         """ Search for groups
00339         """
00340         search_id = kw.get( 'id', None )
00341         search_name = kw.get( 'name', None )
00342 
00343         result = []
00344         max_results = kw.get('max_results', '')
00345         sort_by = kw.get('sort_by', '')
00346 
00347         # We apply sorting and slicing here across all sets, so don't
00348         # make the plugin do it
00349         if sort_by:
00350             del kw['sort_by']
00351         if max_results:
00352             del kw['max_results']
00353         if search_name:
00354             if kw.get('id') is not None:
00355                 del kw['id']
00356             if not kw.has_key('title'):
00357                 kw['title'] = kw['name']
00358 
00359         plugins = self._getOb( 'plugins' )
00360         enumerators = plugins.listPlugins( IGroupEnumerationPlugin )
00361 
00362         for enumerator_id, enum in enumerators:
00363             try:
00364                  group_list = enum.enumerateGroups(**kw)
00365                  for group_info in group_list:
00366                     info = {}
00367                     info.update( group_info )
00368                     info[ 'groupid' ] = info[ 'id' ]
00369                     info[ 'principal_type' ] = 'group'
00370                     if not info.has_key('title'):
00371                         info[ 'title' ] = "(Group) %s" % info[ 'groupid' ]
00372                     result.append(info)
00373             except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
00374                 logger.debug( 'GroupEnumerationPlugin %s error' % enumerator_id
00375                             , exc_info=True
00376                             )
00377 
00378         if sort_by:
00379             result.sort( lambda a, b: cmp( a.get(sort_by, '').lower()
00380                                          , b.get(sort_by, '').lower()
00381                                          ) )
00382 
00383         if max_results:
00384             try:
00385                 max_results = int(max_results)
00386                 result = result[:max_results + 1]
00387             except ValueError:
00388                 pass
00389 
00390         return tuple(result)

Here is the call graph for this function:

Here is the caller graph for this function:

Search for principals (users, groups, or both)

Definition at line 392 of file PluggableAuthService.py.

00392 
00393     def searchPrincipals(self, groups_first=False, **kw):
00394         """ Search for principals (users, groups, or both)
00395         """
00396         max_results = kw.get( 'max_results', '' )
00397 
00398         search_id = kw.get( 'id', None )
00399         search_name = kw.get( 'name', None )
00400         if search_name:
00401             if not kw.has_key('title'):
00402                 kw['title'] = search_name
00403             kw['login'] = search_name
00404 
00405         users = [ d.copy() for d in self.searchUsers( **kw ) ]
00406         groups = [ d.copy() for d in self.searchGroups( **kw ) ]
00407 
00408         if groups_first:
00409             result = groups + users
00410         else:
00411             result = users + groups
00412 
00413         if max_results:
00414             try:
00415                 max_results = int( max_results )
00416                 result = result[ :max_results + 1 ]
00417             except ValueError:
00418                 pass
00419 
00420         return tuple( result )

Here is the call graph for this function:

Search for users

Definition at line 280 of file PluggableAuthService.py.

00280 
00281     def searchUsers(self, **kw):
00282         """ Search for users
00283         """
00284         search_id = kw.get( 'id', None )
00285         search_name = kw.get( 'name', None )
00286 
00287         result = []
00288         max_results = kw.get('max_results', '')
00289         sort_by = kw.get('sort_by', '')
00290 
00291         # We apply sorting and slicing here across all sets, so don't
00292         # make the plugin do it
00293         if sort_by:
00294             del kw['sort_by']
00295         if max_results:
00296             del kw['max_results']
00297         if search_name:
00298             if kw.get('id') is not None:
00299                 del kw['id'] # don't even bother searching by id
00300             kw['login'] = kw['name']
00301 
00302         plugins = self._getOb( 'plugins' )
00303         enumerators = plugins.listPlugins( IUserEnumerationPlugin )
00304 
00305         for enumerator_id, enum in enumerators:
00306             try:
00307                 user_list = enum.enumerateUsers(**kw)
00308                 for user_info in user_list:
00309                     info = {}
00310                     info.update( user_info )
00311                     info[ 'userid' ] = info[ 'id' ]
00312                     info[ 'principal_type' ] = 'user'
00313                     if not info.has_key('title'):
00314                         info[ 'title' ] = info[ 'login' ]
00315                     result.append(info)
00316 
00317             except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
00318                 logger.debug( 'UserEnumerationPlugin %s error' % enumerator_id
00319                             , exc_info=True
00320                             )
00321 
00322         if sort_by:
00323             result.sort( lambda a, b: cmp( a.get(sort_by, '').lower()
00324                                          , b.get(sort_by, '').lower()
00325                                          ) )
00326 
00327         if max_results:
00328             try:
00329                 max_results = int(max_results)
00330                 result = result[:max_results]
00331             except ValueError:
00332                 pass
00333 
00334         return tuple(result)

Here is the call graph for this function:

Here is the caller graph for this function:

def PluggableAuthService.PluggableAuthService.PluggableAuthService.updateCredentials (   self,
  request,
  response,
  login,
  new_password 
)
Central updateCredentials method

This method is needed for cases where the credentials storage and
the credentials extraction is handled by different plugins. Example
case would be if the CookieAuthHelper is used as a Challenge and
Extraction plugin only to take advantage of the login page feature
but the credentials are not stored in the CookieAuthHelper cookie
but somewhere else, like in a Session.

Definition at line 1084 of file PluggableAuthService.py.

01084 
01085     def updateCredentials(self, request, response, login, new_password):
01086         """Central updateCredentials method
01087 
01088         This method is needed for cases where the credentials storage and
01089         the credentials extraction is handled by different plugins. Example
01090         case would be if the CookieAuthHelper is used as a Challenge and
01091         Extraction plugin only to take advantage of the login page feature
01092         but the credentials are not stored in the CookieAuthHelper cookie
01093         but somewhere else, like in a Session.
01094         """
01095         plugins = self._getOb('plugins')
01096         cred_updaters = plugins.listPlugins(ICredentialsUpdatePlugin)
01097 
01098         for updater_id, updater in cred_updaters:
01099             updater.updateCredentials(request, response, login, new_password)
01100 

Here is the call graph for this function:

def PluggableAuthService.PluggableAuthService.PluggableAuthService.validate (   self,
  request,
  auth = '',
  roles = _noroles 
)
See IUserFolder.

Definition at line 226 of file PluggableAuthService.py.

00226 
00227     def validate( self, request, auth='', roles=_noroles ):
00228 
00229         """ See IUserFolder.
00230         """
00231         plugins = self._getOb( 'plugins' )
00232         is_top = self._isTop()
00233 
00234         user_ids = self._extractUserIds(request, plugins)
00235         ( accessed
00236         , container
00237         , name
00238         , value
00239         ) = self._getObjectContext( request[ 'PUBLISHED' ], request )
00240 
00241         for user_id, login in user_ids:
00242 
00243             user = self._findUser(plugins, user_id, login, request=request)
00244 
00245             if aq_base( user ) is emergency_user:
00246 
00247                 if is_top:
00248                     return user
00249                 else:
00250                     return None
00251 
00252             if self._authorizeUser( user
00253                                   , accessed
00254                                   , container
00255                                   , name
00256                                   , value
00257                                   , roles
00258                                   ):
00259                 return user
00260 
00261         if not is_top:
00262             return None
00263 
00264         #
00265         #   No other user folder above us can satisfy, and we have no user;
00266         #   return a constructed anonymous only if anonymous is authorized.
00267         #
00268         anonymous = self._createAnonymousUser( plugins )
00269         if self._authorizeUser( anonymous
00270                               , accessed
00271                               , container
00272                               , name
00273                               , value
00274                               , roles
00275                               ):
00276             return anonymous
00277 
00278         return None

Here is the call graph for this function:

Here is the caller graph for this function:


Member Data Documentation

Definition at line 185 of file PluggableAuthService.py.

Definition at line 183 of file PluggableAuthService.py.

Definition at line 186 of file PluggableAuthService.py.

tuple PluggableAuthService.PluggableAuthService.PluggableAuthService.arrow_down_gif = ImageFile( 'www/arrow-down.gif', globals() ) [static]

Definition at line 453 of file PluggableAuthService.py.

tuple PluggableAuthService.PluggableAuthService.PluggableAuthService.arrow_left_gif = ImageFile( 'www/arrow-left.gif', globals() ) [static]

Definition at line 451 of file PluggableAuthService.py.

tuple PluggableAuthService.PluggableAuthService.PluggableAuthService.arrow_right_gif = ImageFile( 'www/arrow-right.gif', globals() ) [static]

Definition at line 450 of file PluggableAuthService.py.

tuple PluggableAuthService.PluggableAuthService.PluggableAuthService.arrow_up_gif = ImageFile( 'www/arrow-up.gif', globals() ) [static]

Definition at line 452 of file PluggableAuthService.py.

Initial value:
( Folder.manage_options[:1]
                      + ( { 'label' : 'Search'
                          , 'action': 'manage_search' }
                        ,
                        )
                      + Folder.manage_options[2:]
                      + Cacheable.manage_options
                      )

Definition at line 458 of file PluggableAuthService.py.

tuple PluggableAuthService.PluggableAuthService.PluggableAuthService.manage_search = PageTemplateFile('www/pasSearch', globals()) [static]

Definition at line 456 of file PluggableAuthService.py.

Definition at line 188 of file PluggableAuthService.py.

Definition at line 181 of file PluggableAuthService.py.

Definition at line 179 of file PluggableAuthService.py.


The documentation for this class was generated from the following file: