Back to index

plone3  3.1.7
Public Member Functions | Public Attributes | Static Public Attributes | Static Private Attributes
PluggableAuthService.plugins.CookieAuthHelper.CookieAuthHelper Class Reference
Inheritance diagram for PluggableAuthService.plugins.CookieAuthHelper.CookieAuthHelper:
Inheritance graph
[legend]
Collaboration diagram for PluggableAuthService.plugins.CookieAuthHelper.CookieAuthHelper:
Collaboration graph
[legend]

List of all members.

Public Member Functions

def __init__
def extractCredentials
def challenge
def updateCredentials
def resetCredentials
def manage_afterAdd
def unauthorized
def getLoginURL
def login

Public Attributes

 title
 cookie_name

Static Public Attributes

string meta_type = 'Cookie Auth Helper'
string cookie_name = '__ginger_snap'
string login_path = 'login_form'
tuple security = ClassSecurityInfo()
tuple manage_options

Static Private Attributes

tuple _properties

Detailed Description

Multi-plugin for managing details of Cookie Authentication. 

Definition at line 70 of file CookieAuthHelper.py.


Constructor & Destructor Documentation

def PluggableAuthService.plugins.CookieAuthHelper.CookieAuthHelper.__init__ (   self,
  id,
  title = None,
  cookie_name = '' 
)

Definition at line 100 of file CookieAuthHelper.py.

00100 
00101     def __init__(self, id, title=None, cookie_name=''):
00102         self._setId(id)
00103         self.title = title
00104 
00105         if cookie_name:
00106             self.cookie_name = cookie_name
00107 

Here is the call graph for this function:


Member Function Documentation

def PluggableAuthService.plugins.CookieAuthHelper.CookieAuthHelper.challenge (   self,
  request,
  response,
  kw 
)
Challenge the user for credentials. 

Definition at line 143 of file CookieAuthHelper.py.

00143 
00144     def challenge(self, request, response, **kw):
00145         """ Challenge the user for credentials. """
00146         return self.unauthorized()
00147 

Here is the call graph for this function:

Extract credentials from cookie or 'request'. 

Definition at line 109 of file CookieAuthHelper.py.

00109 
00110     def extractCredentials(self, request):
00111         """ Extract credentials from cookie or 'request'. """
00112         creds = {}
00113         cookie = request.get(self.cookie_name, '')
00114         # Look in the request.form for the names coming from the login form
00115         login = request.form.get('__ac_name', '')
00116 
00117         if login and request.form.has_key('__ac_password'):
00118             creds['login'] = login
00119             creds['password'] = request.form.get('__ac_password', '')
00120 
00121         elif cookie and cookie != 'deleted':
00122             cookie_val = decodestring(unquote(cookie))
00123             try:
00124                 login, password = cookie_val.split(':')
00125             except ValueError:
00126                 # Cookie is in a different format, so it is not ours
00127                 return creds
00128 
00129             creds['login'] = login.decode('hex')
00130             creds['password'] = password.decode('hex')
00131 
00132         if creds:
00133             creds['remote_host'] = request.get('REMOTE_HOST', '')
00134 
00135             try:
00136                 creds['remote_address'] = request.getClientAddr()
00137             except AttributeError:
00138                 creds['remote_address'] = request.get('REMOTE_ADDR', '')
00139 
00140         return creds
00141 

Where to send people for logging in 

Definition at line 219 of file CookieAuthHelper.py.

00219 
00220     def getLoginURL(self):
00221         """ Where to send people for logging in """
00222         if self.login_path.startswith('/'):
00223             return self.login_path
00224         elif self.login_path != '':
00225             return '%s/%s' % (self.absolute_url(), self.login_path)
00226         else:
00227             return None

Here is the call graph for this function:

Here is the caller graph for this function:

Set a cookie and redirect to the url that we tried to
authenticate against originally.

Definition at line 229 of file CookieAuthHelper.py.

00229 
00230     def login(self):
00231         """ Set a cookie and redirect to the url that we tried to
00232         authenticate against originally.
00233         """
00234         request = self.REQUEST
00235         response = request['RESPONSE']
00236 
00237         login = request.get('__ac_name', '')
00238         password = request.get('__ac_password', '')
00239 
00240         # In order to use the CookieAuthHelper for its nice login page
00241         # facility but store and manage credentials somewhere else we need
00242         # to make sure that upon login only plugins activated as
00243         # IUpdateCredentialPlugins get their updateCredentials method
00244         # called. If the method is called on the CookieAuthHelper it will
00245         # simply set its own auth cookie, to the exclusion of any other
00246         # plugins that might want to store the credentials.
00247         pas_instance = self._getPAS()
00248 
00249         if pas_instance is not None:
00250             pas_instance.updateCredentials(request, response, login, password)
00251 
00252         came_from = request.form['came_from']
00253 
00254         return response.redirect(came_from)
00255 
00256 classImplements( CookieAuthHelper
00257                , ICookieAuthHelper
00258                , ILoginPasswordHostExtractionPlugin
00259                , IChallengePlugin
00260                , ICredentialsUpdatePlugin
00261                , ICredentialsResetPlugin
00262                )
00263 
00264 InitializeClass(CookieAuthHelper)
00265 

Here is the call graph for this function:

Setup tasks upon instantiation 

Definition at line 164 of file CookieAuthHelper.py.

00164 
00165     def manage_afterAdd(self, item, container):
00166         """ Setup tasks upon instantiation """
00167         if not 'login_form' in self.objectIds():
00168             login_form = ZopePageTemplate( id='login_form'
00169                                            , text=BASIC_LOGIN_FORM
00170                                            )
00171             login_form.title = 'Login Form'
00172             login_form.manage_permission(view, roles=['Anonymous'], acquire=1)
00173             self._setObject( 'login_form', login_form, set_owner=0 )
00174 

Here is the call graph for this function:

Raise unauthorized to tell browser to clear credentials. 

Definition at line 158 of file CookieAuthHelper.py.

00158 
00159     def resetCredentials(self, request, response):
00160         """ Raise unauthorized to tell browser to clear credentials. """
00161         response.expireCookie(self.cookie_name, path='/')
00162 

Definition at line 176 of file CookieAuthHelper.py.

00176 
00177     def unauthorized(self):
00178         req = self.REQUEST
00179         resp = req['RESPONSE']
00180 
00181         # If we set the auth cookie before, delete it now.
00182         if resp.cookies.has_key(self.cookie_name):
00183             del resp.cookies[self.cookie_name]
00184 
00185         # Redirect if desired.
00186         url = self.getLoginURL()
00187         if url is not None:
00188             came_from = req.get('came_from', None)
00189 
00190             if came_from is None:
00191                 came_from = req.get('URL', '')
00192                 query = req.get('QUERY_STRING')
00193                 if query:
00194                     if not query.startswith('?'):
00195                         query = '?' + query
00196                     came_from = came_from + query
00197             else:
00198                 # If came_from contains a value it means the user
00199                 # must be coming through here a second time
00200                 # Reasons could be typos when providing credentials
00201                 # or a redirect loop (see below)
00202                 req_url = req.get('URL', '')
00203 
00204                 if req_url and req_url == url:
00205                     # Oops... The login_form cannot be reached by the user -
00206                     # it might be protected itself due to misconfiguration -
00207                     # the only sane thing to do is to give up because we are
00208                     # in an endless redirect loop.
00209                     return 0
00210 
00211             url = url + '?came_from=%s' % quote(came_from)
00212             resp.redirect(url, lock=1)
00213             return 1
00214 
00215         # Could not challenge.
00216         return 0
00217 

Here is the call graph for this function:

Here is the caller graph for this function:

def PluggableAuthService.plugins.CookieAuthHelper.CookieAuthHelper.updateCredentials (   self,
  request,
  response,
  login,
  new_password 
)
Respond to change of credentials (NOOP for basic auth). 

Definition at line 149 of file CookieAuthHelper.py.

00149 
00150     def updateCredentials(self, request, response, login, new_password):
00151         """ Respond to change of credentials (NOOP for basic auth). """
00152         cookie_str = '%s:%s' % (login.encode('hex'), new_password.encode('hex'))
00153         cookie_val = encodestring(cookie_str)
00154         cookie_val = cookie_val.rstrip()
00155         response.setCookie(self.cookie_name, quote(cookie_val), path='/')
00156 


Member Data Documentation

Initial value:
( { 'id'    : 'title'
                    , 'label' : 'Title'
                    , 'type'  : 'string'
                    , 'mode'  : 'w'
                    }
                  , { 'id'    : 'cookie_name'
                    , 'label' : 'Cookie Name'
                    , 'type'  : 'string'
                    , 'mode'  : 'w'
                    }
                  , { 'id'    : 'login_path'
                    , 'label' : 'Login Form'
                    , 'type'  : 'string'
                    , 'mode'  : 'w'
                    }
                  )

Definition at line 78 of file CookieAuthHelper.py.

Definition at line 74 of file CookieAuthHelper.py.

Definition at line 105 of file CookieAuthHelper.py.

Definition at line 75 of file CookieAuthHelper.py.

Initial value:
( BasePlugin.manage_options[:1]
                     + Folder.manage_options[:1]
                     + Folder.manage_options[2:]
                     )

Definition at line 95 of file CookieAuthHelper.py.

Definition at line 73 of file CookieAuthHelper.py.

Definition at line 76 of file CookieAuthHelper.py.

Definition at line 102 of file CookieAuthHelper.py.


The documentation for this class was generated from the following file: