Back to index

plone3  3.1.7
cookie_handler.py
Go to the documentation of this file.
00001 """ Class: ExtendedCookieAuthHelper
00002 
00003 Simply extends the standard CookieAuthHelper provided via regular
00004 PluggableAuthService but overrides the updateCookie mechanism to
00005 provide similar functionality as CookieCrumbler does... by giving
00006 the portal the ability to provide a setAuthCookie method.
00007 
00008 $Id$
00009 """
00010 from AccessControl.SecurityManagement import getSecurityManager
00011 from base64 import encodestring
00012 from urllib import quote
00013 from Acquisition import aq_base
00014 from Acquisition import aq_parent
00015 from AccessControl.SecurityInfo import ClassSecurityInfo
00016 from Globals import InitializeClass, DTMLFile
00017 from Products.PluggableAuthService.plugins.CookieAuthHelper \
00018     import CookieAuthHelper as BasePlugin
00019 from Products.PluggableAuthService.utils import classImplements
00020 from Products.PluggableAuthService.interfaces.authservice \
00021         import IPluggableAuthService
00022 from Products.PluggableAuthService.interfaces.plugins import \
00023         ILoginPasswordHostExtractionPlugin, IChallengePlugin,  \
00024         ICredentialsUpdatePlugin, ICredentialsResetPlugin
00025 
00026 
00027 def manage_addExtendedCookieAuthHelper(self, id, title='',
00028                                        RESPONSE=None, **kw):
00029     """Create an instance of a extended cookie auth helper.
00030     """
00031 
00032     self = self.this()
00033 
00034     o = ExtendedCookieAuthHelper(id, title, **kw)
00035     self._setObject(o.getId(), o)
00036     o = getattr(aq_base(self), id)
00037 
00038     if RESPONSE is not None:
00039         RESPONSE.redirect('manage_workspace')
00040 
00041 manage_addExtendedCookieAuthHelperForm = DTMLFile("../zmi/ExtendedCookieAuthHelperForm", globals())
00042 
00043 
00044 class ExtendedCookieAuthHelper(BasePlugin):
00045     """Multi-plugin which adds ability to override the updating of cookie via
00046     a setAuthCookie method/script.
00047     """
00048 
00049     meta_type = 'Extended Cookie Auth Helper'
00050     security = ClassSecurityInfo()
00051 
00052     security.declarePrivate('updateCredentials')
00053     def updateCredentials(self, request, response, login, new_password):
00054         """Override standard updateCredentials method
00055         """
00056 
00057         setAuthCookie = getattr(self, 'setAuthCookie', None)
00058         if setAuthCookie:
00059             cookie_val = encodestring('%s:%s' % (login, new_password))
00060             cookie_val = cookie_val.rstrip()
00061             setAuthCookie(response, self.cookie_name, quote(cookie_val))
00062         else:
00063             BasePlugin.updateCredentials(self, request, response, login, new_password)
00064 
00065     security.declarePublic('login')
00066     def login(self):
00067         """Set a cookie and redirect to the url that we tried to
00068         authenticate against originally.
00069 
00070         Override standard login method to avoid calling
00071         'return response.redirect(came_from)' as there is additional
00072         processing to ignore known bad come_from templates at
00073         login_next.cpy script.
00074         """
00075         request = self.REQUEST
00076         response = request['RESPONSE']
00077 
00078         login = request.get('__ac_name', '')
00079         password = request.get('__ac_password', '')
00080 
00081         user = getSecurityManager().getUser()
00082         user_pas = aq_parent(user)
00083 
00084         if IPluggableAuthService.providedBy(user_pas):
00085             # Delegate to the users own PAS if possible
00086             user_pas.updateCredentials(request, response, login, password)
00087         else:
00088             # User does not originate from a PAS user folder, so lets try
00089             # to do our own thing.
00090             # XXX Perhaps we should do nothing here; test with pure User Folder!
00091             pas_instance = self._getPAS()
00092             if pas_instance is not None:
00093                 pas_instance.updateCredentials(request, response, login, password)
00094 
00095 
00096 classImplements(ExtendedCookieAuthHelper,
00097                 ILoginPasswordHostExtractionPlugin,
00098                 IChallengePlugin,
00099                 ICredentialsUpdatePlugin,
00100                 ICredentialsResetPlugin,
00101                )
00102 
00103 InitializeClass(ExtendedCookieAuthHelper)