1 #

     2 # Copyright (c) 2008-2015 Thierry Florac <tflorac AT ulthar.net>

     3 # All Rights Reserved.

     4 #

     5 # This software is subject to the provisions of the Zope Public License,

     6 # Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.

     7 # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED

     8 # WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED

     9 # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS

    10 # FOR A PARTICULAR PURPOSE.

    11 #

    12 

    13 __docformat__ = 'restructuredtext'

    14 

    15 # import standard library

    16 

    17 # import interfaces

    18 from pyams_security.interfaces import IAdminAuthenticationPlugin, IDirectoryPlugin

    19 from zope.password.interfaces import IPasswordManager

    20 

    21 # import packages

    22 from persistent import Persistent

    23 from pyams_security.principal import PrincipalInfo

    24 from pyams_utils.registry import get_utility

    25 from zope.container.contained import Contained

    26 from zope.interface import implementer

    27 from zope.schema.fieldproperty import FieldProperty

    28 

    29 

    30 @implementer(IAdminAuthenticationPlugin, IDirectoryPlugin)

    31 class AdminAuthenticationPlugin(Persistent, Contained):

    32     """Hard-coded administrator authenticator plug-in

    33 

    34     This plug-in should only be enabled in development mode!!!

    35     """

    36 

    37     prefix = FieldProperty(IAdminAuthenticationPlugin['prefix'])

    38     title = FieldProperty(IAdminAuthenticationPlugin['title'])

    39     enabled = FieldProperty(IAdminAuthenticationPlugin['enabled'])

    40 

    41     login = FieldProperty(IAdminAuthenticationPlugin['login'])

    42     _password = FieldProperty(IAdminAuthenticationPlugin['password'])

    43 

    44     @property

    45     def password(self):

    46         return self._password

    47 

    48     @password.setter

    49     def password(self, value):

    50         manager = get_utility(IPasswordManager, name='SSHA')

    51         self._password = manager.encodePassword(value)

    52 

    53     def authenticate(self, credentials, request):

    54         if not self.enabled:

    55             return None

    56         attrs = credentials.attributes

    57         login = attrs.get('login')

    58         password = attrs.get('password')

    59         manager = get_utility(IPasswordManager, name='SSHA')

    60         if login == self.login and manager.checkPassword(self._password, password):

    61             return "{0}:{1}".format(self.prefix, login)

    62 

    63     def get_principal(self, principal_id):

    64         if not self.enabled:

    65             return None

    66         prefix, login = principal_id.split(':', 1)

    67         if (prefix == self.prefix) and (login == self.login):

    68             return PrincipalInfo(id=principal_id,

    69                                  title=self.title)

    70 

    71     def get_all_principals(self, principal_id):

    72         if not self.enabled:

    73             return set()

    74         if self.get_principal(principal_id) is not None:

    75             return {principal_id}

    76         return set()

    77 

    78     def find_principals(self, query):

    79         if not query:

    80             return None

    81         query = query.lower()

    82         if (query == self.login or

    83                 query in self.title.lower()):

    84             yield PrincipalInfo(id='{0}:{1}'.format(self.prefix, self.login),

    85                                 title=self.title)