|
1 # |
|
2 # Copyright (c) 2008-2015 Thierry Florac <tflorac AT ulthar.net> |
|
3 # All Rights Reserved. |
|
4 # |
|
5 # This software is subject to the provisions of the Zope Public License, |
|
6 # Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution. |
|
7 # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED |
|
8 # WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
|
9 # WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS |
|
10 # FOR A PARTICULAR PURPOSE. |
|
11 # |
|
12 |
|
13 __docformat__ = 'restructuredtext' |
|
14 |
|
15 # import standard library |
|
16 |
|
17 # import interfaces |
|
18 from pyams_security.interfaces import IAdminAuthenticationPlugin, IDirectoryPlugin |
|
19 from zope.password.interfaces import IPasswordManager |
|
20 |
|
21 # import packages |
|
22 from persistent import Persistent |
|
23 from pyams_security.principal import PrincipalInfo |
|
24 from pyams_utils.registry import get_utility |
|
25 from zope.container.contained import Contained |
|
26 from zope.interface import implementer |
|
27 from zope.schema.fieldproperty import FieldProperty |
|
28 |
|
29 |
|
30 @implementer(IAdminAuthenticationPlugin, IDirectoryPlugin) |
|
31 class AdminAuthenticationPlugin(Persistent, Contained): |
|
32 """Hard-coded administrator authenticator plug-in |
|
33 |
|
34 This plug-in should only be enabled in development mode!!! |
|
35 """ |
|
36 |
|
37 prefix = FieldProperty(IAdminAuthenticationPlugin['prefix']) |
|
38 title = FieldProperty(IAdminAuthenticationPlugin['title']) |
|
39 enabled = FieldProperty(IAdminAuthenticationPlugin['enabled']) |
|
40 |
|
41 login = FieldProperty(IAdminAuthenticationPlugin['login']) |
|
42 _password = FieldProperty(IAdminAuthenticationPlugin['password']) |
|
43 |
|
44 @property |
|
45 def password(self): |
|
46 return self._password |
|
47 |
|
48 @password.setter |
|
49 def password(self, value): |
|
50 manager = get_utility(IPasswordManager, name='SSHA') |
|
51 self._password = manager.encodePassword(value) |
|
52 |
|
53 def authenticate(self, credentials, request): |
|
54 if not self.enabled: |
|
55 return None |
|
56 attrs = credentials.attributes |
|
57 login = attrs.get('login') |
|
58 password = attrs.get('password') |
|
59 manager = get_utility(IPasswordManager, name='SSHA') |
|
60 if login == self.login and manager.checkPassword(self._password, password): |
|
61 return "{0}:{1}".format(self.prefix, login) |
|
62 |
|
63 def get_principal(self, principal_id): |
|
64 if not self.enabled: |
|
65 return None |
|
66 prefix, login = principal_id.split(':', 1) |
|
67 if (prefix == self.prefix) and (login == self.login): |
|
68 return PrincipalInfo(id=principal_id, |
|
69 title=self.title) |
|
70 |
|
71 def get_all_principals(self, principal_id): |
|
72 if not self.enabled: |
|
73 return set() |
|
74 if self.get_principal(principal_id) is not None: |
|
75 return {principal_id} |
|
76 return set() |
|
77 |
|
78 def find_principals(self, query): |
|
79 if not query: |
|
80 return None |
|
81 query = query.lower() |
|
82 if (query == self.login or |
|
83 query in self.title.lower()): |
|
84 yield PrincipalInfo(id='{0}:{1}'.format(self.prefix, self.login), |
|
85 title=self.title) |