--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/pyams_security/plugin/admin.py Thu Feb 19 10:53:29 2015 +0100
@@ -0,0 +1,85 @@
+#
+# Copyright (c) 2008-2015 Thierry Florac <tflorac AT ulthar.net>
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+
+__docformat__ = 'restructuredtext'
+
+# import standard library
+
+# import interfaces
+from pyams_security.interfaces import IAdminAuthenticationPlugin, IDirectoryPlugin
+from zope.password.interfaces import IPasswordManager
+
+# import packages
+from persistent import Persistent
+from pyams_security.principal import PrincipalInfo
+from pyams_utils.registry import get_utility
+from zope.container.contained import Contained
+from zope.interface import implementer
+from zope.schema.fieldproperty import FieldProperty
+
+
+@implementer(IAdminAuthenticationPlugin, IDirectoryPlugin)
+class AdminAuthenticationPlugin(Persistent, Contained):
+ """Hard-coded administrator authenticator plug-in
+
+ This plug-in should only be enabled in development mode!!!
+ """
+
+ prefix = FieldProperty(IAdminAuthenticationPlugin['prefix'])
+ title = FieldProperty(IAdminAuthenticationPlugin['title'])
+ enabled = FieldProperty(IAdminAuthenticationPlugin['enabled'])
+
+ login = FieldProperty(IAdminAuthenticationPlugin['login'])
+ _password = FieldProperty(IAdminAuthenticationPlugin['password'])
+
+ @property
+ def password(self):
+ return self._password
+
+ @password.setter
+ def password(self, value):
+ manager = get_utility(IPasswordManager, name='SSHA')
+ self._password = manager.encodePassword(value)
+
+ def authenticate(self, credentials, request):
+ if not self.enabled:
+ return None
+ attrs = credentials.attributes
+ login = attrs.get('login')
+ password = attrs.get('password')
+ manager = get_utility(IPasswordManager, name='SSHA')
+ if login == self.login and manager.checkPassword(self._password, password):
+ return "{0}:{1}".format(self.prefix, login)
+
+ def get_principal(self, principal_id):
+ if not self.enabled:
+ return None
+ prefix, login = principal_id.split(':', 1)
+ if (prefix == self.prefix) and (login == self.login):
+ return PrincipalInfo(id=principal_id,
+ title=self.title)
+
+ def get_all_principals(self, principal_id):
+ if not self.enabled:
+ return set()
+ if self.get_principal(principal_id) is not None:
+ return {principal_id}
+ return set()
+
+ def find_principals(self, query):
+ if not query:
+ return None
+ query = query.lower()
+ if (query == self.login or
+ query in self.title.lower()):
+ yield PrincipalInfo(id='{0}:{1}'.format(self.prefix, self.login),
+ title=self.title)