Mercurial Mercurial > pyams > pyams_security / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
src/pyams_security/plugin/admin.py
changeset 0 f04e1d0a0723
child 4 ec4cd04d4a8c 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/pyams_security/plugin/admin.py	Thu Feb 19 10:53:29 2015 +0100
@@ -0,0 +1,85 @@
+#
+# Copyright (c) 2008-2015 Thierry Florac <tflorac AT ulthar.net>
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+
+__docformat__ = 'restructuredtext'
+
+# import standard library
+
+# import interfaces
+from pyams_security.interfaces import IAdminAuthenticationPlugin, IDirectoryPlugin
+from zope.password.interfaces import IPasswordManager
+
+# import packages
+from persistent import Persistent
+from pyams_security.principal import PrincipalInfo
+from pyams_utils.registry import get_utility
+from zope.container.contained import Contained
+from zope.interface import implementer
+from zope.schema.fieldproperty import FieldProperty
+
+
+@implementer(IAdminAuthenticationPlugin, IDirectoryPlugin)
+class AdminAuthenticationPlugin(Persistent, Contained):
+    """Hard-coded administrator authenticator plug-in
+
+    This plug-in should only be enabled in development mode!!!
+    """
+
+    prefix = FieldProperty(IAdminAuthenticationPlugin['prefix'])
+    title = FieldProperty(IAdminAuthenticationPlugin['title'])
+    enabled = FieldProperty(IAdminAuthenticationPlugin['enabled'])
+
+    login = FieldProperty(IAdminAuthenticationPlugin['login'])
+    _password = FieldProperty(IAdminAuthenticationPlugin['password'])
+
+    @property
+    def password(self):
+        return self._password
+
+    @password.setter
+    def password(self, value):
+        manager = get_utility(IPasswordManager, name='SSHA')
+        self._password = manager.encodePassword(value)
+
+    def authenticate(self, credentials, request):
+        if not self.enabled:
+            return None
+        attrs = credentials.attributes
+        login = attrs.get('login')
+        password = attrs.get('password')
+        manager = get_utility(IPasswordManager, name='SSHA')
+        if login == self.login and manager.checkPassword(self._password, password):
+            return "{0}:{1}".format(self.prefix, login)
+
+    def get_principal(self, principal_id):
+        if not self.enabled:
+            return None
+        prefix, login = principal_id.split(':', 1)
+        if (prefix == self.prefix) and (login == self.login):
+            return PrincipalInfo(id=principal_id,
+                                 title=self.title)
+
+    def get_all_principals(self, principal_id):
+        if not self.enabled:
+            return set()
+        if self.get_principal(principal_id) is not None:
+            return {principal_id}
+        return set()
+
+    def find_principals(self, query):
+        if not query:
+            return None
+        query = query.lower()
+        if (query == self.login or
+                query in self.title.lower()):
+            yield PrincipalInfo(id='{0}:{1}'.format(self.prefix, self.login),
+                                title=self.title)
pyams/pyams_security