Annotation of IntranetUserFolder/IntranetUserFolder.py, revision 1.3
1.3 ! casties 1: """User Folder Extension, tests now also ip number of the host where the original connection
! 2: comes from in case of proxies/rewrites"""
1.1 dwinter 3:
4: import Globals
5: from AccessControl.User import UserFolder
1.3 ! casties 6: from AccessControl import AuthEncoding
1.1 dwinter 7: from Globals import MessageDialog
1.3 ! casties 8: import logging
1.2 casties 9: import re
1.3 ! casties 10: import socket
1.1 dwinter 11:
12: class IntranetUserFolder(UserFolder):
1.3 ! casties 13: """User folder for Intranet"""
! 14: _domain_auth_mode=1 # Identification via domain
! 15: meta_type="IntranetUserFolder"
! 16:
! 17: def authenticate(self, name, password, request):
! 18: """modified authenticate to use domainspecmatch below"""
! 19: #logging.debug("IntranetUserFolder: authenticate %s from %s"%(name,request['REMOTE_ADDR']))
! 20:
! 21: emergency = self._emergency_user
! 22: if name is None:
! 23: return None
! 24: if emergency and name==emergency.getUserName():
! 25: user = emergency
! 26: else:
! 27: user = self.getUser(name)
! 28:
! 29: #logging.debug("IntranetUserFolder: user: %s"%repr(user))
! 30:
! 31: if user is not None:
! 32: pwd=user._getPassword()
! 33: # check PW first (which may be empty)
! 34: if AuthEncoding.pw_validate(pwd, password):
! 35: domains = user.getDomains()
! 36: #logging.debug("IntranetUserFolder: pw OK, domains: %s"%(repr(domains)))
! 37: if self.domainSpecMatch(domains, request):
! 38: logging.debug("IntranetUserFolder: domain user %s"%user)
! 39: return user
! 40: #else:
! 41: #logging.debug("IntranetUserFolder: pw not ok: '%s'"%password)
! 42: #logging.debug("IntranetUserFolder: user has password: '%s'"%user._getPassword())
! 43:
! 44: logging.debug("IntranetUserFolder: authenticate failed here!")
! 45: return None
! 46:
! 47: def domainSpecMatch(self, spec, request):
! 48: """modified domainspecmatch to look at FORWARDED_FOR"""
! 49: #logging.debug("IntranetUserFolder: domainspecmatch %s, %s"%(self,spec))
! 50: addr=''
! 51:
! 52: # Fast exit for the match-all case
! 53: if len(spec) == 0 or (len(spec) == 1 and spec[0] == '*'):
! 54: return 1
! 55:
! 56: # start with getClientAddr
! 57: addr=request.getClientAddr()
! 58: #logging.debug("IntranetUserFolder: getclientaddr: %s"%(addr))
! 59: #if request.has_key('REMOTE_ADDR'):
! 60: # addr=request['REMOTE_ADDR']
! 61:
! 62: # override with forwarded address if present
! 63: if request.get('HTTP_X_FORWARDED_FOR', None):
! 64: addr=request['HTTP_X_FORWARDED_FOR']
! 65: #logging.debug("IntranetUserFolder: forwarded addr: %s"%(addr))
! 66:
! 67: # check for strange headers (may be fake)
! 68: if len(addr.split('.')) != 4:
! 69: logging.warning("IntranetUserFolder: invalid forward addr: %s"%(addr))
! 70: return 0
! 71:
! 72: if not addr:
! 73: return 0
! 74:
! 75: _addr=addr.split('.')
! 76: #logging.debug("IntranetUserFolder: addr: %s , %s"%(repr(_addr), repr(_m), repr(_addr & _m)))
! 77:
! 78: for ob in spec:
! 79: sz=len(ob)
! 80: _ob=ob.split('.')
! 81: _sz=len(_ob)
! 82:
! 83: mo = addr_match(ob)
! 84: if mo is not None:
! 85: if mo.end(0)==sz:
! 86: fail=0
! 87: for i in range(_sz):
! 88: a=_addr[i]
! 89: o=_ob[i]
! 90: if (o != a) and (o != '*'):
! 91: fail=1
! 92: break
! 93: if fail:
! 94: continue
! 95: return 1
! 96:
! 97: return 0
1.1 dwinter 98:
99: Globals.default__class_init__(IntranetUserFolder)
100:
101:
102: def manage_addIntranetUserFolder(self,dtself=None,REQUEST=None,**ignored):
103: """add a user folder """
104: f=IntranetUserFolder()
105: self=self.this()
106: try: self._setObject('acl_users', f)
107: except: return MessageDialog(
108: title ='Item Exists',
109: message='This object already contains a User Folder',
110: action ='%s/manage_main' % REQUEST['URL1'])
111: self.__allow_groups__=f
112: if REQUEST is not None:
113: REQUEST['RESPONSE'].redirect(self.absolute_url()+'/manage_main')
114:
115: def manage_addIntranetUserFolderForm(self):
1.3 ! casties 116: """add a user folder form"""
! 117: return manage_addIntranetUserFolder(self,REQUEST=self.REQUEST)
1.2 casties 118:
119: addr_match=re.compile(r'((\d{1,3}\.){1,3}\*)|((\d{1,3}\.){3}\d{1,3})').match
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>