[BACK]Return to IntranetUserFolder.py CVS log [TXT] [DIR] Up to [Repository] / IntranetUserFolder

Annotation of IntranetUserFolder/IntranetUserFolder.py, revision 1.3

1.3     ! casties     1: """User Folder Extension, tests now also ip number of the host where the original connection
        !             2:  comes from in case of proxies/rewrites"""
1.1       dwinter     3: 
                      4: import Globals
                      5: from AccessControl.User import UserFolder
1.3     ! casties     6: from AccessControl import AuthEncoding
1.1       dwinter     7: from Globals import MessageDialog
1.3     ! casties     8: import logging
1.2       casties     9: import re
1.3     ! casties    10: import socket
1.1       dwinter    11: 
                     12: class IntranetUserFolder(UserFolder):
1.3     ! casties    13:     """User folder for Intranet"""
        !            14:     _domain_auth_mode=1 # Identification via domain
        !            15:     meta_type="IntranetUserFolder"
        !            16:     
        !            17:     def authenticate(self, name, password, request):
        !            18:         """modified authenticate to use domainspecmatch below"""
        !            19:         #logging.debug("IntranetUserFolder: authenticate %s from %s"%(name,request['REMOTE_ADDR']))
        !            20: 
        !            21:         emergency = self._emergency_user
        !            22:         if name is None:
        !            23:             return None
        !            24:         if emergency and name==emergency.getUserName():
        !            25:             user = emergency
        !            26:         else:
        !            27:             user = self.getUser(name)
        !            28:             
        !            29:         #logging.debug("IntranetUserFolder: user: %s"%repr(user))
        !            30:         
        !            31:         if user is not None:
        !            32:             pwd=user._getPassword()
        !            33:             # check PW first (which may be empty)
        !            34:             if AuthEncoding.pw_validate(pwd, password):
        !            35:                 domains = user.getDomains()
        !            36:                 #logging.debug("IntranetUserFolder: pw OK, domains: %s"%(repr(domains)))
        !            37:                 if self.domainSpecMatch(domains, request):
        !            38:                     logging.debug("IntranetUserFolder: domain user %s"%user)
        !            39:                     return user
        !            40:                 #else:
        !            41:                 #logging.debug("IntranetUserFolder: pw not ok: '%s'"%password)
        !            42:                 #logging.debug("IntranetUserFolder: user has password: '%s'"%user._getPassword())
        !            43: 
        !            44:         logging.debug("IntranetUserFolder: authenticate failed here!")
        !            45:         return None
        !            46: 
        !            47:     def domainSpecMatch(self, spec, request):
        !            48:         """modified domainspecmatch to look at FORWARDED_FOR"""
        !            49:         #logging.debug("IntranetUserFolder: domainspecmatch %s, %s"%(self,spec))
        !            50:         addr=''
        !            51: 
        !            52:         # Fast exit for the match-all case
        !            53:         if len(spec) == 0 or (len(spec) == 1 and spec[0] == '*'):
        !            54:             return 1
        !            55: 
        !            56:         # start with getClientAddr
        !            57:         addr=request.getClientAddr()
        !            58:         #logging.debug("IntranetUserFolder: getclientaddr: %s"%(addr))
        !            59:         #if request.has_key('REMOTE_ADDR'):
        !            60:         #    addr=request['REMOTE_ADDR']
        !            61: 
        !            62:         # override with forwarded address if present
        !            63:         if request.get('HTTP_X_FORWARDED_FOR', None):
        !            64:             addr=request['HTTP_X_FORWARDED_FOR']
        !            65:             #logging.debug("IntranetUserFolder: forwarded addr: %s"%(addr))
        !            66:             
        !            67:             # check for strange headers (may be fake)
        !            68:             if len(addr.split('.')) != 4:
        !            69:                 logging.warning("IntranetUserFolder: invalid forward addr: %s"%(addr))
        !            70:                 return 0
        !            71:             
        !            72:         if not addr:
        !            73:             return 0
        !            74: 
        !            75:         _addr=addr.split('.')
        !            76:         #logging.debug("IntranetUserFolder: addr: %s , %s"%(repr(_addr), repr(_m), repr(_addr & _m)))
        !            77: 
        !            78:         for ob in spec:
        !            79:             sz=len(ob)
        !            80:             _ob=ob.split('.')
        !            81:             _sz=len(_ob)
        !            82: 
        !            83:             mo = addr_match(ob)
        !            84:             if mo is not None:
        !            85:                 if mo.end(0)==sz:
        !            86:                     fail=0
        !            87:                     for i in range(_sz):
        !            88:                         a=_addr[i]
        !            89:                         o=_ob[i]
        !            90:                         if (o != a) and (o != '*'):
        !            91:                             fail=1
        !            92:                             break
        !            93:                     if fail:
        !            94:                         continue
        !            95:                     return 1
        !            96:     
        !            97:         return 0
1.1       dwinter    98: 
                     99: Globals.default__class_init__(IntranetUserFolder)
                    100: 
                    101: 
                    102: def manage_addIntranetUserFolder(self,dtself=None,REQUEST=None,**ignored):
                    103:     """add a user folder """
                    104:     f=IntranetUserFolder()
                    105:     self=self.this()
                    106:     try:    self._setObject('acl_users', f)
                    107:     except: return MessageDialog(
                    108:                    title  ='Item Exists',
                    109:                    message='This object already contains a User Folder',
                    110:                    action ='%s/manage_main' % REQUEST['URL1'])
                    111:     self.__allow_groups__=f
                    112:     if REQUEST is not None:
                    113:         REQUEST['RESPONSE'].redirect(self.absolute_url()+'/manage_main')
                    114: 
                    115: def manage_addIntranetUserFolderForm(self):
1.3     ! casties   116:     """add a user folder form"""
        !           117:     return manage_addIntranetUserFolder(self,REQUEST=self.REQUEST)
1.2       casties   118: 
                    119: addr_match=re.compile(r'((\d{1,3}\.){1,3}\*)|((\d{1,3}\.){3}\d{1,3})').match
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>