Mercurial > hg > OKFNAnnotator
comparison AuthTokenGenerator.py @ 6:17bbd5e80d15
method getLoginToken and real authentication support.
author | casties |
---|---|
date | Tue, 30 Oct 2012 20:20:31 +0100 |
parents | 4c6c8835fc5c |
children | 279473355e9b |
comparison
equal
deleted
inserted
replaced
5:8365fc487252 | 6:17bbd5e80d15 |
---|---|
1 from OFS.SimpleItem import SimpleItem | 1 from OFS.SimpleItem import SimpleItem |
2 from Products.PageTemplates.PageTemplateFile import PageTemplateFile | 2 from Products.PageTemplates.PageTemplateFile import PageTemplateFile |
3 from OFS.PropertyManager import PropertyManager | 3 from OFS.PropertyManager import PropertyManager |
4 from AccessControl import getSecurityManager | |
5 from zExceptions import Unauthorized | |
4 | 6 |
5 import logging | 7 import logging |
6 import datetime | 8 import datetime |
7 import jwt | 9 import jwt |
8 | 10 |
37 """init document viewer""" | 39 """init document viewer""" |
38 self.id = id | 40 self.id = id |
39 self.consumer_key = consumerKey | 41 self.consumer_key = consumerKey |
40 self.consumer_secret = consumerSecret | 42 self.consumer_secret = consumerSecret |
41 | 43 |
42 def index_html(self, user='anonymous', password=None): | 44 def index_html(self, user='anonymous'): |
43 """returns authentication token for user""" | 45 """returns authentication token for user (Zope style)""" |
44 if self._token_allowed(): | 46 if self._user_allowed(user=user): |
45 token = self._generate_token(user) | 47 token = self._generate_token(user) |
46 # set CORS headers | 48 # set CORS headers |
47 origin = self.REQUEST.getHeader("Origin", None) | 49 origin = self.REQUEST.getHeader("Origin", None) |
48 if origin is not None: | 50 if origin is not None: |
49 self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", origin) | 51 self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", origin) |
50 else: | 52 else: |
51 self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", "*") | 53 self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", "*") |
52 | 54 |
53 self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Credentials", "true") | 55 self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Credentials", "true") |
54 logging.debug("token=%s"%token) | 56 logging.debug("token for user %s: %s"%(user, token)) |
55 self.REQUEST.RESPONSE.setHeader("Content-Type", "text/plain") | 57 self.REQUEST.RESPONSE.setHeader("Content-Type", "text/plain") |
56 return token | 58 return token |
57 # send as JSON | |
58 #self.REQUEST.RESPONSE.setHeader("Content-Type", "application/json") | |
59 #json.dump(token, self.REQUEST.RESPONSE) | |
60 else: | 59 else: |
61 self.REQUEST.RESPONSE.setStatus('Forbidden') | 60 raise Unauthorized |
62 return "SORRY, NOT ALLOWED!" | |
63 | 61 |
64 def _token_allowed(self, user=None, password=None): | 62 def getLoginToken(self, user='anonymous', password=None): |
65 # here we should check the login | 63 """returns authentication token or error code""" |
66 return True | 64 # set CORS headers |
65 origin = self.REQUEST.getHeader("Origin", None) | |
66 if origin is not None: | |
67 self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", origin) | |
68 else: | |
69 self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", "*") | |
70 | |
71 self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Credentials", "true") | |
72 if self._user_allowed(user=user, password=password): | |
73 token = self._generate_token(user) | |
74 logging.debug("token for user %s: %s"%(user, token)) | |
75 self.REQUEST.RESPONSE.setHeader("Content-Type", "text/plain") | |
76 return token | |
77 else: | |
78 self.REQUEST.RESPONSE.setStatus('Unauthorized') | |
79 return "Please Authenticate!" | |
80 | |
81 | |
82 def _user_allowed(self, user=None, password=None): | |
83 # check the login | |
84 if user == 'anonymous': | |
85 # everybody can be anonymous | |
86 return user | |
87 | |
88 # get logged in user | |
89 authuser = getSecurityManager().getUser() | |
90 authname = authuser.getUserName() | |
91 logging.debug("token_allowed: user=%s authuser=%s username=%s"%(user, repr(authuser), repr(authname))) | |
92 if authname == user: | |
93 # user is logged in | |
94 return authname | |
95 | |
96 if password: | |
97 logging.debug("trying password") | |
98 # TODO: should we care about aquisition? | |
99 authuser = self.acl_users.authenticate(user, password, None) | |
100 return authuser | |
101 | |
102 return None | |
67 | 103 |
68 def _generate_token(self, user_id): | 104 def _generate_token(self, user_id): |
69 #return JSON-token | 105 #return JSON-token |
70 issue_time = datetime.datetime.now(UTC).replace(microsecond=0) | 106 issue_time = datetime.datetime.now(UTC).replace(microsecond=0) |
71 | 107 |