Mercurial > hg > OKFNAnnotator
comparison AuthTokenGenerator.py @ 6:17bbd5e80d15
method getLoginToken and real authentication support.
| author | casties |
|---|---|
| date | Tue, 30 Oct 2012 20:20:31 +0100 |
| parents | 4c6c8835fc5c |
| children | 279473355e9b |
comparison
equal
deleted
inserted
replaced
| 5:8365fc487252 | 6:17bbd5e80d15 |
|---|---|
| 1 from OFS.SimpleItem import SimpleItem | 1 from OFS.SimpleItem import SimpleItem |
| 2 from Products.PageTemplates.PageTemplateFile import PageTemplateFile | 2 from Products.PageTemplates.PageTemplateFile import PageTemplateFile |
| 3 from OFS.PropertyManager import PropertyManager | 3 from OFS.PropertyManager import PropertyManager |
| 4 from AccessControl import getSecurityManager | |
| 5 from zExceptions import Unauthorized | |
| 4 | 6 |
| 5 import logging | 7 import logging |
| 6 import datetime | 8 import datetime |
| 7 import jwt | 9 import jwt |
| 8 | 10 |
| 37 """init document viewer""" | 39 """init document viewer""" |
| 38 self.id = id | 40 self.id = id |
| 39 self.consumer_key = consumerKey | 41 self.consumer_key = consumerKey |
| 40 self.consumer_secret = consumerSecret | 42 self.consumer_secret = consumerSecret |
| 41 | 43 |
| 42 def index_html(self, user='anonymous', password=None): | 44 def index_html(self, user='anonymous'): |
| 43 """returns authentication token for user""" | 45 """returns authentication token for user (Zope style)""" |
| 44 if self._token_allowed(): | 46 if self._user_allowed(user=user): |
| 45 token = self._generate_token(user) | 47 token = self._generate_token(user) |
| 46 # set CORS headers | 48 # set CORS headers |
| 47 origin = self.REQUEST.getHeader("Origin", None) | 49 origin = self.REQUEST.getHeader("Origin", None) |
| 48 if origin is not None: | 50 if origin is not None: |
| 49 self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", origin) | 51 self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", origin) |
| 50 else: | 52 else: |
| 51 self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", "*") | 53 self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", "*") |
| 52 | 54 |
| 53 self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Credentials", "true") | 55 self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Credentials", "true") |
| 54 logging.debug("token=%s"%token) | 56 logging.debug("token for user %s: %s"%(user, token)) |
| 55 self.REQUEST.RESPONSE.setHeader("Content-Type", "text/plain") | 57 self.REQUEST.RESPONSE.setHeader("Content-Type", "text/plain") |
| 56 return token | 58 return token |
| 57 # send as JSON | |
| 58 #self.REQUEST.RESPONSE.setHeader("Content-Type", "application/json") | |
| 59 #json.dump(token, self.REQUEST.RESPONSE) | |
| 60 else: | 59 else: |
| 61 self.REQUEST.RESPONSE.setStatus('Forbidden') | 60 raise Unauthorized |
| 62 return "SORRY, NOT ALLOWED!" | |
| 63 | 61 |
| 64 def _token_allowed(self, user=None, password=None): | 62 def getLoginToken(self, user='anonymous', password=None): |
| 65 # here we should check the login | 63 """returns authentication token or error code""" |
| 66 return True | 64 # set CORS headers |
| 65 origin = self.REQUEST.getHeader("Origin", None) | |
| 66 if origin is not None: | |
| 67 self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", origin) | |
| 68 else: | |
| 69 self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", "*") | |
| 70 | |
| 71 self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Credentials", "true") | |
| 72 if self._user_allowed(user=user, password=password): | |
| 73 token = self._generate_token(user) | |
| 74 logging.debug("token for user %s: %s"%(user, token)) | |
| 75 self.REQUEST.RESPONSE.setHeader("Content-Type", "text/plain") | |
| 76 return token | |
| 77 else: | |
| 78 self.REQUEST.RESPONSE.setStatus('Unauthorized') | |
| 79 return "Please Authenticate!" | |
| 80 | |
| 81 | |
| 82 def _user_allowed(self, user=None, password=None): | |
| 83 # check the login | |
| 84 if user == 'anonymous': | |
| 85 # everybody can be anonymous | |
| 86 return user | |
| 87 | |
| 88 # get logged in user | |
| 89 authuser = getSecurityManager().getUser() | |
| 90 authname = authuser.getUserName() | |
| 91 logging.debug("token_allowed: user=%s authuser=%s username=%s"%(user, repr(authuser), repr(authname))) | |
| 92 if authname == user: | |
| 93 # user is logged in | |
| 94 return authname | |
| 95 | |
| 96 if password: | |
| 97 logging.debug("trying password") | |
| 98 # TODO: should we care about aquisition? | |
| 99 authuser = self.acl_users.authenticate(user, password, None) | |
| 100 return authuser | |
| 101 | |
| 102 return None | |
| 67 | 103 |
| 68 def _generate_token(self, user_id): | 104 def _generate_token(self, user_id): |
| 69 #return JSON-token | 105 #return JSON-token |
| 70 issue_time = datetime.datetime.now(UTC).replace(microsecond=0) | 106 issue_time = datetime.datetime.now(UTC).replace(microsecond=0) |
| 71 | 107 |