# HG changeset patch # User casties # Date 1351624831 -3600 # Node ID 17bbd5e80d15cd5d027d8ad7b58f5d79faac40c9 # Parent 8365fc4872521147ed203d704afd1f3b0e0dffa9 method getLoginToken and real authentication support. diff -r 8365fc487252 -r 17bbd5e80d15 AuthTokenGenerator.py --- a/AuthTokenGenerator.py Mon Aug 27 19:05:54 2012 +0200 +++ b/AuthTokenGenerator.py Tue Oct 30 20:20:31 2012 +0100 @@ -1,6 +1,8 @@ from OFS.SimpleItem import SimpleItem from Products.PageTemplates.PageTemplateFile import PageTemplateFile from OFS.PropertyManager import PropertyManager +from AccessControl import getSecurityManager +from zExceptions import Unauthorized import logging import datetime @@ -39,9 +41,9 @@ self.consumer_key = consumerKey self.consumer_secret = consumerSecret - def index_html(self, user='anonymous', password=None): - """returns authentication token for user""" - if self._token_allowed(): + def index_html(self, user='anonymous'): + """returns authentication token for user (Zope style)""" + if self._user_allowed(user=user): token = self._generate_token(user) # set CORS headers origin = self.REQUEST.getHeader("Origin", None) @@ -51,19 +53,53 @@ self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", "*") self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Credentials", "true") - logging.debug("token=%s"%token) + logging.debug("token for user %s: %s"%(user, token)) + self.REQUEST.RESPONSE.setHeader("Content-Type", "text/plain") + return token + else: + raise Unauthorized + + def getLoginToken(self, user='anonymous', password=None): + """returns authentication token or error code""" + # set CORS headers + origin = self.REQUEST.getHeader("Origin", None) + if origin is not None: + self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", origin) + else: + self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", "*") + + self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Credentials", "true") + if self._user_allowed(user=user, password=password): + token = self._generate_token(user) + logging.debug("token for user %s: %s"%(user, token)) self.REQUEST.RESPONSE.setHeader("Content-Type", "text/plain") return token - # send as JSON - #self.REQUEST.RESPONSE.setHeader("Content-Type", "application/json") - #json.dump(token, self.REQUEST.RESPONSE) else: - self.REQUEST.RESPONSE.setStatus('Forbidden') - return "SORRY, NOT ALLOWED!" + self.REQUEST.RESPONSE.setStatus('Unauthorized') + return "Please Authenticate!" + - def _token_allowed(self, user=None, password=None): - # here we should check the login - return True + def _user_allowed(self, user=None, password=None): + # check the login + if user == 'anonymous': + # everybody can be anonymous + return user + + # get logged in user + authuser = getSecurityManager().getUser() + authname = authuser.getUserName() + logging.debug("token_allowed: user=%s authuser=%s username=%s"%(user, repr(authuser), repr(authname))) + if authname == user: + # user is logged in + return authname + + if password: + logging.debug("trying password") + # TODO: should we care about aquisition? + authuser = self.acl_users.authenticate(user, password, None) + return authuser + + return None def _generate_token(self, user_id): #return JSON-token diff -r 8365fc487252 -r 17bbd5e80d15 version.txt --- a/version.txt Mon Aug 27 19:05:54 2012 +0200 +++ b/version.txt Tue Oct 30 20:20:31 2012 +0100 @@ -1,1 +1,1 @@ -0.4 \ No newline at end of file +0.5 \ No newline at end of file