Mercurial > hg > OKFNAnnotator

--- a/AuthTokenGenerator.py	Mon Aug 27 19:05:54 2012 +0200
+++ b/AuthTokenGenerator.py	Tue Oct 30 20:20:31 2012 +0100
@@ -1,6 +1,8 @@
 from OFS.SimpleItem import SimpleItem
 from Products.PageTemplates.PageTemplateFile import PageTemplateFile
 from OFS.PropertyManager import PropertyManager
+from AccessControl import getSecurityManager
+from zExceptions import Unauthorized

 import logging
 import datetime
@@ -39,9 +41,9 @@
         self.consumer_key = consumerKey
         self.consumer_secret = consumerSecret

-    def index_html(self, user='anonymous', password=None):
-        """returns authentication token for user"""
-        if self._token_allowed():
+    def index_html(self, user='anonymous'):
+        """returns authentication token for user (Zope style)"""
+        if self._user_allowed(user=user):
             token = self._generate_token(user)
             # set CORS headers
             origin = self.REQUEST.getHeader("Origin", None)
@@ -51,19 +53,53 @@
                 self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", "*")

             self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Credentials", "true")
-            logging.debug("token=%s"%token)
+            logging.debug("token for user %s: %s"%(user, token))
+            self.REQUEST.RESPONSE.setHeader("Content-Type", "text/plain")
+            return token
+        else:
+            raise Unauthorized
+
+    def getLoginToken(self, user='anonymous', password=None):
+        """returns authentication token or error code"""
+        # set CORS headers
+        origin = self.REQUEST.getHeader("Origin", None)
+        if origin is not None:
+            self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", origin)
+        else:
+            self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", "*")
+
+        self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Credentials", "true")
+        if self._user_allowed(user=user, password=password):
+            token = self._generate_token(user)
+            logging.debug("token for user %s: %s"%(user, token))
             self.REQUEST.RESPONSE.setHeader("Content-Type", "text/plain")
             return token
-            # send as JSON
-            #self.REQUEST.RESPONSE.setHeader("Content-Type", "application/json")
-            #json.dump(token, self.REQUEST.RESPONSE)
         else:
-            self.REQUEST.RESPONSE.setStatus('Forbidden')
-            return "SORRY, NOT ALLOWED!"
+            self.REQUEST.RESPONSE.setStatus('Unauthorized')
+            return "Please Authenticate!"
+

-    def _token_allowed(self, user=None, password=None):
-        # here we should check the login
-        return True
+    def _user_allowed(self, user=None, password=None):
+        # check the login
+        if user == 'anonymous':
+            # everybody can be anonymous
+            return user
+
+        # get logged in user
+        authuser = getSecurityManager().getUser()
+        authname = authuser.getUserName()
+        logging.debug("token_allowed: user=%s authuser=%s username=%s"%(user, repr(authuser), repr(authname)))
+        if authname == user:
+            # user is logged in
+            return authname
+
+        if password:
+            logging.debug("trying password")
+            # TODO: should we care about aquisition?
+            authuser = self.acl_users.authenticate(user, password, None)
+            return authuser
+
+        return None

     def _generate_token(self, user_id):
         #return JSON-token
--- a/version.txt	Mon Aug 27 19:05:54 2012 +0200
+++ b/version.txt	Tue Oct 30 20:20:31 2012 +0100
@@ -1,1 +1,1 @@
-0.4
\ No newline at end of file
+0.5
\ No newline at end of file