Mercurial > hg > OKFNAnnotator
changeset 6:17bbd5e80d15
method getLoginToken and real authentication support.
author | casties |
---|---|
date | Tue, 30 Oct 2012 20:20:31 +0100 |
parents | 8365fc487252 |
children | 279473355e9b |
files | AuthTokenGenerator.py version.txt |
diffstat | 2 files changed, 49 insertions(+), 13 deletions(-) [+] |
line wrap: on
line diff
--- a/AuthTokenGenerator.py Mon Aug 27 19:05:54 2012 +0200 +++ b/AuthTokenGenerator.py Tue Oct 30 20:20:31 2012 +0100 @@ -1,6 +1,8 @@ from OFS.SimpleItem import SimpleItem from Products.PageTemplates.PageTemplateFile import PageTemplateFile from OFS.PropertyManager import PropertyManager +from AccessControl import getSecurityManager +from zExceptions import Unauthorized import logging import datetime @@ -39,9 +41,9 @@ self.consumer_key = consumerKey self.consumer_secret = consumerSecret - def index_html(self, user='anonymous', password=None): - """returns authentication token for user""" - if self._token_allowed(): + def index_html(self, user='anonymous'): + """returns authentication token for user (Zope style)""" + if self._user_allowed(user=user): token = self._generate_token(user) # set CORS headers origin = self.REQUEST.getHeader("Origin", None) @@ -51,19 +53,53 @@ self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", "*") self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Credentials", "true") - logging.debug("token=%s"%token) + logging.debug("token for user %s: %s"%(user, token)) + self.REQUEST.RESPONSE.setHeader("Content-Type", "text/plain") + return token + else: + raise Unauthorized + + def getLoginToken(self, user='anonymous', password=None): + """returns authentication token or error code""" + # set CORS headers + origin = self.REQUEST.getHeader("Origin", None) + if origin is not None: + self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", origin) + else: + self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", "*") + + self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Credentials", "true") + if self._user_allowed(user=user, password=password): + token = self._generate_token(user) + logging.debug("token for user %s: %s"%(user, token)) self.REQUEST.RESPONSE.setHeader("Content-Type", "text/plain") return token - # send as JSON - #self.REQUEST.RESPONSE.setHeader("Content-Type", "application/json") - #json.dump(token, self.REQUEST.RESPONSE) else: - self.REQUEST.RESPONSE.setStatus('Forbidden') - return "SORRY, NOT ALLOWED!" + self.REQUEST.RESPONSE.setStatus('Unauthorized') + return "Please Authenticate!" + - def _token_allowed(self, user=None, password=None): - # here we should check the login - return True + def _user_allowed(self, user=None, password=None): + # check the login + if user == 'anonymous': + # everybody can be anonymous + return user + + # get logged in user + authuser = getSecurityManager().getUser() + authname = authuser.getUserName() + logging.debug("token_allowed: user=%s authuser=%s username=%s"%(user, repr(authuser), repr(authname))) + if authname == user: + # user is logged in + return authname + + if password: + logging.debug("trying password") + # TODO: should we care about aquisition? + authuser = self.acl_users.authenticate(user, password, None) + return authuser + + return None def _generate_token(self, user_id): #return JSON-token