Changeset 6:17bbd5e80d15 in OKFNAnnotator (for Zope)

Timestamp:

Oct 30, 2012, 7:20:31 PM (12 years ago)

Author:

casties

Branch:

default

Message:

method getLoginToken and real authentication support.

Files:

• AuthTokenGenerator.py (modified) (3 diffs)
• version.txt (modified) (1 diff)

AuthTokenGenerator.py

@@ -2 +2 @@
 from Products.PageTemplates.PageTemplateFile import PageTemplateFile
 from OFS.PropertyManager import PropertyManager
+from AccessControl import getSecurityManager
+from zExceptions import Unauthorized
 
 import logging
@@ -40 +42 @@
         self.consumer_secret = consumerSecret
 
-    def index_html(self, user='anonymous', password=None):
-        """returns authentication token for user"""
-        if self._token_allowed():
+    def index_html(self, user='anonymous'):
+        """returns authentication token for user (Zope style)"""
+        if self._user_allowed(user=user):
             token = self._generate_token(user)
             # set CORS headers
@@ -52 +54 @@
 
             self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Credentials", "true")
-            logging.debug("token=%s"%token)
+            logging.debug("token for user %s: %s"%(user, token))
             self.REQUEST.RESPONSE.setHeader("Content-Type", "text/plain")
             return token
-            # send as JSON
-            #self.REQUEST.RESPONSE.setHeader("Content-Type", "application/json")
-            #json.dump(token, self.REQUEST.RESPONSE)
         else:
-            self.REQUEST.RESPONSE.setStatus('Forbidden')
-            return "SORRY, NOT ALLOWED!" 
+            raise Unauthorized
 
-    def _token_allowed(self, user=None, password=None):
-        # here we should check the login
-        return True
+    def getLoginToken(self, user='anonymous', password=None):
+        """returns authentication token or error code"""
+        # set CORS headers
+        origin = self.REQUEST.getHeader("Origin", None)
+        if origin is not None:
+            self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", origin)
+        else:
+            self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Origin", "*")
+
+        self.REQUEST.RESPONSE.setHeader("Access-Control-Allow-Credentials", "true")
+        if self._user_allowed(user=user, password=password):
+            token = self._generate_token(user)
+            logging.debug("token for user %s: %s"%(user, token))
+            self.REQUEST.RESPONSE.setHeader("Content-Type", "text/plain")
+            return token
+        else:
+            self.REQUEST.RESPONSE.setStatus('Unauthorized')
+            return "Please Authenticate!"
+        
+
+    def _user_allowed(self, user=None, password=None):
+        # check the login
+        if user == 'anonymous':
+            # everybody can be anonymous
+            return user
+        
+        # get logged in user
+        authuser = getSecurityManager().getUser()
+        authname = authuser.getUserName()
+        logging.debug("token_allowed: user=%s authuser=%s username=%s"%(user, repr(authuser), repr(authname)))
+        if authname == user:
+            # user is logged in
+            return authname
+        
+        if password:
+            logging.debug("trying password")
+            # TODO: should we care about aquisition?
+            authuser = self.acl_users.authenticate(user, password, None)
+            return authuser
+            
+        return None
 
     def _generate_token(self, user_id):

version.txt

@@ -1 @@
-0.4
+0.5