Commit 11dab143 authored by Alain Takoudjou's avatar Alain Takoudjou

authentication machine work when certificate serial is set instead of REMOTE_USER

parent 37aae0a1
...@@ -108,6 +108,7 @@ class SlapOSMachineAuthenticationPlugin(BasePlugin): ...@@ -108,6 +108,7 @@ class SlapOSMachineAuthenticationPlugin(BasePlugin):
meta_type = "SlapOS Machine Authentication Plugin" meta_type = "SlapOS Machine Authentication Plugin"
security = ClassSecurityInfo() security = ClassSecurityInfo()
certificate_portal_type = "Certificate Access ID"
def __init__(self, id, title=None): def __init__(self, id, title=None):
#Register value #Register value
...@@ -126,17 +127,31 @@ class SlapOSMachineAuthenticationPlugin(BasePlugin): ...@@ -126,17 +127,31 @@ class SlapOSMachineAuthenticationPlugin(BasePlugin):
# use get_header instead for Zope-2.8 # use get_header instead for Zope-2.8
getHeader = request.get_header getHeader = request.get_header
user_id = getHeader('REMOTE_USER') user_id = getHeader('REMOTE_USER')
if user_id is not None: serial = getHeader('SSL_CLIENT_SERIAL')
if serial is not None:
# search for user linked to this serial
certificate_login_list = self.portal_catalog.unrestrictedSearchResults(
portal_type=self.certificate_portal_type,
reference=serial)
creds['machine_login'] = None
if len(certificate_login_list) != 0:
if len(certificate_login_list) > 1:
raise ConsistencyError('There is more than one of %s whose \
serial is %s' % (self.certificate_portal_type, serial))
creds['machine_login'] = certificate_login_list[0]\
.getParent().getReference()
elif user_id is not None:
creds['machine_login'] = user_id creds['machine_login'] = user_id
else:
# fallback to default way
return DumbHTTPExtractor().extractCredentials(request)
creds['remote_host'] = request.get('REMOTE_HOST', '') creds['remote_host'] = request.get('REMOTE_HOST', '')
try: try:
creds['remote_address'] = request.getClientAddr() creds['remote_address'] = request.getClientAddr()
except AttributeError: except AttributeError:
creds['remote_address'] = request.get('REMOTE_ADDR', '') creds['remote_address'] = request.get('REMOTE_ADDR', '')
return creds return creds
else:
# fallback to default way
return DumbHTTPExtractor().extractCredentials(request)
################################ ################################
# IAuthenticationPlugin # # IAuthenticationPlugin #
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment