# -*- coding: utf-8 -*- ############################################################################## # # Copyright (c) 2010 Nexedi SA and Contributors. All Rights Reserved. # # WARNING: This program as such is intended to be used by professional # programmers who take the whole responsibility of assessing all potential # consequences resulting from its eventual inadequacies and bugs # End users who are looking for a ready-to-use solution with commercial # guarantees and support are strongly adviced to contract a Free Software # Service Company # # This program is Free Software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # ############################################################################## from Products.ERP5Type.Globals import InitializeClass from AccessControl import ClassSecurityInfo from Products.PageTemplates.PageTemplateFile import PageTemplateFile from Products.PluggableAuthService.interfaces import plugins from Products.PluggableAuthService.utils import classImplements from Products.PluggableAuthService.permissions import ManageUsers from Products.PluggableAuthService.plugins.BasePlugin import BasePlugin from Products.PluggableAuthService.PluggableAuthService import DumbHTTPExtractor #Form for new plugin in ZMI manage_addERP5ExternalAuthenticationPluginForm = PageTemplateFile( 'www/ERP5Security_addERP5ExternalAuthenticationPlugin', globals(), __name__='manage_addERP5ExternalAuthenticationPluginForm') def addERP5ExternalAuthenticationPlugin(dispatcher, id, title=None, user_id_key='', login_portal_type_list=None, REQUEST=None): """ Add a ERP5ExternalAuthenticationPlugin to a Pluggable Auth Service. """ plugin = ERP5ExternalAuthenticationPlugin(id, title, user_id_key, login_portal_type_list) dispatcher._setObject(plugin.getId(), plugin) if REQUEST is not None: REQUEST['RESPONSE'].redirect( '%s/manage_workspace' '?manage_tabs_message=' 'ERP5ExternalAuthenticationPlugin+added.' % dispatcher.absolute_url()) class ERP5ExternalAuthenticationPlugin(BasePlugin): """ External authentification PAS plugin which extracts the user id from HTTP request header, like REMOTE_USER, openAMid, etc. """ meta_type = "ERP5 External Authentication Plugin" security = ClassSecurityInfo() user_id_key = '' manage_options = (({'label': 'Edit', 'action': 'manage_editERP5ExternalAuthenticationPluginForm',}, ) + BasePlugin.manage_options[:] ) _properties = (({'id':'user_id_key', 'type':'string', 'mode':'w', 'label':'HTTP request header key where the user_id is stored' }, {'id': 'login_portal_type_list', 'type':'lines', 'mode':'w', 'label': 'List of Login Portal Types to search' }, ) + BasePlugin._properties[:] ) def __init__(self, id, title=None, user_id_key='', login_portal_type_list=None): #Register value self._setId(id) self.title = title self.user_id_key = user_id_key if login_portal_type_list is None: # Keep at least one portal type as Login login_portal_type_list = ["ERP5 Login"] self.login_portal_type_list = login_portal_type_list #################################### #ILoginPasswordHostExtractionPlugin# #################################### security.declarePrivate('extractCredentials') def extractCredentials(self, request): """ Extract credentials from the request header. """ creds = {} getHeader = getattr(request, 'getHeader', None) if getHeader is None: # use get_header instead for Zope-2.8 getHeader = request.get_header external_login = getHeader(self.user_id_key) if external_login is not None: creds['external_login'] = external_login creds['login_portal_type'] = self.login_portal_type_list else: # fallback to default way return DumbHTTPExtractor().extractCredentials(request) #Complete credential with some information if creds: creds['remote_host'] = request.get('REMOTE_HOST', '') try: creds['remote_address'] = request.getClientAddr() except AttributeError: creds['remote_address'] = request.get('REMOTE_ADDR', '') return creds ################################ # Properties for ZMI managment # ################################ #'Edit' option form manage_editERP5ExternalAuthenticationPluginForm = PageTemplateFile( 'www/ERP5Security_editERP5ExternalAuthenticationPlugin', globals(), __name__='manage_editERP5ExternalAuthenticationPluginForm') security.declareProtected(ManageUsers, 'manage_editERP5ExternalAuthenticationPlugin') def manage_editERP5ExternalAuthenticationPlugin(self, user_id_key, login_portal_type_list, RESPONSE=None): """Edit the object""" error_message = '' #Save user_id_key if user_id_key == '' or user_id_key is None: error_message += 'Invalid key value ' else: self.user_id_key = user_id_key if login_portal_type_list == '' or login_portal_type_list is None: error_message += 'Invalid portal type value ' else: self.login_portal_type_list = login_portal_type_list #Redirect if RESPONSE is not None: if error_message != '': self.REQUEST.form['manage_tabs_message'] = error_message return self.manage_editERP5ExternalAuthenticationPluginForm(RESPONSE) else: message = "Updated" RESPONSE.redirect('%s/manage_editERP5ExternalAuthenticationPluginForm' '?manage_tabs_message=%s' % (self.absolute_url(), message) ) #List implementation of class classImplements(ERP5ExternalAuthenticationPlugin, plugins.ILoginPasswordHostExtractionPlugin) InitializeClass(ERP5ExternalAuthenticationPlugin)