Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
erp5
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Labels
Merge Requests
144
Merge Requests
144
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Jobs
Commits
Open sidebar
nexedi
erp5
Commits
4f5ff873
Commit
4f5ff873
authored
Jul 08, 2016
by
Cédric Le Ninivin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
ERP5Security: code improvments to ERP5JSONWebTokenPlugin
parent
c7fbea70
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
10 additions
and
19 deletions
+10
-19
product/ERP5Security/ERP5JSONWebTokenPlugin.py
product/ERP5Security/ERP5JSONWebTokenPlugin.py
+10
-19
No files found.
product/ERP5Security/ERP5JSONWebTokenPlugin.py
View file @
4f5ff873
...
...
@@ -33,16 +33,11 @@ from Products.PageTemplates.PageTemplateFile import PageTemplateFile
from
Products.PluggableAuthService.interfaces
import
plugins
from
Products.PluggableAuthService.utils
import
classImplements
from
Products.PluggableAuthService.plugins.BasePlugin
import
BasePlugin
from
Products.ERP5Security.ERP5UserManager
import
SUPER_USER
,
ERP5UserManager
from
Products.ERP5Security.ERP5UserManager
import
ERP5UserManager
from
Products.PluggableAuthService.permissions
import
ManageUsers
from
Products.PluggableAuthService.PluggableAuthService
import
DumbHTTPExtractor
from
AccessControl.SecurityManagement
import
getSecurityManager
,
\
setSecurityManager
,
newSecurityManager
from
Products.ERP5Type.Cache
import
DEFAULT_CACHE_SCOPE
from
os
import
urandom
as
SystemRandom
import
socket
from
Products.ERP5Security.ERP5UserManager
import
getUserByLogin
from
zLOG
import
LOG
,
ERROR
,
INFO
from
os
import
urandom
from
zLOG
import
LOG
,
INFO
try
:
from
itsdangerous
import
JSONWebSignatureSerializer
,
BadSignature
...
...
@@ -74,8 +69,7 @@ class ERP5JSONWebTokenPlugin(BasePlugin):
security
=
ClassSecurityInfo
()
name_cookie
=
"n_jwt"
data_cookie
=
"d_jwt"
default_cookie_name
=
"__ac"
manage_options
=
(
(
{
'label'
:
'Update Secret'
,
'action'
:
'manage_updateERP5JSONWebTokenPluginForm'
,
}
,
...
...
@@ -88,7 +82,7 @@ class ERP5JSONWebTokenPlugin(BasePlugin):
#Register value
self
.
_setId
(
id
)
self
.
title
=
title
self
.
secret
=
SystemRandom
(
256
)
self
.
_secret
=
self
.
manage_updateERP5JSONWebTokenPlugin
(
)
self
.
erp5usermanager
=
ERP5UserManager
(
self
.
getId
()
+
"_user_manager"
)
####################################
...
...
@@ -97,7 +91,6 @@ class ERP5JSONWebTokenPlugin(BasePlugin):
security
.
declarePrivate
(
'extractCredentials'
)
def
extractCredentials
(
self
,
request
):
""" Extract JWT from the request header. """
if
JSONWebSignatureSerializer
is
None
:
LOG
(
'ERP5JSONWebTokenPlugin'
,
INFO
,
'No itsdangerous module, install itsdangerous package. '
...
...
@@ -106,7 +99,7 @@ class ERP5JSONWebTokenPlugin(BasePlugin):
login_pw
=
request
.
_authUserPW
()
name_serializer
=
JSONWebSignatureSerializer
(
self
.
secret
)
name_serializer
=
JSONWebSignatureSerializer
(
self
.
_
secret
)
creds
=
{}
if
login_pw
is
not
None
:
...
...
@@ -116,7 +109,6 @@ class ERP5JSONWebTokenPlugin(BasePlugin):
else
:
name_token
=
None
if
self
.
name_cookie
in
request
.
cookies
:
# 1st - try to fetch from Authorization header
name_token
=
request
.
cookies
.
get
(
self
.
name_cookie
)
if
name_token
is
None
:
...
...
@@ -137,7 +129,7 @@ class ERP5JSONWebTokenPlugin(BasePlugin):
# no name_token
return
None
data_serializer
=
JSONWebSignatureSerializer
(
self
.
secret
+
user
.
getPassword
())
data_serializer
=
JSONWebSignatureSerializer
(
self
.
_
secret
+
user
.
getPassword
())
data
=
data_serializer
.
loads
(
data_token
)
data_okay
=
self
.
getPortalObject
().
ERP5Site_processJWTData
(
data
)
if
data_okay
:
...
...
@@ -171,8 +163,8 @@ class ERP5JSONWebTokenPlugin(BasePlugin):
return
authentication_result
name
=
authentication_result
[
0
]
user
=
self
.
erp5usermanager
.
getUserByLogin
(
name
)[
0
]
name_serializer
=
JSONWebSignatureSerializer
(
self
.
secret
)
data_serializer
=
JSONWebSignatureSerializer
(
self
.
secret
+
user
.
getPassword
())
name_serializer
=
JSONWebSignatureSerializer
(
self
.
_
secret
)
data_serializer
=
JSONWebSignatureSerializer
(
self
.
_
secret
+
user
.
getPassword
())
request
=
self
.
REQUEST
response
=
request
.
response
...
...
@@ -200,7 +192,6 @@ class ERP5JSONWebTokenPlugin(BasePlugin):
secure
=
True
,
http_only
=
True
,
)
response
.
expireCookie
(
self
.
default_cookie_name
,
path
=
'/'
)
return
authentication_result
...
...
@@ -219,7 +210,7 @@ class ERP5JSONWebTokenPlugin(BasePlugin):
"""Edit the object"""
#Save user_id_key
self
.
secret
=
SystemR
andom
(
256
)
self
.
_secret
=
ur
andom
(
256
)
#Redirect
if
RESPONSE
is
not
None
:
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment