Commit 6ae1de95 authored by Łukasz Nowak's avatar Łukasz Nowak

- add extraction plugin implemlentation which uses REMOTE_USER and sets

   machine_login, but fallback to default DumbHTTPExtractor in case if
   no REMOTE_USER is set
 - use machine_login instead of login, to be synchronised with value
   from extraction plugin


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@42407 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent cf676c85
...@@ -40,6 +40,7 @@ from Products.PluggableAuthService.plugins.BasePlugin import BasePlugin ...@@ -40,6 +40,7 @@ from Products.PluggableAuthService.plugins.BasePlugin import BasePlugin
from Products.ERP5Type.Cache import transactional_cached from Products.ERP5Type.Cache import transactional_cached
from Products.ERP5Security.ERP5UserManager import SUPER_USER from Products.ERP5Security.ERP5UserManager import SUPER_USER
from ZODB.POSException import ConflictError from ZODB.POSException import ConflictError
from Products.PluggableAuthService.PluggableAuthService import DumbHTTPExtractor
#Form for new plugin in ZMI #Form for new plugin in ZMI
manage_addVifibMachineAuthenticationPluginForm = PageTemplateFile( manage_addVifibMachineAuthenticationPluginForm = PageTemplateFile(
...@@ -93,24 +94,42 @@ class VifibMachineAuthenticationPlugin(BasePlugin): ...@@ -93,24 +94,42 @@ class VifibMachineAuthenticationPlugin(BasePlugin):
meta_type = "Vifib Machine Authentication Plugin" meta_type = "Vifib Machine Authentication Plugin"
security = ClassSecurityInfo() security = ClassSecurityInfo()
manage_options = (({'label': 'Edit',
'action': 'manage_editVifibMAchineAuthenticationPluginForm',},
)
+ BasePlugin.manage_options[:]
)
def __init__(self, id, title=None): def __init__(self, id, title=None):
#Register value #Register value
self._setId(id) self._setId(id)
self.title = title self.title = title
####################################
#ILoginPasswordHostExtractionPlugin#
####################################
security.declarePrivate('extractCredentials')
def extractCredentials(self, request):
""" Extract credentials from the request header. """
creds = {}
getHeader = getattr(request, 'getHeader', None)
if getHeader is None:
# use get_header instead for Zope-2.8
getHeader = request.get_header
user_id = getHeader('REMOTE_USER')
if user_id is not None:
creds['machine_login'] = user_id
creds['remote_host'] = request.get('REMOTE_HOST', '')
try:
creds['remote_address'] = request.getClientAddr()
except AttributeError:
creds['remote_address'] = request.get('REMOTE_ADDR', '')
return creds
else:
# fallback to default way
return DumbHTTPExtractor().extractCredentials(request)
################################ ################################
# IAuthenticationPlugin # # IAuthenticationPlugin #
################################ ################################
security.declarePrivate('authenticateCredentials') security.declarePrivate('authenticateCredentials')
def authenticateCredentials(self, credentials): def authenticateCredentials(self, credentials):
"""Authentificate with credentials""" """Authentificate with credentials"""
login = credentials.get('login', None) login = credentials.get('machine_login', None)
# Forbidden the usage of the super user. # Forbidden the usage of the super user.
if login == SUPER_USER: if login == SUPER_USER:
return None return None
...@@ -149,5 +168,9 @@ class VifibMachineAuthenticationPlugin(BasePlugin): ...@@ -149,5 +168,9 @@ class VifibMachineAuthenticationPlugin(BasePlugin):
#List implementation of class #List implementation of class
classImplements(VifibMachineAuthenticationPlugin, classImplements(VifibMachineAuthenticationPlugin,
plugins.IAuthenticationPlugin) plugins.IAuthenticationPlugin)
classImplements( VifibMachineAuthenticationPlugin,
plugins.ILoginPasswordHostExtractionPlugin
)
InitializeClass(VifibMachineAuthenticationPlugin) InitializeClass(VifibMachineAuthenticationPlugin)
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment