ERP5BearerExtractionPlugin.py 4.59 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
# -*- coding: utf-8 -*-
##############################################################################
#
# Copyright (c) 2012 Nexedi SA and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly advised to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
##############################################################################

from Products.ERP5Type.Globals import InitializeClass
from AccessControl import ClassSecurityInfo

from Products.PageTemplates.PageTemplateFile import PageTemplateFile
from Products.PluggableAuthService.interfaces import plugins
from Products.PluggableAuthService.utils import classImplements
from Products.PluggableAuthService.plugins.BasePlugin import BasePlugin
36
from Products.ERP5Type.UnrestrictedMethod import super_user
37
from Products.PluggableAuthService.PluggableAuthService import DumbHTTPExtractor
38 39
from AccessControl.SecurityManagement import getSecurityManager, \
  setSecurityManager, newSecurityManager
40 41 42 43 44 45

#Form for new plugin in ZMI
manage_addERP5BearerExtractionPluginForm = PageTemplateFile(
  'www/ERP5Security_addERP5BearerExtractionPlugin', globals(),
  __name__='manage_addERP5BearerExtractionPluginForm')

Łukasz Nowak's avatar
Łukasz Nowak committed
46
def addERP5BearerExtractionPlugin(dispatcher, id, title=None, REQUEST=None):
47 48
  """ Add a ERP5BearerExtractionPlugin to a Pluggable Auth Service. """

Łukasz Nowak's avatar
Łukasz Nowak committed
49
  plugin = ERP5BearerExtractionPlugin(id, title)
50 51 52
  dispatcher._setObject(plugin.getId(), plugin)

  if REQUEST is not None:
53 54 55 56 57
    REQUEST['RESPONSE'].redirect(
      '%s/manage_workspace'
      '?manage_tabs_message='
      'ERP5BearerExtractionPlugin+added.'
      % dispatcher.absolute_url())
58 59 60 61 62 63 64 65

class ERP5BearerExtractionPlugin(BasePlugin):
  """
  Plugin to authenicate as machines.
  """

  meta_type = "ERP5 Bearer Extraction Plugin"
  security = ClassSecurityInfo()
Łukasz Nowak's avatar
Łukasz Nowak committed
66

Łukasz Nowak's avatar
Łukasz Nowak committed
67
  def __init__(self, id, title=None):
68 69 70 71 72 73 74 75 76 77 78
    #Register value
    self._setId(id)
    self.title = title

  ####################################
  #ILoginPasswordHostExtractionPlugin#
  ####################################
  security.declarePrivate('extractCredentials')
  def extractCredentials(self, request):
    """ Extract credentials from the request header. """
    creds = {}
79 80 81
    token = None
    if request._auth is not None:
      # 1st - try to fetch from Authorization header
82
      if 'bearer' in request._auth.lower():
Łukasz Nowak's avatar
Łukasz Nowak committed
83
        l = request._auth.split()
84 85 86
        if len(l) == 2:
          token = l[1]

87 88 89 90 91 92 93 94 95 96 97
    if token is None:
      # 2nd - try to fetch from Form-Encoded Body Parameter
      #   Not implemented as not required and enforced with high
      #   security considerations
      pass

    if token is None:
      # 3rd - try to fetch from URI Query Parameter
      #   Not implemented as considered as unsecure.
      pass

Łukasz Nowak's avatar
Łukasz Nowak committed
98
    if token is not None:
99
      with super_user():
Łukasz Nowak's avatar
Łukasz Nowak committed
100 101 102
        reference = self.Base_extractBearerTokenInformation(token)
        if reference is not None:
          creds['external_login'] = reference
103 104 105 106 107 108 109
      if 'external_login' in  creds:
        creds['remote_host'] = request.get('REMOTE_HOST', '')
        try:
          creds['remote_address'] = request.getClientAddr()
        except AttributeError:
          creds['remote_address'] = request.get('REMOTE_ADDR', '')
        return creds
110 111 112 113

    # fallback to default way
    return DumbHTTPExtractor().extractCredentials(request)

Łukasz Nowak's avatar
Łukasz Nowak committed
114 115 116 117 118
  manage_editERP5BearerExtractionPluginForm = PageTemplateFile(
      'www/ERP5Security_editERP5BearerExtractionPlugin',
      globals(),
      __name__='manage_editERP5BearerExtractionPluginForm')

119 120 121 122 123
#List implementation of class
classImplements( ERP5BearerExtractionPlugin,
                plugins.ILoginPasswordHostExtractionPlugin
               )
InitializeClass(ERP5BearerExtractionPlugin)