0001-general-remove-support-for-logged-in-anonymous-users.patch
wcs/forms/root.py | ||
---|---|---|
1120 | 1120 |
formdata.data = form_data |
1121 | 1121 |
formdata.receipt_time = time.localtime() |
1122 | 1122 |
if not get_request().is_in_backoffice(): |
1123 |
session = get_session() |
|
1124 |
if session and session.user and not str(session.user).startswith('anonymous-'): |
|
1125 |
formdata.user_id = session.user |
|
1123 |
formdata.user = get_request().user |
|
1126 | 1124 |
formdata.store() |
1127 | 1125 | |
1128 | 1126 |
def autosave(self): |
... | ... | |
1202 | 1200 |
else: |
1203 | 1201 |
# if submitting via frontoffice, attach current user, eventually |
1204 | 1202 |
# anonymous, to the formdata |
1205 |
if session and session.user and not str(session.user).startswith('anonymous-'): |
|
1206 |
filled.user_id = session.user |
|
1203 |
filled.user = get_request().user |
|
1207 | 1204 |
filled.store() |
1208 | 1205 | |
1209 | 1206 |
if not filled.user_id: |
wcs/qommon/ident/idp.py | ||
---|---|---|
160 | 160 |
login_url += '?' + urllib.urlencode({'next': get_request().get_frontoffice_url()}) |
161 | 161 |
return redirect(login_url) |
162 | 162 | |
163 |
if not get_request().user.anonymous:
|
|
163 |
if get_request().user:
|
|
164 | 164 |
raise errors.AccessForbiddenError() |
165 | 165 | |
166 | 166 |
form = Form(enctype = 'multipart/form-data', use_tokens = False) |
wcs/qommon/logger.py | ||
---|---|---|
77 | 77 |
else: |
78 | 78 |
user_id = user.id |
79 | 79 |
if type(user_id) is str and user_id.startswith('anonymous-'): |
80 |
# legacy; kept for ancient log entries |
|
80 | 81 |
user_id = 'anonymous' |
81 | 82 |
else: |
82 | 83 |
user_id = 'unlogged' |
wcs/qommon/myspace.py | ||
---|---|---|
31 | 31 |
# This module depends upon the following protocol from the user class: |
32 | 32 |
# |
33 | 33 |
# protocol User: |
34 |
# anonymous = boolean |
|
35 | 34 |
# def can_go_in_admin(self): User -> boolean |
36 | 35 |
# def can_go_in_backoffice(self): User -> boolean |
37 | 36 |
# def get_formdef(self): User -> an object responding to the FormDef protocol |
... | ... | |
100 | 99 | |
101 | 100 |
def profile(self): |
102 | 101 |
user = get_request().user |
103 |
if not user or user.anonymous:
|
|
102 |
if not user: |
|
104 | 103 |
raise errors.AccessUnauthorizedError() |
105 | 104 | |
106 | 105 |
form = Form(enctype = 'multipart/form-data') |
... | ... | |
135 | 134 |
raise errors.TraversalError() |
136 | 135 | |
137 | 136 |
user = get_request().user |
138 |
if not user or user.anonymous:
|
|
137 |
if not user: |
|
139 | 138 |
raise errors.AccessUnauthorizedError() |
140 | 139 | |
141 | 140 |
form = Form(enctype = 'multipart/form-data') |
... | ... | |
171 | 170 | |
172 | 171 |
def remove(self): |
173 | 172 |
user = get_request().user |
174 |
if not user or user.anonymous:
|
|
173 |
if not user: |
|
175 | 174 |
raise errors.AccessUnauthorizedError() |
176 | 175 | |
177 | 176 |
form = Form(enctype = 'multipart/form-data') |
wcs/qommon/saml2.py | ||
---|---|---|
340 | 340 |
if user: |
341 | 341 |
session.set_user(user.id) |
342 | 342 |
else: |
343 |
session.set_user('anonymous-%s' % login.nameIdentifier.content) |
|
344 |
if login.identity: |
|
345 |
session.lasso_anonymous_identity_dump = login.identity.dump() |
|
346 |
else: |
|
347 |
# XXX: this situation happened with SSO initiated by IdP, this |
|
348 |
# is not normal |
|
349 |
pass |
|
343 |
return error_page('Error associating user on SSO') |
|
350 | 344 |
session.lasso_identity_provider_id = login.remoteProviderId |
351 | 345 |
session.message = None |
352 | 346 |
return self.continue_to_after_url() |
wcs/qommon/sessions.py | ||
---|---|---|
83 | 83 |
name_identifier = None |
84 | 84 |
lasso_session_dump = None |
85 | 85 |
lasso_session_index = None |
86 |
lasso_anonymous_identity_dump = None |
|
87 | 86 |
lasso_identity_provider_id = None |
88 | 87 |
message = None |
89 | 88 |
saml_authn_context = None |
... | ... | |
127 | 126 |
def has_info(self): |
128 | 127 |
return self.name_identifier or \ |
129 | 128 |
self.lasso_session_dump or self.message or \ |
130 |
self.lasso_anonymous_identity_dump or \ |
|
131 | 129 |
self.lasso_identity_provider_id or \ |
132 | 130 |
self.saml_authn_context or \ |
133 | 131 |
self.ident_idp_token or \ |
... | ... | |
202 | 200 | |
203 | 201 |
def has_user(self): |
204 | 202 |
user_id = QuixoteSession.get_user(self) |
205 |
if user_id and not str(user_id).startswith('anonymous-'): |
|
206 |
return True |
|
207 |
return False |
|
203 |
return bool(user_id) |
|
208 | 204 | |
209 | 205 |
def get_user(self): |
210 | 206 |
user_id = QuixoteSession.get_user(self) |
211 | 207 |
if user_id: |
212 |
if str(user_id).startswith('anonymous-'): |
|
213 |
user = get_publisher().user_class() |
|
214 |
user.id = user_id |
|
215 |
user.anonymous = True |
|
216 |
user.name_identifiers = [ self.name_identifier ] |
|
217 |
user.lasso_dump = self.lasso_anonymous_identity_dump |
|
218 |
else: |
|
219 |
try: |
|
220 |
user = get_publisher().user_class.get(user_id) |
|
221 |
except KeyError: |
|
222 |
return None |
|
208 |
try: |
|
209 |
user = get_publisher().user_class.get(user_id) |
|
210 |
except KeyError: |
|
211 |
return None |
|
223 | 212 |
if user.is_active: |
224 | 213 |
return user |
225 | 214 |
else: |
226 | 215 |
self.set_user(None) |
227 | ||
228 | 216 |
return None |
229 | 217 | |
230 | 218 |
def set_user(self, user_id): |
... | ... | |
233 | 221 |
QuixoteSession.set_user(self, user_id) |
234 | 222 |
if user_id is None: |
235 | 223 |
return |
236 |
if str(user_id).startswith('anonymous-'): |
|
237 |
# do not store connection time for anonymous users |
|
238 |
return |
|
239 | 224 |
try: |
240 | 225 |
user = get_publisher().user_class.get(user_id) |
241 | 226 |
user.last_seen = time.time() |
242 |
- |