Projet

Général

Profil

0001-general-remove-support-for-logged-in-anonymous-users.patch

Frédéric Péters, 17 octobre 2020 21:37

Télécharger (7,23 ko)

Voir les différences: 

Subject: [PATCH] general: remove support for logged-in anonymous users
 (#47822)


 wcs/forms/root.py       |  7 ++-----
 wcs/qommon/ident/idp.py |  2 +-
 wcs/qommon/logger.py    |  1 +
 wcs/qommon/myspace.py   |  7 +++----
 wcs/qommon/saml2.py     |  8 +-------
 wcs/qommon/sessions.py  | 25 +++++--------------------
 6 files changed, 13 insertions(+), 37 deletions(-)
wcs/forms/root.py
1120 1120 
        formdata.data = form_data
1121 1121 
        formdata.receipt_time = time.localtime()
1122 1122 
        if not get_request().is_in_backoffice():
1123 
            session = get_session()
1124 
            if session and session.user and not str(session.user).startswith('anonymous-'):
1125 
                formdata.user_id = session.user
1123 
            formdata.user = get_request().user
1126 1124 
        formdata.store()
1127 1125 

  		




  1128
  1126
  
    
    def autosave(self):

  		




  ......




  1202
  1200
  
    
        else:

  		




  1203
  1201
  
    
            # if submitting via frontoffice, attach current user, eventually

  		




  1204
  1202
  
    
            # anonymous, to the formdata

  		




  1205
  
  
    
            if session and session.user and not str(session.user).startswith('anonymous-'):

  		




  1206
  
  
    
                filled.user_id = session.user

  		




  
  1203
  
    
            filled.user = get_request().user

  		




  1207
  1204
  
    
            filled.store()

  		




  1208
  1205
  
    

  		




  1209
  1206
  
    
            if not filled.user_id:

  		












  

    
      wcs/qommon/ident/idp.py
    
  





  160
  160
  
    
            login_url += '?' + urllib.urlencode({'next': get_request().get_frontoffice_url()})

  		




  161
  161
  
    
            return redirect(login_url)

  		




  162
  162
  
    

  		




  163
  
  
    
        if not get_request().user.anonymous:

  		




  
  163
  
    
        if get_request().user:

  		




  164
  164
  
    
            raise errors.AccessForbiddenError()

  		




  165
  165
  
    

  		




  166
  166
  
    
        form = Form(enctype = 'multipart/form-data', use_tokens = False)

  		












  

    
      wcs/qommon/logger.py
    
  





  77
  77
  
    
                else:

  		




  78
  78
  
    
                    user_id = user.id

  		




  79
  79
  
    
                    if type(user_id) is str and user_id.startswith('anonymous-'):

  		




  
  80
  
    
                        # legacy; kept for ancient log entries

  		




  80
  81
  
    
                        user_id = 'anonymous'

  		




  81
  82
  
    
            else:

  		




  82
  83
  
    
                user_id = 'unlogged'

  		












  

    
      wcs/qommon/myspace.py
    
  





  31
  31
  
    
# This module depends upon the following protocol from the user class:

  		




  32
  32
  
    
#

  		




  33
  33
  
    
# protocol User:

  		




  34
  
  
    
#   anonymous = boolean

  		




  35
  34
  
    
#   def can_go_in_admin(self): User -> boolean

  		




  36
  35
  
    
#   def can_go_in_backoffice(self): User -> boolean

  		




  37
  36
  
    
#   def get_formdef(self): User -> an object responding to the FormDef protocol

  		




  ......




  100
  99
  
    

  		




  101
  100
  
    
    def profile(self):

  		




  102
  101
  
    
        user = get_request().user

  		




  103
  
  
    
        if not user or user.anonymous:

  		




  
  102
  
    
        if not user:

  		




  104
  103
  
    
            raise errors.AccessUnauthorizedError()

  		




  105
  104
  
    

  		




  106
  105
  
    
        form = Form(enctype = 'multipart/form-data')

  		




  ......




  135
  134
  
    
            raise errors.TraversalError()

  		




  136
  135
  
    

  		




  137
  136
  
    
        user = get_request().user

  		




  138
  
  
    
        if not user or user.anonymous:

  		




  
  137
  
    
        if not user:

  		




  139
  138
  
    
            raise errors.AccessUnauthorizedError()

  		




  140
  139
  
    

  		




  141
  140
  
    
        form = Form(enctype = 'multipart/form-data')

  		




  ......




  171
  170
  
    

  		




  172
  171
  
    
    def remove(self):

  		




  173
  172
  
    
        user = get_request().user

  		




  174
  
  
    
        if not user or user.anonymous:

  		




  
  173
  
    
        if not user:

  		




  175
  174
  
    
            raise errors.AccessUnauthorizedError()

  		




  176
  175
  
    

  		




  177
  176
  
    
        form = Form(enctype = 'multipart/form-data')

  		












  

    
      wcs/qommon/saml2.py
    
  





  340
  340
  
    
        if user:

  		




  341
  341
  
    
            session.set_user(user.id)

  		




  342
  342
  
    
        else:

  		




  343
  
  
    
            session.set_user('anonymous-%s' % login.nameIdentifier.content)

  		




  344
  
  
    
            if login.identity:

  		




  345
  
  
    
                session.lasso_anonymous_identity_dump = login.identity.dump()

  		




  346
  
  
    
            else:

  		




  347
  
  
    
                # XXX: this situation happened with SSO initiated by IdP, this

  		




  348
  
  
    
                # is not normal

  		




  349
  
  
    
                pass

  		




  
  343
  
    
            return error_page('Error associating user on SSO')

  		




  350
  344
  
    
        session.lasso_identity_provider_id = login.remoteProviderId

  		




  351
  345
  
    
        session.message = None

  		




  352
  346
  
    
        return self.continue_to_after_url()

  		












  

    
      wcs/qommon/sessions.py
    
  





  83
  83
  
    
    name_identifier = None

  		




  84
  84
  
    
    lasso_session_dump = None

  		




  85
  85
  
    
    lasso_session_index = None

  		




  86
  
  
    
    lasso_anonymous_identity_dump = None

  		




  87
  86
  
    
    lasso_identity_provider_id = None

  		




  88
  87
  
    
    message = None

  		




  89
  88
  
    
    saml_authn_context = None

  		




  ......




  127
  126
  
    
    def has_info(self):

  		




  128
  127
  
    
        return self.name_identifier or \

  		




  129
  128
  
    
            self.lasso_session_dump or self.message or \

  		




  130
  
  
    
            self.lasso_anonymous_identity_dump or \

  		




  131
  129
  
    
            self.lasso_identity_provider_id or \

  		




  132
  130
  
    
            self.saml_authn_context or \

  		




  133
  131
  
    
            self.ident_idp_token or \

  		




  ......




  202
  200
  
    

  		




  203
  201
  
    
    def has_user(self):

  		




  204
  202
  
    
        user_id = QuixoteSession.get_user(self)

  		




  205
  
  
    
        if user_id and not str(user_id).startswith('anonymous-'):

  		




  206
  
  
    
            return True

  		




  207
  
  
    
        return False

  		




  
  203
  
    
        return bool(user_id)

  		




  208
  204
  
    

  		




  209
  205
  
    
    def get_user(self):

  		




  210
  206
  
    
        user_id = QuixoteSession.get_user(self)

  		




  211
  207
  
    
        if user_id:

  		




  212
  
  
    
            if str(user_id).startswith('anonymous-'):

  		




  213
  
  
    
                user = get_publisher().user_class()

  		




  214
  
  
    
                user.id = user_id

  		




  215
  
  
    
                user.anonymous = True

  		




  216
  
  
    
                user.name_identifiers = [ self.name_identifier ]

  		




  217
  
  
    
                user.lasso_dump = self.lasso_anonymous_identity_dump

  		




  218
  
  
    
            else:

  		




  219
  
  
    
                try:

  		




  220
  
  
    
                    user = get_publisher().user_class.get(user_id)

  		




  221
  
  
    
                except KeyError:

  		




  222
  
  
    
                    return None

  		




  
  208
  
    
            try:

  		




  
  209
  
    
                user = get_publisher().user_class.get(user_id)

  		




  
  210
  
    
            except KeyError:

  		




  
  211
  
    
                return None

  		




  223
  212
  
    
            if user.is_active:

  		




  224
  213
  
    
                return user

  		




  225
  214
  
    
            else:

  		




  226
  215
  
    
                self.set_user(None)

  		




  227
  
  
    

  		




  228
  216
  
    
        return None

  		




  229
  217
  
    

  		




  230
  218
  
    
    def set_user(self, user_id):

  		




  ......




  233
  221
  
    
        QuixoteSession.set_user(self, user_id)

  		




  234
  222
  
    
        if user_id is None:

  		




  235
  223
  
    
            return

  		




  236
  
  
    
        if str(user_id).startswith('anonymous-'):

  		




  237
  
  
    
            # do not store connection time for anonymous users

  		




  238
  
  
    
            return

  		




  239
  224
  
    
        try:

  		




  240
  225
  
    
            user = get_publisher().user_class.get(user_id)

  		




  241
  226
  
    
            user.last_seen = time.time()

  		




  242
  
  
    
-