Révision c62aae38
Ajouté par Jérôme Schneider il y a plus de 9 ans
mandaye/auth/authform.py | ||
---|---|---|
24 | 24 |
from mandaye.response import template_response |
25 | 25 |
from mandaye.server import get_response |
26 | 26 |
|
27 |
from mandaye.backends.default import backend
|
|
27 |
from mandaye.backends.default import Association
|
|
28 | 28 |
|
29 | 29 |
try: |
30 | 30 |
from Crypto.Cipher import AES |
... | ... | |
203 | 203 |
if config.encrypt_sp_password: |
204 | 204 |
password = self.encrypt_pwd(post_values[self.form_values['password_field']]) |
205 | 205 |
post_values[self.form_values['password_field']] = password |
206 |
service_provider = backend.ManagerServiceProvider.get_or_create(self.site_name) |
|
207 |
idp_user = backend.ManagerIDPUser.get_or_create(unique_id) |
|
208 |
sp_user = backend.ManagerSPUser.get(sp_login, idp_user, service_provider) |
|
209 |
if sp_user: |
|
210 |
sp_user.post_values = post_values |
|
211 |
backend.ManagerSPUser.save() |
|
212 |
else: |
|
213 |
sp_user = backend.ManagerSPUser.create(sp_login, post_values, |
|
214 |
idp_user, service_provider) |
|
206 |
|
|
207 |
asso_id = Association.update_or_create(self.site_name, sp_login, |
|
208 |
post_values, unique_id) |
|
215 | 209 |
env['beaker.session']['unique_id'] = unique_id |
216 |
env['beaker.session'][self.site_name] = sp_user.id
|
|
210 |
env['beaker.session'][self.site_name] = asso_id
|
|
217 | 211 |
env['beaker.session'].save() |
218 | 212 |
|
219 | 213 |
def associate_submit(self, env, values, request, response): |
... | ... | |
253 | 247 |
qs['type'] = 'badlogin' |
254 | 248 |
return _302(self.urls.get('associate_url') + "?%s" % urllib.urlencode(qs)) |
255 | 249 |
|
256 |
def _login_sp_user(self, sp_user, env, condition, values):
|
|
250 |
def _login_sp_user(self, association, env, condition, values):
|
|
257 | 251 |
""" Log in sp user |
258 | 252 |
""" |
259 |
if not sp_user.login:
|
|
253 |
if not association['sp_login']:
|
|
260 | 254 |
return _500(env['PATH_INFO'], |
261 | 255 |
'Invalid values for AuthFormDispatcher.login') |
262 |
post_values = copy.copy(sp_user.post_values)
|
|
256 |
post_values = copy.copy(association['sp_post_values'])
|
|
263 | 257 |
if config.encrypt_sp_password: |
264 | 258 |
password = self.decrypt_pwd(post_values[self.form_values['password_field']]) |
265 | 259 |
post_values[self.form_values['password_field']] = password |
266 | 260 |
response = self.replay(env, post_values) |
267 | 261 |
qs = parse_qs(env['QUERY_STRING']) |
268 | 262 |
if condition and eval(condition): |
269 |
sp_user.last_connection = datetime.now() |
|
270 |
backend.ManagerSPUser.save() |
|
271 |
env['beaker.session'][self.site_name] = sp_user.id |
|
263 |
Association.update_last_connection(association['id']) |
|
264 |
env['beaker.session'][self.site_name] = association['id'] |
|
272 | 265 |
env['beaker.session'].save() |
273 | 266 |
if qs.has_key('next_url'): |
274 | 267 |
return _302(qs['next_url'][0], response.cookies) |
... | ... | |
295 | 288 |
|
296 | 289 |
logger.debug('User %s successfully login' % env['beaker.session']['unique_id']) |
297 | 290 |
|
298 |
idp_user = backend.ManagerIDPUser.get_or_create(unique_id) |
|
299 |
service_provider = backend.ManagerServiceProvider.get_or_create(self.site_name) |
|
300 |
sp_user = backend.ManagerSPUser.get_last_connected(idp_user, service_provider) |
|
301 |
if not sp_user: |
|
291 |
association = Association.get_last_connected(self.site_name, unique_id) |
|
292 |
if not association: |
|
302 | 293 |
logger.debug('User %s is not associate' % env['beaker.session']['unique_id']) |
303 | 294 |
return _302(self.urls.get('associate_url') + "?type=first") |
304 |
return self._login_sp_user(sp_user, env, values['condition'], values)
|
|
295 |
return self._login_sp_user(association, env, values['condition'], values)
|
|
305 | 296 |
|
306 | 297 |
def logout(self, env, values, request, response): |
307 | 298 |
""" Destroy the Beaker session |
... | ... | |
348 | 339 |
if not qs.has_key('id') and not unique_id: |
349 | 340 |
return _401('Access denied: beaker session invalid or not qs id') |
350 | 341 |
if qs.has_key('id'): |
351 |
id = qs['id'][0] |
|
352 |
sp_user = backend.ManagerSPUser.get_by_id(id)
|
|
342 |
asso_id = qs['id'][0]
|
|
343 |
association = Association.get_by_id(asso_id)
|
|
353 | 344 |
else: |
354 |
service_provider = backend.ManagerServiceProvider.get(self.site_name) |
|
355 |
idp_user = backend.ManagerIDPUser.get(unique_id) |
|
356 |
sp_user = backend.ManagerSPUser.get_last_connected(idp_user, service_provider) |
|
357 |
if not sp_user: |
|
345 |
association = Association.get_last_connected(self.site_name, unique_id) |
|
346 |
if not association: |
|
358 | 347 |
return _302(self.urls.get('associate_url')) |
359 |
return self._login_sp_user(sp_user, env, 'response.code==302', values)
|
|
348 |
return self._login_sp_user(association, env, 'response.code==302', values)
|
|
360 | 349 |
|
361 | 350 |
def disassociate(self, env, values, request, response): |
362 | 351 |
""" Disassociate an account with the Mandaye account |
... | ... | |
376 | 365 |
if qs.has_key('next_url'): |
377 | 366 |
next_url = qs['next_url'][0] |
378 | 367 |
if qs.has_key('id'): |
379 |
sp_id = qs['id'][0] |
|
380 |
sp_user = backend.ManagerSPUser.get_by_id(sp_id) |
|
381 |
if sp_user: |
|
382 |
backend.ManagerSPUser.delete(sp_user) |
|
383 |
if backend.ManagerSPUser.get_sp_users(unique_id, self.site_name): |
|
368 |
asso_id = qs['id'][0] |
|
369 |
if Association.has_id(asso_id): |
|
370 |
Association.delete(asso_id) |
|
371 |
if Association.get(self.site_name, unique_id): |
|
384 | 372 |
env['QUERY_STRING'] = '' |
385 | 373 |
return self.change_user(env, values, request, response) |
386 | 374 |
else: |
387 | 375 |
return _401('Access denied: bad id') |
388 | 376 |
elif qs.has_key('sp_name'): |
389 | 377 |
sp_name = qs['sp_name'][0] |
390 |
for sp_user in \
|
|
391 |
backend.ManagerSPUser.get_sp_users(unique_id, sp_name):
|
|
392 |
backend.ManagerSPUser.delete(sp_user)
|
|
378 |
for asso in \
|
|
379 |
Association.get(sp_name, unique_id):
|
|
380 |
Association.delete(asso['id'])
|
|
393 | 381 |
else: |
394 | 382 |
return _401('Access denied: no id or sp name') |
395 | 383 |
values['next_url'] = next_url |
Formats disponibles : Unified diff
backends: complete rewrite of the interface
The old interface was to specific for sqlalchemy this new one allow to
write new backends
WARNING: this commit could break compability for some filter which uses
the old interface