← Back to branch summary

~azzar1/unity/add-show-desktop-key

124 by mattgiuca
dispatch/request: Added new fields: method and username. 
1
 
# IVLE - Informatics Virtual Learning Environment

2
 
# Copyright (C) 2007-2008 The University of Melbourne

3
 
#

4
 
# This program is free software; you can redistribute it and/or modify

5
 
# it under the terms of the GNU General Public License as published by

6
 
# the Free Software Foundation; either version 2 of the License, or

7
 
# (at your option) any later version.

8
 
#

9
 
# This program is distributed in the hope that it will be useful,

10
 
# but WITHOUT ANY WARRANTY; without even the implied warranty of

11
 
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

12
 
# GNU General Public License for more details.

13
 
#

14
 
# You should have received a copy of the GNU General Public License

15
 
# along with this program; if not, write to the Free Software

16
 
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA

17
 









18



# Module: authenticate










19



# Author: Matt Giuca








376
by mattgiuca


auth/authenticate: Replaced dummy code (which always auths) with a call to the



20



# Date:   1/2/2008








124
by mattgiuca


dispatch/request: Added new fields: method and username.



21












22



# Provides a mechanism for authenticating a username and password, and










23



# returning a yes/no response.










24










376
by mattgiuca


auth/authenticate: Replaced dummy code (which always auths) with a call to the



25



import common.db










26










124
by mattgiuca


dispatch/request: Added new fields: method and username.



27



def authenticate(username, password):










28



    """Determines whether a particular username/password combination is








376
by mattgiuca


auth/authenticate: Replaced dummy code (which always auths) with a call to the



29



    valid. The password is in cleartext.










30












31



    Returns None if failed to authenticate.










32



    Returns a dictionary containing the user's login fields (including










33



    "login", "nick" and "fullname") on success.










34



    """










35












36



    # TODO.










37



    # Just authenticate against the DB at the moment.










38



    # Later we will provide other auth options such as LDAP.








124
by mattgiuca


dispatch/request: Added new fields: method and username.



39












40



    # WARNING: Both username and password may contain any characters, and must










41



    # be sanitized within this function.








376
by mattgiuca


auth/authenticate: Replaced dummy code (which always auths) with a call to the



42



    # (Not SQL-sanitized, just sanitized to our particular constraints).










43












44



    # Spawn a DB object just for making this call.










45



    # (This should not spawn a DB connection on each page reload, only when










46



    # there is no session object to begin with).










47



    dbconn = common.db.DB()










48



    try:










49



        if not dbconn.user_authenticate(username, password):










50



            return None










51



        return dbconn.get_user(username)










52



    finally:










53



        dbconn.close()