« back to all changes in this revision
Viewing changes to ivle/auth/authenticate.py
- browse files at revision 1080.1.14
- compare with another revision
- compare with revision 1664
- download diff
- download tarball
- view history from revision 1080.1.14
- Committer: me at id
- Date: 2009-01-15 01:06:33 UTC
- mto: This revision was merged to the branch mainline in revision 1090.
- Revision ID: svn-v3-trunk0:2b9c9e99-6f39-0410-b283-7f802c844ae2:branches%2Fstorm:1144
ivle.auth.* now uses Storm, and not ivle.(db|user). This changes the interface
somewhat (lots of things take a 'store' argument), so fix callers.
ivle.db: Remove user_authenticate; it's now a method of ivle.database.User.
somewhat (lots of things take a 'store' argument), so fix callers.
ivle.db: Remove user_authenticate; it's now a method of ivle.database.User.
added
removed
ivle/auth/authenticate.py
25
25
# Has a plugin interface for authentication modules.
26
26
# An authentication module is a Python module with an "auth" function,
27
27
# which accepts 3 positional arguments.
28
# plugin_module.auth(dbconn, login, password, user)
29
# dbconn is an open connection to the IVLE database.
28
# plugin_module.auth(store, login, password, user)
29
# store is an open store connected to the IVLE database.
30
30
# login and password are required strings, password is cleartext.
31
31
# user is a User object or None.
32
32
# If it's a User object, it must return the same object if it returns a user.
45
45
46
46
from ivle.auth import AuthError
47
47
import ivle.conf
48
import ivle.db
49
import ivle.user
48
import ivle.database
50
49
51
def authenticate(login, password):
50
def authenticate(store, login, password):
52
51
"""Determines whether a particular login/password combination is
53
valid. The password is in cleartext.
52
valid for the given database. The password is in cleartext.
54
53
55
54
Returns a User object containing the user's details on success.
56
55
Raises an AuthError containing an appropriate error message on failure.
57
56
57
'store' is expected to be a storm.store.Store connected to the IVLE
58
database to which we should authenticate.
59
58
60
The User returned is guaranteed to be in the IVLE database.
59
61
This could be from reading or writing to the DB. If authenticate can't
60
62
find the user in the DB, it may get user data from some other source
68
70
# Spawn a DB object just for making this call.
69
71
# (This should not spawn a DB connection on each page reload, only when
70
72
# there is no session object to begin with).
71
dbconn = ivle.db.DB()
72
73
try:
74
user = dbconn.get_user(login)
75
except ivle.db.DBException:
76
# If our attempt to get the named user from the db fails,
77
# then set user to None.
78
# We may still auth (eg. by pulling details from elsewhere and writing
79
# to DB).
80
user = None
81
try:
82
for modname, m in auth_modules:
83
# May raise an AuthError - allow to propagate
84
auth_result = m(dbconn, login, password, user)
85
if auth_result is None:
86
# Can't auth with this module; try another
87
pass
88
elif auth_result == False:
89
return None
90
elif isinstance(auth_result, ivle.user.User):
91
if user is not None and auth_result is not user:
92
# If user is not None, then it must return the same user
93
raise AuthError("Internal error: "
94
"Bad authentication module %s (changed user)"
95
% repr(modname))
96
elif user is None:
97
# We just got ourselves some user details from an external
98
# source. Put them in the DB.
99
dbconn.create_user(auth_result)
100
pass
101
return auth_result
102
else:
73
74
user = ivle.database.User.get_by_login(store, login)
75
76
for modname, m in auth_modules:
77
# May raise an AuthError - allow to propagate
78
auth_result = m(store, login, password, user)
79
if auth_result is None:
80
# Can't auth with this module; try another
81
pass
82
elif auth_result == False:
83
return None
84
elif isinstance(auth_result, ivle.database.User):
85
if user is not None and auth_result is not user:
86
# If user is not None, then it must return the same user
103
87
raise AuthError("Internal error: "
104
"Bad authentication module %s (bad return type)"
88
"Bad authentication module %s (changed user)"
105
89
% repr(modname))
106
# No auths checked out; fail.
107
raise AuthError()
108
finally:
109
dbconn.close()
90
elif user is None:
91
# We just got ourselves some user details from an external
92
# source. Put them in the DB.
93
store.add(auth_result)
94
pass
95
return auth_result
96
else:
97
raise AuthError("Internal error: "
98
"Bad authentication module %s (bad return type)"
99
% repr(modname))
100
# No auths checked out; fail.
101
raise AuthError()
110
102
111
def simple_db_auth(dbconn, login, password, user):
103
def simple_db_auth(store, login, password, user):
112
104
"""
113
105
A plugin auth function, as described above.
114
106
This one just authenticates against the local database.
120
112
# The login doesn't exist. Therefore return None so we can try other
121
113
# means of authentication.
122
114
return None
123
auth_result = dbconn.user_authenticate(login, password)
115
116
# They should always match, but it's best to be sure!
117
assert(user.login == login)
118
119
auth_result = user.authenticate(password)
124
120
# auth_result is either True, False (fail) or None (try another)
125
121
if auth_result is None:
126
122
return None
Loggerhead is a web-based interface for Breezy
Version: 2.0.1