[Erp5-report] r42333 luke - in /erp5/trunk/products/Vifib: ./ www/
nobody at svn.erp5.org
nobody at svn.erp5.org
Fri Jan 14 13:06:58 CET 2011
Author: luke
Date: Fri Jan 14 13:06:58 2011
New Revision: 42333
URL: http://svn.erp5.org?rev=42333&view=rev
Log:
- PAS Authentication Plugin to have passwordless logins for machines
Added:
erp5/trunk/products/Vifib/VifibMachineAuthenticationPlugin.py
erp5/trunk/products/Vifib/www/
erp5/trunk/products/Vifib/www/Vifib_addVifibMachineAuthenticationPlugin.zpt
erp5/trunk/products/Vifib/www/portal.gif (with props)
Modified:
erp5/trunk/products/Vifib/__init__.py
Added: erp5/trunk/products/Vifib/VifibMachineAuthenticationPlugin.py
URL: http://svn.erp5.org/erp5/trunk/products/Vifib/VifibMachineAuthenticationPlugin.py?rev=42333&view=auto
==============================================================================
--- erp5/trunk/products/Vifib/VifibMachineAuthenticationPlugin.py (added)
+++ erp5/trunk/products/Vifib/VifibMachineAuthenticationPlugin.py [utf8] Fri Jan 14 13:06:58 2011
@@ -0,0 +1,153 @@
+# -*- coding: utf-8 -*-
+##############################################################################
+#
+# Copyright (c) 2010 Nexedi SA and Contributors. All Rights Reserved.
+#
+# WARNING: This program as such is intended to be used by professional
+# programmers who take the whole responsibility of assessing all potential
+# consequences resulting from its eventual inadequacies and bugs
+# End users who are looking for a ready-to-use solution with commercial
+# guarantees and support are strongly adviced to contract a Free Software
+# Service Company
+#
+# This program is Free Software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+#
+##############################################################################
+
+from zLOG import LOG, PROBLEM
+from Products.ERP5Type.Globals import InitializeClass
+from AccessControl import ClassSecurityInfo
+import sys
+
+from Products.PageTemplates.PageTemplateFile import PageTemplateFile
+from Products.PluggableAuthService.PluggableAuthService import \
+ _SWALLOWABLE_PLUGIN_EXCEPTIONS
+from Products.PluggableAuthService.interfaces import plugins
+from Products.PluggableAuthService.utils import classImplements
+from Products.PluggableAuthService.plugins.BasePlugin import BasePlugin
+from Products.ERP5Type.Cache import transactional_cached
+from Products.ERP5Security.ERP5UserManager import SUPER_USER
+from ZODB.POSException import ConflictError
+
+#Form for new plugin in ZMI
+manage_addVifibMachineAuthenticationPluginForm = PageTemplateFile(
+ 'www/Vifib_addVifibMachineAuthenticationPlugin', globals(),
+ __name__='manage_addVifibMachineAuthenticationPluginForm')
+
+def addVifibMachineAuthenticationPlugin(dispatcher, id, title=None, REQUEST=None):
+ """ Add a VifibMachineAuthenticationPlugin to a Pluggable Auth Service. """
+
+ plugin = VifibMachineAuthenticationPlugin(id, title)
+ dispatcher._setObject(plugin.getId(), plugin)
+
+ if REQUEST is not None:
+ REQUEST['RESPONSE'].redirect(
+ '%s/manage_workspace'
+ '?manage_tabs_message='
+ 'VifibMachineAuthenticationPlugin+added.'
+ % dispatcher.absolute_url())
+
+ at transactional_cached(lambda portal, *args: args)
+def getUserByLogin(portal, login):
+ if isinstance(login, basestring):
+ login = login,
+ result = portal.portal_catalog.unrestrictedSearchResults(
+ select_expression='reference',
+ portal_type=["Computer", "Software Instance"],
+ reference=dict(query=login, key='ExactMatch'))
+ # XXX: Here, we filter catalog result list ALTHOUGH we did pass
+ # parameters to unrestrictedSearchResults to restrict result set.
+ # This is done because the following values can match person with
+ # reference "foo":
+ # "foo " because of MySQL (feature, PADSPACE collation):
+ # mysql> SELECT reference as r FROM catalog
+ # -> WHERE reference="foo ";
+ # +-----+
+ # | r |
+ # +-----+
+ # | foo |
+ # +-----+
+ # 1 row in set (0.01 sec)
+ # "bar OR foo" because of ZSQLCatalog tokenizing searched strings
+ # by default (feature).
+ return [x.getObject() for x in result if x['reference'] in login]
+
+
+class VifibMachineAuthenticationPlugin(BasePlugin):
+ """
+ Plugin to authenicate as machines.
+ """
+
+ meta_type = "Vifib Machine Authentication Plugin"
+ security = ClassSecurityInfo()
+
+ manage_options = (({'label': 'Edit',
+ 'action': 'manage_editVifibMAchineAuthenticationPluginForm',},
+ )
+ + BasePlugin.manage_options[:]
+ )
+
+ def __init__(self, id, title=None):
+ #Register value
+ self._setId(id)
+ self.title = title
+
+ ################################
+ # IAuthenticationPlugin #
+ ################################
+ security.declarePrivate('authenticateCredentials')
+ def authenticateCredentials(self, credentials):
+ """Authentificate with credentials"""
+ login = credentials.get('login', None)
+ # Forbidden the usage of the super user.
+ if login == SUPER_USER:
+ return None
+
+ #Search the user by his login
+ user_list = self.getUserByLogin(login)
+ if len(user_list) != 1:
+ return None
+ return (login, login)
+
+ def getUserByLogin(self, login):
+ # Search the Catalog for login and return a list of person objects
+ # login can be a string or a list of strings
+ # (no docstring to prevent publishing)
+ if not login:
+ return []
+ if isinstance(login, list):
+ login = tuple(login)
+ elif not isinstance(login, tuple):
+ login = str(login)
+ try:
+ return getUserByLogin(self.getPortalObject(), login)
+ except ConflictError:
+ raise
+ except:
+ LOG('VifibMachineAuthenticationPlugin', PROBLEM, 'getUserByLogin failed',
+ error=sys.exc_info())
+ # Here we must raise an exception to prevent callers from caching
+ # a result of a degraded situation.
+ # The kind of exception does not matter as long as it's catched by
+ # PAS and causes a lookup using another plugin or user folder.
+ # As PAS does not define explicitely such exception, we must use
+ # the _SWALLOWABLE_PLUGIN_EXCEPTIONS list.
+ raise _SWALLOWABLE_PLUGIN_EXCEPTIONS[0]
+
+#List implementation of class
+classImplements(VifibMachineAuthenticationPlugin,
+ plugins.IAuthenticationPlugin)
+
+InitializeClass(VifibMachineAuthenticationPlugin)
Modified: erp5/trunk/products/Vifib/__init__.py
URL: http://svn.erp5.org/erp5/trunk/products/Vifib/__init__.py?rev=42333&r1=42332&r2=42333&view=diff
==============================================================================
--- erp5/trunk/products/Vifib/__init__.py [utf8] (original)
+++ erp5/trunk/products/Vifib/__init__.py [utf8] Fri Jan 14 13:06:58 2011
@@ -28,6 +28,7 @@
#
##############################################################################
from Products.ERP5Type.Utils import initializeProduct, updateGlobals
+from AccessControl.Permissions import manage_users as ManageUsers
import sys
import Permissions
this_module = sys.modules[ __name__ ]
@@ -38,6 +39,9 @@ content_classes = ()
content_constructors = ()
from Tool import SlapTool
portal_tools = ( SlapTool.SlapTool, )
+from Products.PluggableAuthService.PluggableAuthService import registerMultiPlugin
+
+import VifibMachineAuthenticationPlugin
def initialize(context):
import Document
@@ -45,3 +49,15 @@ def initialize(context):
document_classes=document_classes, object_classes=object_classes,
portal_tools=portal_tools, content_constructors=content_constructors,
content_classes=content_classes)
+
+ context.registerClass( VifibMachineAuthenticationPlugin.VifibMachineAuthenticationPlugin
+ , permission=ManageUsers
+ , constructors=(
+ VifibMachineAuthenticationPlugin.manage_addVifibMachineAuthenticationPluginForm,
+ VifibMachineAuthenticationPlugin.addVifibMachineAuthenticationPlugin, )
+ , visibility=None
+ , icon='www/portal.gif'
+ )
+
+
+registerMultiPlugin(VifibMachineAuthenticationPlugin.VifibMachineAuthenticationPlugin.meta_type)
Added: erp5/trunk/products/Vifib/www/Vifib_addVifibMachineAuthenticationPlugin.zpt
URL: http://svn.erp5.org/erp5/trunk/products/Vifib/www/Vifib_addVifibMachineAuthenticationPlugin.zpt?rev=42333&view=auto
==============================================================================
--- erp5/trunk/products/Vifib/www/Vifib_addVifibMachineAuthenticationPlugin.zpt (added)
+++ erp5/trunk/products/Vifib/www/Vifib_addVifibMachineAuthenticationPlugin.zpt [utf8] Fri Jan 14 13:06:58 2011
@@ -0,0 +1,46 @@
+<h1 tal:replace="structure here/manage_page_header">Header</h1>
+
+<h2 tal:define="form_title string:Add Vifib Machine Authentication Plugin"
+ tal:replace="structure here/manage_form_title">Form Title</h2>
+
+<p class="form-help">
+Vifib Machine Authentication Plugin allows to login machines (Computers and
+Software Instances)
+</p>
+
+<form action="addVifibMachineAuthenticationPlugin" method="post">
+<table cellspacing="0" cellpadding="2" border="0">
+ <tr>
+ <td align="left" valign="top">
+ <div class="form-label">
+ Id
+ </div>
+ </td>
+ <td align="left" valign="top">
+ <input type="text" name="id" size="40" />
+ </td>
+ </tr>
+ <tr>
+ <td align="left" valign="top">
+ <div class="form-optional">
+ Title
+ </div>
+ </td>
+ <td align="left" valign="top">
+ <input type="text" name="title" size="40" />
+ </td>
+ </tr>
+ <tr>
+ <td align="left" valign="top">
+ </td>
+ <td align="left" valign="top">
+ <div class="form-element">
+ <input class="form-element" type="submit" name="submit"
+ value=" Add " />
+ </div>
+ </td>
+ </tr>
+</table>
+</form>
+
+<h1 tal:replace="structure here/manage_page_footer">Footer</h1>
Added: erp5/trunk/products/Vifib/www/portal.gif
URL: http://svn.erp5.org/erp5/trunk/products/Vifib/www/portal.gif?rev=42333&view=auto
==============================================================================
Binary file - no diff available.
Propchange: erp5/trunk/products/Vifib/www/portal.gif
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
More information about the Erp5-report
mailing list