1
# Copyright (C) 2004,2005 PreludeIDS Technologies. All Rights Reserved.
2
# Author: Nicolas Delon <nicolas.delon@prelude-ids.com>
4
# This file is part of the Prewikka program.
6
# This program is free software; you can redistribute it and/or modify
7
# it under the terms of the GNU General Public License as published by
8
# the Free Software Foundation; either version 2, or (at your option)
11
# This program is distributed in the hope that it will be useful,
12
# but WITHOUT ANY WARRANTY; without even the implied warranty of
13
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
# GNU General Public License for more details.
16
# You should have received a copy of the GNU General Public License
17
# along with this program; see the file COPYING. If not, write to
18
# the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
24
from prewikka.Error import PrewikkaError, PrewikkaUserError
25
from prewikka import DataSet
26
from prewikka import Database
27
from prewikka import Log
28
from prewikka import User
31
class AuthError(PrewikkaUserError):
32
def __init__(self, arguments={}, message=_("Authentication failed"), log=Log.ERROR, log_user=None):
33
PrewikkaUserError.__init__(self, None, message, log=log, log_user=log_user)
34
self.template = "LoginPasswordForm"
37
class AuthSessionInvalid(AuthError):
38
def __init__(self, arguments={}, message=_("Session invalid"), login=None, log=None):
39
AuthError.__init__(self, arguments, message, log=log, log_user=login)
43
class AuthSessionExpired(AuthError):
44
def __init__(self, login, arguments={}, message=_("Session expired")):
45
AuthError.__init__(self, arguments, message, log=Log.ERROR, log_user=login)
50
def __init__(self, env):
54
has_user_manager = False
55
for login in self.db.getUserLogins():
56
user = self.db.getUser(login)
57
if User.PERM_USER_MANAGEMENT in user.permissions:
58
has_user_manager = True
61
if not has_user_manager:
62
self.db.createUser(User.ADMIN_LOGIN)
63
self.db.setPermissions(User.ADMIN_LOGIN, User.ALL_PERMISSIONS)
65
def canSetPassword(self):
66
return hasattr(self, "setPassword")
69
return hasattr(self, "logout")
74
def __init__(self, expiration):
75
self._expiration = expiration
77
def setSession(self, request, sessionid):
78
request.addCookie("sessionid", sessionid, self._expiration * 3)
80
def checkSession(self, request):
81
if not request.input_cookie.has_key("sessionid"):
82
raise AuthSessionInvalid()
84
sessionid = request.input_cookie["sessionid"].value
87
login, t = self.db.getSession(sessionid)
88
except Database.DatabaseInvalidSessionError:
89
raise AuthSessionInvalid(log=Log.ERROR)
91
now = int(time.time())
93
if now - t > self._expiration:
94
self.db.deleteSession(sessionid)
95
raise AuthSessionExpired(login)
97
self.db.updateSession(sessionid, now)
98
self.setSession(request, sessionid)
102
def createSession(self, request, login):
104
self.db.deleteExpiredSessions(t - self._expiration)
105
sessionid = md5.new(str(t * random.random())).hexdigest()
106
self.db.createSession(sessionid, login, t)
107
self.setSession(request, sessionid)
109
def deleteSession(self, request):
110
self.db.deleteSession(request.input_cookie["sessionid"].value)
114
class LoginPasswordAuth(Auth, Session):
115
def __init__(self, env, session_expiration):
116
Auth.__init__(self, env)
117
Session.__init__(self, session_expiration)
119
def getUser(self, request):
120
if request.arguments.has_key("_login"):
121
login = request.arguments["_login"]
122
del request.arguments["_login"]
123
password = request.arguments.get("_password", "")
125
del request.arguments["_password"]
130
self.checkPassword(login, password)
132
raise AuthError(message=_("Username and password do not match."), log_user=login)
134
self.createSession(request, login)
135
self.log.info("User login", request, login)
137
login = self.checkSession(request)
139
return self.db.getUser(login)
141
def logout(self, request):
142
login = self.checkSession(request)
143
self.deleteSession(request)
145
raise AuthSessionInvalid(message=_("Logged out"), login=login, log=Log.INFO)
149
class AnonymousAuth(Auth):
150
def getUser(self, request):
151
return User.User(self.db, "anonymous", User.ALL_PERMISSIONS, self.db.getConfiguration("anonymous"))