21
22
def __init__(self, authorities=None,
22
23
email_key=True, name_key=True,
23
use_email=False, use_name=False,
24
use_email=False, use_name=False):
25
25
self.use_email = use_email
26
26
self.authorities = authorities
27
27
self.email_key = email_key
28
28
self.name_key = name_key
29
29
self.use_email = use_email
30
30
self.use_name = use_name
31
self.autocreate = autocreate
32
31
BaseAuth.__init__(self)
34
33
def request(self, request, user_obj, **kw):
39
if env.get('SSL_CLIENT_VERIFY', 'FAILURE') == 'SUCCESS':
41
# check authority list if given
42
if self.authorities and env.get('SSL_CLIENT_I_DN_OU') in self.authorities:
47
email = env.get('SSL_CLIENT_S_DN_Email', '').decode(config.charset)
48
email_lower = email.lower()
49
commonname_lower = None
51
commonname = env.get('SSL_CLIENT_S_DN_CN', '').decode(config.charset)
52
commonname_lower = commonname.lower()
53
if email_lower or commonname_lower:
54
for uid in user.getUserList(request):
55
u = user.User(request, uid,
56
auth_method=self.name, auth_attribs=())
57
if self.email_key and email_lower and u.email.lower() == email_lower:
58
u.auth_attribs = ('email', 'password')
59
if self.use_name and commonname_lower != u.name.lower():
62
u.auth_attribs = ('email', 'name', 'password')
64
if self.name_key and commonname_lower and u.name.lower() == commonname_lower:
36
# check if we are running Twisted
37
if isinstance(request, request_twisted.Request):
38
return user_obj, True # not supported if we run twisted
39
# Addendum: this seems to need quite some twisted insight and coding.
40
# A pointer i got on #twisted: divmod's vertex.sslverify
41
# If you really need this, feel free to implement and test it and
42
# submit a patch if it works.
45
if env.get('SSL_CLIENT_VERIFY', 'FAILURE') == 'SUCCESS':
47
# check authority list if given
48
if self.authorities and env.get('SSL_CLIENT_I_DN_OU') in self.authorities:
53
email = env.get('SSL_CLIENT_S_DN_Email', '').decode(config.charset)
54
email_lower = email.lower()
55
commonname_lower = None
57
commonname = env.get('SSL_CLIENT_S_DN_CN', '').decode(config.charset)
58
commonname_lower = commonname.lower()
59
if email_lower or commonname_lower:
60
for uid in user.getUserList(request):
61
u = user.User(request, uid,
62
auth_method=self.name, auth_attribs=())
63
if self.email_key and email_lower and u.email.lower() == email_lower:
64
u.auth_attribs = ('email', 'password')
65
if self.use_name and commonname_lower != u.name.lower():
68
u.auth_attribs = ('email', 'name', 'password')
70
if self.name_key and commonname_lower and u.name.lower() == commonname_lower:
71
u.auth_attribs = ('name', 'password')
72
if self.use_email and email_lower != u.email.lower():
75
u.auth_attribs = ('name', 'email', 'password')
80
# user wasn't found, so let's create a new user object
81
u = user.User(request, name=commonname_lower, auth_username=commonname_lower,
82
auth_method=self.name)
65
83
u.auth_attribs = ('name', 'password')
66
if self.use_email and email_lower != u.email.lower():
69
86
u.auth_attribs = ('name', 'email', 'password')
74
# user wasn't found, so let's create a new user object
75
u = user.User(request, name=commonname_lower, auth_username=commonname_lower,
76
auth_method=self.name)
77
u.auth_attribs = ('name', 'password')
80
u.auth_attribs = ('name', 'email', 'password')
81
elif user_obj and user_obj.auth_method == self.name:
82
user_obj.valid = False
83
return user_obj, False
84
if u and self.autocreate:
87
elif user_obj and user_obj.auth_method == self.name:
88
user_obj.valid = False
89
return user_obj, False
85
91
u.create_or_update(changed)