← Back to branch summary

~ubuntu-branches/ubuntu/natty/moin/natty-updates

« back to all changes in this revision

Viewing changes to MoinMoin/auth/sslclientcert.py

  • Committer: Bazaar Package Importer
  • Author(s): Jonas Smedegaard
  • Date: 2008-06-22 21:17:13 UTC
  • mto: This revision was merged to the branch mainline in revision 18.
  • Revision ID: james.westby@ubuntu.com-20080622211713-inlv5k4eifxckelr
ImportĀ upstreamĀ versionĀ 1.7.0

Show diffs side-by-side

added added

removed removed

Lines of Context:
MoinMoin/auth/sslclientcert.py
11
11
"""
12
12
 
13
13
from MoinMoin import config, user
 
14
from MoinMoin.request import request_twisted
14
15
from MoinMoin.auth import BaseAuth
15
16
 
16
17
class SSLClientCertAuth(BaseAuth):
20
21
 
21
22
    def __init__(self, authorities=None,
22
23
                 email_key=True, name_key=True,
23
 
                 use_email=False, use_name=False,
24
 
                 autocreate=False):
 
24
                 use_email=False, use_name=False):
25
25
        self.use_email = use_email
26
26
        self.authorities = authorities
27
27
        self.email_key = email_key
28
28
        self.name_key = name_key
29
29
        self.use_email = use_email
30
30
        self.use_name = use_name
31
 
        self.autocreate = autocreate
32
31
        BaseAuth.__init__(self)
33
32
 
34
33
    def request(self, request, user_obj, **kw):
35
34
        u = None
36
35
        changed = False
37
 
 
38
 
        env = request.environ
39
 
        if env.get('SSL_CLIENT_VERIFY', 'FAILURE') == 'SUCCESS':
40
 
 
41
 
            # check authority list if given
42
 
            if self.authorities and env.get('SSL_CLIENT_I_DN_OU') in self.authorities:
43
 
                return user_obj, True
44
 
 
45
 
            email_lower = None
46
 
            if self.email_key:
47
 
                email = env.get('SSL_CLIENT_S_DN_Email', '').decode(config.charset)
48
 
                email_lower = email.lower()
49
 
            commonname_lower = None
50
 
            if self.name_key:
51
 
                commonname = env.get('SSL_CLIENT_S_DN_CN', '').decode(config.charset)
52
 
                commonname_lower = commonname.lower()
53
 
            if email_lower or commonname_lower:
54
 
                for uid in user.getUserList(request):
55
 
                    u = user.User(request, uid,
56
 
                                  auth_method=self.name, auth_attribs=())
57
 
                    if self.email_key and email_lower and u.email.lower() == email_lower:
58
 
                        u.auth_attribs = ('email', 'password')
59
 
                        if self.use_name and commonname_lower != u.name.lower():
60
 
                            u.name = commonname
61
 
                            changed = True
62
 
                            u.auth_attribs = ('email', 'name', 'password')
63
 
                        break
64
 
                    if self.name_key and commonname_lower and u.name.lower() == commonname_lower:
 
36
        # check if we are running Twisted
 
37
        if isinstance(request, request_twisted.Request):
 
38
            return user_obj, True # not supported if we run twisted
 
39
            # Addendum: this seems to need quite some twisted insight and coding.
 
40
            # A pointer i got on #twisted: divmod's vertex.sslverify
 
41
            # If you really need this, feel free to implement and test it and
 
42
            # submit a patch if it works.
 
43
        else:
 
44
            env = request.env
 
45
            if env.get('SSL_CLIENT_VERIFY', 'FAILURE') == 'SUCCESS':
 
46
 
 
47
                # check authority list if given
 
48
                if self.authorities and env.get('SSL_CLIENT_I_DN_OU') in self.authorities:
 
49
                    return user_obj, True
 
50
 
 
51
                email_lower = None
 
52
                if self.email_key:
 
53
                    email = env.get('SSL_CLIENT_S_DN_Email', '').decode(config.charset)
 
54
                    email_lower = email.lower()
 
55
                commonname_lower = None
 
56
                if self.name_key:
 
57
                    commonname = env.get('SSL_CLIENT_S_DN_CN', '').decode(config.charset)
 
58
                    commonname_lower = commonname.lower()
 
59
                if email_lower or commonname_lower:
 
60
                    for uid in user.getUserList(request):
 
61
                        u = user.User(request, uid,
 
62
                                      auth_method=self.name, auth_attribs=())
 
63
                        if self.email_key and email_lower and u.email.lower() == email_lower:
 
64
                            u.auth_attribs = ('email', 'password')
 
65
                            if self.use_name and commonname_lower != u.name.lower():
 
66
                                u.name = commonname
 
67
                                changed = True
 
68
                                u.auth_attribs = ('email', 'name', 'password')
 
69
                            break
 
70
                        if self.name_key and commonname_lower and u.name.lower() == commonname_lower:
 
71
                            u.auth_attribs = ('name', 'password')
 
72
                            if self.use_email and email_lower != u.email.lower():
 
73
                                u.email = email
 
74
                                changed = True
 
75
                                u.auth_attribs = ('name', 'email', 'password')
 
76
                            break
 
77
                    else:
 
78
                        u = None
 
79
                    if u is None:
 
80
                        # user wasn't found, so let's create a new user object
 
81
                        u = user.User(request, name=commonname_lower, auth_username=commonname_lower,
 
82
                                      auth_method=self.name)
65
83
                        u.auth_attribs = ('name', 'password')
66
 
                        if self.use_email and email_lower != u.email.lower():
 
84
                        if self.use_email:
67
85
                            u.email = email
68
 
                            changed = True
69
86
                            u.auth_attribs = ('name', 'email', 'password')
70
 
                        break
71
 
                else:
72
 
                    u = None
73
 
                if u is None:
74
 
                    # user wasn't found, so let's create a new user object
75
 
                    u = user.User(request, name=commonname_lower, auth_username=commonname_lower,
76
 
                                  auth_method=self.name)
77
 
                    u.auth_attribs = ('name', 'password')
78
 
                    if self.use_email:
79
 
                        u.email = email
80
 
                        u.auth_attribs = ('name', 'email', 'password')
81
 
        elif user_obj and user_obj.auth_method == self.name:
82
 
            user_obj.valid = False
83
 
            return user_obj, False
84
 
        if u and self.autocreate:
 
87
            elif user_obj and user_obj.auth_method == self.name:
 
88
                user_obj.valid = False
 
89
                return user_obj, False
 
90
        if u:
85
91
            u.create_or_update(changed)
86
92
        if u and u.valid:
87
93
            return u, True