[Checkins] SVN: z3c.referercredentials/trunk/ the credentials
plugin can be used to log in as a user using ther HTTP
Stephan Richter
srichter at cosmos.phy.tufts.edu
Tue Jun 26 13:05:06 EDT 2007
Log message for revision 77105:
the credentials plugin can be used to log in as a user using ther HTTP
referer header.
Changed:
A z3c.referercredentials/trunk/
A z3c.referercredentials/trunk/AUTHOR.txt
A z3c.referercredentials/trunk/CHANGES.txt
A z3c.referercredentials/trunk/LICENSE.txt
A z3c.referercredentials/trunk/README.txt
A z3c.referercredentials/trunk/TODOS.txt
A z3c.referercredentials/trunk/bin/
A z3c.referercredentials/trunk/bin/buildout
A z3c.referercredentials/trunk/bin/test
A z3c.referercredentials/trunk/bootstrap.py
A z3c.referercredentials/trunk/buildout.cfg
A z3c.referercredentials/trunk/setup.py
A z3c.referercredentials/trunk/src/
A z3c.referercredentials/trunk/src/z3c/
A z3c.referercredentials/trunk/src/z3c/__init__.py
A z3c.referercredentials/trunk/src/z3c/referercredentials/
A z3c.referercredentials/trunk/src/z3c/referercredentials/README.txt
A z3c.referercredentials/trunk/src/z3c/referercredentials/__init__.py
A z3c.referercredentials/trunk/src/z3c/referercredentials/credentials.py
A z3c.referercredentials/trunk/src/z3c/referercredentials/interfaces.py
A z3c.referercredentials/trunk/src/z3c/referercredentials/tests.py
-=-
Added: z3c.referercredentials/trunk/AUTHOR.txt
===================================================================
--- z3c.referercredentials/trunk/AUTHOR.txt (rev 0)
+++ z3c.referercredentials/trunk/AUTHOR.txt 2007-06-26 17:05:05 UTC (rev 77105)
@@ -0,0 +1,3 @@
+Stephan Richter (stephan.richter <at> gmail.com)
+
+Thanks goes to Bayview Financial for supporting this work.
Property changes on: z3c.referercredentials/trunk/AUTHOR.txt
___________________________________________________________________
Name: svn:eol-style
+ native
Added: z3c.referercredentials/trunk/CHANGES.txt
===================================================================
--- z3c.referercredentials/trunk/CHANGES.txt (rev 0)
+++ z3c.referercredentials/trunk/CHANGES.txt 2007-06-26 17:05:05 UTC (rev 77105)
@@ -0,0 +1,10 @@
+=======
+CHANGES
+=======
+
+Version 0.1.0 (6/??/2007)
+-------------------------
+
+- Initial Release
+
+ * Implementation of HTTP-Referer credentials plugin
Property changes on: z3c.referercredentials/trunk/CHANGES.txt
___________________________________________________________________
Name: svn:eol-style
+ native
Added: z3c.referercredentials/trunk/LICENSE.txt
===================================================================
--- z3c.referercredentials/trunk/LICENSE.txt (rev 0)
+++ z3c.referercredentials/trunk/LICENSE.txt 2007-06-26 17:05:05 UTC (rev 77105)
@@ -0,0 +1,54 @@
+Zope Public License (ZPL) Version 2.1
+-------------------------------------
+
+A copyright notice accompanies this license document that
+identifies the copyright holders.
+
+This license has been certified as open source. It has also
+been designated as GPL compatible by the Free Software
+Foundation (FSF).
+
+Redistribution and use in source and binary forms, with or
+without modification, are permitted provided that the
+following conditions are met:
+
+1. Redistributions in source code must retain the
+ accompanying copyright notice, this list of conditions,
+ and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the accompanying
+ copyright notice, this list of conditions, and the
+ following disclaimer in the documentation and/or other
+ materials provided with the distribution.
+
+3. Names of the copyright holders must not be used to
+ endorse or promote products derived from this software
+ without prior written permission from the copyright
+ holders.
+
+4. The right to distribute this software or to use it for
+ any purpose does not give you the right to use
+ Servicemarks (sm) or Trademarks (tm) of the copyright
+ holders. Use of them is covered by separate agreement
+ with the copyright holders.
+
+5. If any files are modified, you must cause the modified
+ files to carry prominent notices stating that you changed
+ the files and the date of any change.
+
+Disclaimer
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS ``AS IS''
+ AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT
+ NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN
+ NO EVENT SHALL THE COPYRIGHT HOLDERS BE
+ LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ DAMAGE.
Property changes on: z3c.referercredentials/trunk/LICENSE.txt
___________________________________________________________________
Name: svn:eol-style
+ native
Added: z3c.referercredentials/trunk/README.txt
===================================================================
--- z3c.referercredentials/trunk/README.txt (rev 0)
+++ z3c.referercredentials/trunk/README.txt 2007-06-26 17:05:05 UTC (rev 77105)
@@ -0,0 +1 @@
+A package that uses the HTTP referer header to provide credentials.
Property changes on: z3c.referercredentials/trunk/README.txt
___________________________________________________________________
Name: svn:eol-style
+ native
Added: z3c.referercredentials/trunk/TODOS.txt
===================================================================
--- z3c.referercredentials/trunk/TODOS.txt (rev 0)
+++ z3c.referercredentials/trunk/TODOS.txt 2007-06-26 17:05:05 UTC (rev 77105)
@@ -0,0 +1,3 @@
+=====
+TODOS
+=====
Property changes on: z3c.referercredentials/trunk/TODOS.txt
___________________________________________________________________
Name: svn:eol-style
+ native
Added: z3c.referercredentials/trunk/bin/buildout
===================================================================
--- z3c.referercredentials/trunk/bin/buildout (rev 0)
+++ z3c.referercredentials/trunk/bin/buildout 2007-06-26 17:05:05 UTC (rev 77105)
@@ -0,0 +1,12 @@
+#!/usr/bin/py24
+
+import sys
+sys.path[0:0] = [
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/setuptools-0.6c6-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zc.buildout-1.0.0b27-py2.4.egg',
+ ]
+
+import zc.buildout.buildout
+
+if __name__ == '__main__':
+ zc.buildout.buildout.main()
Property changes on: z3c.referercredentials/trunk/bin/buildout
___________________________________________________________________
Name: svn:executable
+
Added: z3c.referercredentials/trunk/bin/test
===================================================================
--- z3c.referercredentials/trunk/bin/test (rev 0)
+++ z3c.referercredentials/trunk/bin/test 2007-06-26 17:05:05 UTC (rev 77105)
@@ -0,0 +1,80 @@
+#!/usr/bin/py24
+
+import sys
+sys.path[0:0] = [
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/src',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.testing-3.4-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/setuptools-0.6c6-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.schema-3.4.0a1-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.interface-3.4.0b1-py2.4-linux-i686.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.component-3.4.0a1-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.app.authentication-3.4.0a1-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.i18nmessageid-3.4.0a1-py2.4-linux-i686.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.event-3.4.0b1.dev_r75122-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.deferredimport-3.4dev-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.deprecation-3.4.0a1-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/ZODB3-3.9.0_dev_r77011-py2.4-linux-i686.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.traversing-3.4.0a1-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.security-3.4.0b2-py2.4-linux-i686.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.publisher-3.4.0b1_r76188-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.location-3.4.0b1.dev_r75152-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.i18n-3.4.0b2-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.exceptions-3.4dev_r73107-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.dublincore-3.4.0a1-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.app.zapi-3.4.0a1-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.app.session-3.4.0a1-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.app.security-3.4.0a1_1-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.app.form-3.4.0b2.dev_r76975-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.app.container-3.4.0a1-py2.4-linux-i686.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.app.component-0.1dev_r74310-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.proxy-3.4.0a1-py2.4-linux-i686.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zdaemon-2.0a6-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/ZConfig-2.4a6-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.app.applicationcontrol-3.4_dev_r73715-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.thread-3.4dev_r73086-py2.4-linux-i686.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.configuration-3.4.0a1-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/pytz-2007f-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.app.testing-3.4.0b1_r76117-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.annotation-3.4.0b1.dev_r75758-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.app.interface-3.4.0a1-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.app.publisher-0.1dev_r73800-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.app.http-3.4.0a1-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.app.appsetup-3.4.0a1-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.app.pagetemplate-3.4.0b1dev_r75616-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.app.i18n-3.4.0a1-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.app.basicskin-3.4.0a1-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.cachedescriptors-3.4.0b1_r75830-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.copypastemove-3.4.0a1-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.app.broken-3.4.0a1-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.size-3.4.0a1-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.filerepresentation-3.4.0a1-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.lifecycleevent-3.4.0a1-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.dottedname-3.4dev_r73113-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.formlib-3.4.0a1-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.app.publication-3.4.0a1_2-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.app.folder-3.4.0a1-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.app.dependable-3.4.0a1-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.app.debug-3.4.0a1-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zodbcode-3.4.0b1dev_r75670-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.pagetemplate-3.4.0a1-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.datetime-3.4.0a1-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.contenttype-3.4.0a1-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.tales-3.4.0a1-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.hookable-3.4.0a1-py2.4-linux-i686.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.app.exception-3.4.0a1-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.app.error-3.4.0a1-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/zope.tal-3.4.0b1-py2.4.egg',
+ '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/eggs/RestrictedPython-3.4.0-py2.4.egg',
+ ]
+
+import os
+sys.argv[0] = os.path.abspath(sys.argv[0])
+os.chdir('/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/parts/test')
+
+
+import zope.testing.testrunner
+
+if __name__ == '__main__':
+ zope.testing.testrunner.run([
+ '--test-path', '/opt/zope/sr/z3cForm/trunk/packages/z3c.referercredentials/src',
+ ])
Property changes on: z3c.referercredentials/trunk/bin/test
___________________________________________________________________
Name: svn:executable
+
Added: z3c.referercredentials/trunk/bootstrap.py
===================================================================
--- z3c.referercredentials/trunk/bootstrap.py (rev 0)
+++ z3c.referercredentials/trunk/bootstrap.py 2007-06-26 17:05:05 UTC (rev 77105)
@@ -0,0 +1,52 @@
+##############################################################################
+#
+# Copyright (c) 2007 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Bootstrap a buildout-based project
+
+Simply run this script in a directory containing a buildout.cfg.
+The script accepts buildout command-line options, so you can
+use the -c option to specify an alternate configuration file.
+
+$Id$
+"""
+
+import os, shutil, sys, tempfile, urllib2
+
+tmpeggs = tempfile.mkdtemp()
+
+ez = {}
+exec urllib2.urlopen('http://peak.telecommunity.com/dist/ez_setup.py'
+ ).read() in ez
+ez['use_setuptools'](to_dir=tmpeggs, download_delay=0)
+
+import pkg_resources
+
+cmd = 'from setuptools.command.easy_install import main; main()'
+if sys.platform == 'win32':
+ cmd = '"%s"' % cmd # work around spawn lamosity on windows
+
+ws = pkg_resources.working_set
+assert os.spawnle(
+ os.P_WAIT, sys.executable, sys.executable,
+ '-c', cmd, '-mqNxd', tmpeggs, 'zc.buildout',
+ dict(os.environ,
+ PYTHONPATH=
+ ws.find(pkg_resources.Requirement.parse('setuptools')).location
+ ),
+ ) == 0
+
+ws.add_entry(tmpeggs)
+ws.require('zc.buildout')
+import zc.buildout.buildout
+zc.buildout.buildout.main(sys.argv[1:] + ['bootstrap'])
+shutil.rmtree(tmpeggs)
Property changes on: z3c.referercredentials/trunk/bootstrap.py
___________________________________________________________________
Name: svn:keywords
+ Id
Added: z3c.referercredentials/trunk/buildout.cfg
===================================================================
--- z3c.referercredentials/trunk/buildout.cfg (rev 0)
+++ z3c.referercredentials/trunk/buildout.cfg 2007-06-26 17:05:05 UTC (rev 77105)
@@ -0,0 +1,7 @@
+[buildout]
+develop = .
+parts = test
+
+[test]
+recipe = zc.recipe.testrunner
+eggs = z3c.referercredentials [test]
Added: z3c.referercredentials/trunk/setup.py
===================================================================
--- z3c.referercredentials/trunk/setup.py (rev 0)
+++ z3c.referercredentials/trunk/setup.py 2007-06-26 17:05:05 UTC (rev 77105)
@@ -0,0 +1,75 @@
+##############################################################################
+#
+# Copyright (c) 2007 Zope Foundation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""Setup
+
+$Id$
+"""
+import os
+from setuptools import setup, find_packages
+
+def read(*rnames):
+ return open(os.path.join(os.path.dirname(__file__), *rnames)).read()
+
+setup (
+ name='z3c.referercredentials',
+ version='0.1.0',
+ author = "Stephan Richter and the Zope Community",
+ author_email = "zope3-dev at zope.org",
+ description = "An HTTP referer credentials plugin.",
+ long_description=(
+ read('README.txt')
+ + '\n\n' +
+ 'Detailed Documentation\n'
+ '**********************\n'
+ + '\n' +
+ read('src', 'z3c', 'referercredentials', 'README.txt')
+ + '\n\n' +
+ read('CHANGES.txt')
+ ),
+ license = "ZPL 2.1",
+ keywords = "zope3 referer credentials pau",
+ classifiers = [
+ 'Development Status :: 4 - Beta',
+ 'Environment :: Web Environment',
+ 'Intended Audience :: Developers',
+ 'License :: OSI Approved :: Zope Public License',
+ 'Programming Language :: Python',
+ 'Natural Language :: English',
+ 'Operating System :: OS Independent',
+ 'Topic :: Internet :: WWW/HTTP',
+ 'Framework :: Zope3'],
+ url = 'http://svn.zope.org/z3c.referercredentials',
+ packages = find_packages('src'),
+ include_package_data = True,
+ package_dir = {'':'src'},
+ namespace_packages = ['z3c'],
+ extras_require = dict(
+ test = ['zope.app.testing', 'zope.testing'],
+ ),
+ install_requires = [
+ 'setuptools',
+ 'transaction',
+ 'zope.app.authentication',
+ 'zope.app.component',
+ 'zope.app.container',
+ 'zope.app.session',
+ 'zope.component',
+ 'zope.interface',
+ 'zope.publisher',
+ 'zope.schema',
+ 'zope.traversing',
+ ],
+ dependency_links = ['http://download.zope.org/distribution'],
+ zip_safe = False,
+ )
Property changes on: z3c.referercredentials/trunk/setup.py
___________________________________________________________________
Name: svn:keywords
+ Id
Added: z3c.referercredentials/trunk/src/z3c/__init__.py
===================================================================
--- z3c.referercredentials/trunk/src/z3c/__init__.py (rev 0)
+++ z3c.referercredentials/trunk/src/z3c/__init__.py 2007-06-26 17:05:05 UTC (rev 77105)
@@ -0,0 +1,7 @@
+try:
+ # Declare this a namespace package if pkg_resources is available.
+ import pkg_resources
+ pkg_resources.declare_namespace('z3c')
+except ImportError:
+ pass
+
Property changes on: z3c.referercredentials/trunk/src/z3c/__init__.py
___________________________________________________________________
Name: svn:keywords
+ Id
Added: z3c.referercredentials/trunk/src/z3c/referercredentials/README.txt
===================================================================
--- z3c.referercredentials/trunk/src/z3c/referercredentials/README.txt (rev 0)
+++ z3c.referercredentials/trunk/src/z3c/referercredentials/README.txt 2007-06-26 17:05:05 UTC (rev 77105)
@@ -0,0 +1,90 @@
+========================
+HTTP-Referer Credentials
+========================
+
+It is sometimes necessary to restrict access to a site by looking at the the
+site the user is coming from. For example, a user can only enter the site when
+he comes from within the corporate network. If the two sites cannot share any
+specific information, such as an authentication token, the only useful piece
+of information is the ``HTTP-Referer`` request header.
+
+__Note__: Yes I know this is not fully secure and someone could spoof the
+header. But this is acceptable in this particular application. I guess it
+keeps away the honest. And yes, this is a real world scenario -- would I
+implement this package otherwise? :-)
+
+So let's have a look at the credentials plugin:
+
+ >>> from z3c.referercredentials import credentials
+ >>> creds = credentials.HTTPRefererCredentials()
+
+Let's look at the positive case first. The referer credentials plugin has an
+attribute that specifies all allowed hosts:
+
+ >>> creds.allowedHosts
+ ('localhost',)
+
+In this example, we only want to allow peopl eto the site coming from
+``www.zope.org``.
+
+ >>> creds.allowedHosts = ('www.zope.org',)
+
+Now, a user coming from that site will have a request containing this referer:
+
+ >>> from zope.publisher.browser import TestRequest
+ >>> request = TestRequest(HTTP_REFERER='http://www.zope.org/index.html')
+
+The credentials can now be extracted as follows:
+
+ >>> creds.extractCredentials(request)
+
+Nothing is returned. This is because we have not defined any credentials that
+represent the "referer user". With setting the credentials, it should work:
+
+ >>> creds.credentials = {'login': 'mgr', 'password': 'mgrpw'}
+ >>> creds.extractCredentials(request)
+ {'login': 'mgr', 'password': 'mgrpw'}
+
+Once an acceptable referer has been passed in, the credentials are always
+returned:
+
+ >>> del request._environ['HTTP_REFERER']
+ >>> creds.extractCredentials(request)
+ {'login': 'mgr', 'password': 'mgrpw'}
+
+We have to log out in order to loose the credentials:
+
+ >>> creds.logout(request)
+ True
+
+Now, no credentials are returned when not sending in a correct referer:
+
+ >>> creds.extractCredentials(request)
+
+When the user could not be authenticated, the plugin is asked to pose a
+challenge:
+
+ >>> creds.challenge(request)
+ True
+ >>> request.response.getHeader('Redirect')
+
+By default we are getting the "unauthorized.html" view on the site. But you
+can change the view name:
+
+ >>> creds.challengeView = 'challenge.html'
+ >>> creds.challenge(request)
+ True
+ >>> request.response.getHeader('Redirect')
+
+Final Note: Of course, this credentials plugin only works with HTTP-based
+requests:
+
+ >>> request = object()
+
+ >>> creds.extractCredentials(request)
+
+ >>> creds.challenge(request)
+ False
+
+ >>> creds.logout(request)
+ False
Property changes on: z3c.referercredentials/trunk/src/z3c/referercredentials/README.txt
___________________________________________________________________
Name: svn:eol-style
+ native
Added: z3c.referercredentials/trunk/src/z3c/referercredentials/__init__.py
===================================================================
--- z3c.referercredentials/trunk/src/z3c/referercredentials/__init__.py (rev 0)
+++ z3c.referercredentials/trunk/src/z3c/referercredentials/__init__.py 2007-06-26 17:05:05 UTC (rev 77105)
@@ -0,0 +1 @@
+# Make a package.
Property changes on: z3c.referercredentials/trunk/src/z3c/referercredentials/__init__.py
___________________________________________________________________
Name: svn:keywords
+ Id
Added: z3c.referercredentials/trunk/src/z3c/referercredentials/credentials.py
===================================================================
--- z3c.referercredentials/trunk/src/z3c/referercredentials/credentials.py (rev 0)
+++ z3c.referercredentials/trunk/src/z3c/referercredentials/credentials.py 2007-06-26 17:05:05 UTC (rev 77105)
@@ -0,0 +1,74 @@
+##############################################################################
+#
+# Copyright (c) 2007 Zope Foundation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""HTTP Referer Credentials interfaces
+
+$Id$
+"""
+__docformat__ = "reStructuredText"
+import persistent
+import transaction
+import urllib2
+import zope.interface
+from zope.app.component import hooks
+from zope.app.container import contained
+from zope.app.session.interfaces import ISession
+from zope.publisher.interfaces.http import IHTTPRequest
+from zope.traversing.browser import absoluteURL
+
+from z3c.referercredentials import interfaces
+
+class HTTPRefererCredentials(persistent.Persistent, contained.Contained):
+ zope.interface.implements(interfaces.IHTTPRefererCredentials)
+
+ sessionKey = 'z3c.referercredentials'
+ allowedHosts = ('localhost',)
+ credentials = None
+ challengeView = 'unauthorized.html'
+
+ def extractCredentials(self, request):
+ """See zope.app.authentication.interfaces.ICredentialsPlugin"""
+ # Step 0: This credentials plugin only works for HTTP request
+ if not IHTTPRequest.providedBy(request):
+ return None
+ # Step 1: If the referer hostname matches
+ url = request.getHeader('Referer', '')
+ host = urllib2.splithost(urllib2.splittype(url)[-1])[0]
+ if host in self.allowedHosts:
+ ISession(request)[self.sessionKey]['authenticated'] = True
+ # Step 2: If the "authenticated" flag is set, return the
+ # pre-determined credentials."
+ if ISession(request)[self.sessionKey].get('authenticated'):
+ return self.credentials
+ return None
+
+ def challenge(self, request):
+ """See zope.app.authentication.interfaces.ICredentialsPlugin"""
+ # Step 0: This credentials plugin only works for HTTP request
+ if not IHTTPRequest.providedBy(request):
+ return False
+ # Step 1: Produce a URL and redirect to it
+ site = hooks.getSite()
+ url = '%s/@@%s' % (absoluteURL(site, request), self.challengeView)
+ request.response.redirect(url)
+ return True
+
+ def logout(self, request):
+ """See zope.app.authentication.interfaces.ICredentialsPlugin"""
+ # Step 0: This credentials plugin only works for HTTP request
+ if not IHTTPRequest.providedBy(request):
+ return False
+ # Step 1: Delete the session variable.
+ del ISession(request)[self.sessionKey]['authenticated']
+ transaction.commit()
+ return True
Property changes on: z3c.referercredentials/trunk/src/z3c/referercredentials/credentials.py
___________________________________________________________________
Name: svn:keywords
+ Id
Added: z3c.referercredentials/trunk/src/z3c/referercredentials/interfaces.py
===================================================================
--- z3c.referercredentials/trunk/src/z3c/referercredentials/interfaces.py (rev 0)
+++ z3c.referercredentials/trunk/src/z3c/referercredentials/interfaces.py 2007-06-26 17:05:05 UTC (rev 77105)
@@ -0,0 +1,43 @@
+##############################################################################
+#
+# Copyright (c) 2007 Zope Foundation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""HTTP Referer Credentials interfaces
+
+$Id$
+"""
+__docformat__ = "reStructuredText"
+import zope.schema
+from zope.app.authentication import interfaces
+
+class IHTTPRefererCredentials(interfaces.ICredentialsPlugin):
+ """HTTP-Referer Credentials"""
+
+ sessionKey = zope.schema.ASCIILine(
+ title=u'Session Key',
+ description=u'Session Key')
+
+ allowedHosts = zope.schema.Tuple(
+ title=u'Allowed Hosts',
+ description=u'A list of hosts allowed to access.',
+ default=('localhost',))
+
+ credentials = zope.schema.Field(
+ title=u'Credentials',
+ description=(u'An object representing the credentials of the '
+ u'referred user.'))
+
+ challengeView = zope.schema.TextLine(
+ title=u'Challenge View',
+ description=(u'The view to which the user is forwarded when not '
+ u'coming from a correct referer site.'),
+ default=u'unauthorized.html')
Property changes on: z3c.referercredentials/trunk/src/z3c/referercredentials/interfaces.py
___________________________________________________________________
Name: svn:keywords
+ Id
Added: z3c.referercredentials/trunk/src/z3c/referercredentials/tests.py
===================================================================
--- z3c.referercredentials/trunk/src/z3c/referercredentials/tests.py (rev 0)
+++ z3c.referercredentials/trunk/src/z3c/referercredentials/tests.py 2007-06-26 17:05:05 UTC (rev 77105)
@@ -0,0 +1,45 @@
+##############################################################################
+#
+# Copyright (c) 2005 Zope Corporation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""HTTP-Referer Credentials Test Setup
+
+$Id$
+"""
+__docformat__ = "reStructuredText"
+import unittest
+import zope.component
+from zope.app.session import session, http, interfaces
+from zope.app.testing import placelesssetup
+from zope.testing import doctest
+from zope.testing.doctestunit import DocFileSuite
+
+def setUp(test):
+ placelesssetup.setUp()
+ zope.component.provideAdapter(session.ClientId)
+ zope.component.provideAdapter(session.Session)
+ zope.component.provideUtility(
+ http.CookieClientIdManager(), interfaces.IClientIdManager)
+ zope.component.provideUtility(
+ session.PersistentSessionDataContainer(),
+ interfaces.ISessionDataContainer)
+
+def test_suite():
+ return unittest.TestSuite((
+ DocFileSuite(
+ 'README.txt',
+ setUp=setUp, tearDown=placelesssetup.tearDown,
+ optionflags=doctest.NORMALIZE_WHITESPACE|doctest.ELLIPSIS),
+ ))
+
+if __name__ == '__main__':
+ unittest.main(defaultTest='test_suite')
Property changes on: z3c.referercredentials/trunk/src/z3c/referercredentials/tests.py
___________________________________________________________________
Name: svn:keywords
+ Id
More information about the Checkins
mailing list