[Checkins] SVN: zc.zopeorgkeyupload/branches/dev/ Converted to use a zodb-based auth database, rather than ldap.

Jim Fulton jim at zope.com
Tue Oct 11 16:02:54 EST 2011


Log message for revision 123057:
  Converted to use a zodb-based auth database, rather than ldap.
  

Changed:
  U   zc.zopeorgkeyupload/branches/dev/buildout.cfg
  A   zc.zopeorgkeyupload/branches/dev/keys/
  U   zc.zopeorgkeyupload/branches/dev/setup.py
  U   zc.zopeorgkeyupload/branches/dev/src/zc/zopeorgkeyupload/__init__.py
  U   zc.zopeorgkeyupload/branches/dev/src/zc/zopeorgkeyupload/upload.py

-=-
Modified: zc.zopeorgkeyupload/branches/dev/buildout.cfg
===================================================================
--- zc.zopeorgkeyupload/branches/dev/buildout.cfg	2011-10-11 19:24:39 UTC (rev 123056)
+++ zc.zopeorgkeyupload/branches/dev/buildout.cfg	2011-10-11 21:02:53 UTC (rev 123057)
@@ -1,23 +1,26 @@
 [buildout]
 develop = .
 parts = py config extra-eggs zdaemon
-extends = ldap.cfg
-find-links = python-ldap-2.3.4/dist
-index = http://download.zope.org/simple
+find-links = /opt/zaamdashboard/eggs
+extends = /opt/zaamdashboard/zc.kgs/ztk/ztk.cfg
+          /opt/zaamdashboard/zc.kgs/ztk/zopeapp.cfg
 versions = versions
 
 [versions]
-python-ldap = 2.3.4
+ZODB3 = 3.10.2
+transaction =
+zope.testbrowser =
+mechanize =
 
 [define]
 keydir = ${buildout:directory}/keys
-port = 8081
+port = 8082
 
 [zdaemon]
 recipe = zc.recipe.egg
 
 [py]
-recipe = zc.recipe.egg
+recipe = zc.recipe.egg                                       
 interpreter = py
 unzip = true
 eggs =
@@ -26,18 +29,17 @@
      zope.server
      PasteDeploy
      PasteScript
-     python-ldap
+     zc.zaam
 
 [config]
 recipe = zc.recipe.deployment:configuration
+s =
 text =
   [app:main]
   use = egg:zope.publisher
   publication = egg:zc.zopeorgkeyupload
-  host = ${ldap:host}
-  port = ${ldap:port}
-  base = ${ldap:base}
   keydir = ${define:keydir}
+  zeo = 8200
 
   [server:main]
   use = egg:zope.server

Modified: zc.zopeorgkeyupload/branches/dev/setup.py
===================================================================
--- zc.zopeorgkeyupload/branches/dev/setup.py	2011-10-11 19:24:39 UTC (rev 123056)
+++ zc.zopeorgkeyupload/branches/dev/setup.py	2011-10-11 21:02:53 UTC (rev 123057)
@@ -18,7 +18,7 @@
 
 entry_points = """
 [zope.publisher.publication_factory]
-default = zc.zopeorgkeyupload:Publication
+default = zc.zopeorgkeyupload.upload:Publication
 
 [console_scripts]
 mvkey = zc.zopeorgkeyupload.mvkey:main

Modified: zc.zopeorgkeyupload/branches/dev/src/zc/zopeorgkeyupload/__init__.py
===================================================================
--- zc.zopeorgkeyupload/branches/dev/src/zc/zopeorgkeyupload/__init__.py	2011-10-11 19:24:39 UTC (rev 123056)
+++ zc.zopeorgkeyupload/branches/dev/src/zc/zopeorgkeyupload/__init__.py	2011-10-11 21:02:53 UTC (rev 123057)
@@ -1,130 +1 @@
-import ldap
-import os
-import pwd
-import re
-import zope.app.security.basicauthadapter
-import zope.component
-import zope.publisher.http
-import zope.security.interfaces
-
-zope.component.provideAdapter(zope.publisher.http.HTTPCharsets)
-
-v1re = re.compile(r'\d+ \d+ \d+').match
-command = r'command="/usr/local/bin/scm $SSH_ORIGINAL_COMMAND" '
-
-class Publication:
-
-    def __init__(self, global_config, host, port, base, keydir):
-        self.host, self.port = host, int(port)
-        self.base, self.keydir = base, keydir
-        self.tmp = os.path.join(keydir, '.tmp')
-        
-    def beforeTraversal(self, request):
-        pass
-
-    def getApplication(self, request):
-        return self
-    
-    def callTraversalHooks(self, request, ob):
-        pass
-
-    def traverseName(self, request, ob, name):
-        return self
-
-    def afterTraversal(self, request, ob):
-        pass
-
-    def callObject(self, request, ob):
-        cred = zope.app.security.basicauthadapter.BasicAuthAdapter(request)
-        login = cred.getLogin()
-        authorized = False
-        if login is not None:
-            c = ldap.open(self.host, self.port)
-            dn = "cn=%s,%s" % (login, self.base)
-            try:
-                c.bind_s(dn, cred.getPassword())
-                authorized = True
-                c.unbind()
-            except ldap.INVALID_CREDENTIALS:
-                pass
-
-        if not authorized:
-            cred.needLogin('ZopeCVSAdmin')
-            return ("You need to register with www.zope.org and log in\n"
-                    "here with your www.zope.org login and password.")
-
-        try:
-            pwd.getpwnam(login)
-        except KeyError:
-            return "You are not yet a contributor"
-
-        if 'key' not in request.form:
-            return key_form % ''
-            
-        key = request.form['key'].read(10000)
-        if len(key) >= 10000:
-            return key_form % 'The key you uploaded is too long!<br />'
-
-        v1keys = []
-        v2keys = []
-        for line in key.split('\n'):
-            if not line.strip():
-                continue
-            if line.strip().startswith('#'):
-                continue
-            if line.strip().split()[0] in ('ssh-dss', 'ssh-rsa'):
-                v2keys.append(command+line+'\n')
-            elif v1re(line):
-                v1keys.append(command+line+'\n')
-            else:
-                return key_form % (
-                    'The key you uploaded is not properly formatted!<br />')
-
-        if not (v1keys or v2keys):
-                return key_form % 'The file you uploaded had no keys!<br />'
-            
-
-        if v1keys:
-            writef(self.tmp, ''.join(v1keys))
-            os.rename(self.tmp, os.path.join(self.keydir, login+'-1'))
-
-        if v2keys:
-            writef(self.tmp, ''.join(v2keys))
-            os.rename(self.tmp, os.path.join(self.keydir, login+'-2'))
-            
-        return ("Your keys have been uploaded.\n"
-                "It may take a few minutes for them to become effective.")
-
-    def afterCall(self, request, ob):
-        pass
-    
-    def handleException(self, object, request, exc_info, retry_allowed=1):
-        raise exc_info[0], exc_info[1], exc_info[2]
-    
-    def endRequest(self, request, ob):
-        pass
-    
-    def getDefaultTraversal(self, request, ob):
-        return self, ()
-
-def writef(path, data):
-    fd = os.open(path, os.O_WRONLY | os.O_CREAT, 0600)
-    os.write(fd, data)
-    os.close(fd)
-
-
-key_form = """
-<html>
-  <head>
-    <title>Upload your public SSH key</title>
-  </head>
-  <body>
-    %s
-    <form method="POST" enctype="multipart/form-data">
-      Upload your public SSH key(s):
-      <input type="file" name="key" size="40" /><br />
-      <input type="submit" value="submit" />
-    </form>
-</html>
-"""
-    
+#

Modified: zc.zopeorgkeyupload/branches/dev/src/zc/zopeorgkeyupload/upload.py
===================================================================
--- zc.zopeorgkeyupload/branches/dev/src/zc/zopeorgkeyupload/upload.py	2011-10-11 19:24:39 UTC (rev 123056)
+++ zc.zopeorgkeyupload/branches/dev/src/zc/zopeorgkeyupload/upload.py	2011-10-11 21:02:53 UTC (rev 123057)
@@ -1,11 +1,15 @@
+import logging
 import os
 import pwd
 import re
+import ZEO
 import zope.app.security.basicauthadapter
 import zope.component
 import zope.publisher.http
 import zope.security.interfaces
 
+logging.basicConfig()
+
 zope.component.provideAdapter(zope.publisher.http.HTTPCharsets)
 
 v1re = re.compile(r'\d+ \d+ \d+').match
@@ -13,10 +17,10 @@
 
 class Publication:
 
-    def __init__(self, global_config, host, port, base, keydir):
-        self.host, self.port = host, int(port)
-        self.base, self.keydir = base, keydir
+    def __init__(self, global_config, keydir, zeo):
+        self.keydir = keydir
         self.tmp = os.path.join(keydir, '.tmp')
+        self.db = ZEO.DB(int(zeo), read_only=True)
 
     def beforeTraversal(self, request):
         pass
@@ -36,21 +40,22 @@
     def callObject(self, request, ob):
         cred = zope.app.security.basicauthadapter.BasicAuthAdapter(request)
         login = cred.getLogin()
+
         authorized = False
         if login is not None:
-            c = ldap.open(self.host, self.port)
-            dn = "cn=%s,%s" % (login, self.base)
-            try:
-                c.bind_s(dn, cred.getPassword())
-                authorized = True
-                c.unbind()
-            except ldap.INVALID_CREDENTIALS:
-                pass
+            with self.db.transaction() as conn:
+                users = conn.root.zaam_users
+                user = users.authenticateCredentials(dict(
+                    domain = 'svn.zope.org',
+                    login = login,
+                    password = cred.getPassword(),
+                    ))
+                if user is not None:
+                    authorized = True
 
         if not authorized:
             cred.needLogin('ZopeCVSAdmin')
-            return ("You need to register with www.zope.org and log in\n"
-                    "here with your www.zope.org login and password.")
+            return ("You need to become a registered user.")
 
         try:
             pwd.getpwnam(login)



More information about the checkins mailing list