[Checkins] SVN: zc.zopeorgkeyupload/branches/dev/ Converted to use a zodb-based auth database, rather than ldap.
Jim Fulton
jim at zope.com
Tue Oct 11 16:02:54 EST 2011
Log message for revision 123057:
Converted to use a zodb-based auth database, rather than ldap.
Changed:
U zc.zopeorgkeyupload/branches/dev/buildout.cfg
A zc.zopeorgkeyupload/branches/dev/keys/
U zc.zopeorgkeyupload/branches/dev/setup.py
U zc.zopeorgkeyupload/branches/dev/src/zc/zopeorgkeyupload/__init__.py
U zc.zopeorgkeyupload/branches/dev/src/zc/zopeorgkeyupload/upload.py
-=-
Modified: zc.zopeorgkeyupload/branches/dev/buildout.cfg
===================================================================
--- zc.zopeorgkeyupload/branches/dev/buildout.cfg 2011-10-11 19:24:39 UTC (rev 123056)
+++ zc.zopeorgkeyupload/branches/dev/buildout.cfg 2011-10-11 21:02:53 UTC (rev 123057)
@@ -1,23 +1,26 @@
[buildout]
develop = .
parts = py config extra-eggs zdaemon
-extends = ldap.cfg
-find-links = python-ldap-2.3.4/dist
-index = http://download.zope.org/simple
+find-links = /opt/zaamdashboard/eggs
+extends = /opt/zaamdashboard/zc.kgs/ztk/ztk.cfg
+ /opt/zaamdashboard/zc.kgs/ztk/zopeapp.cfg
versions = versions
[versions]
-python-ldap = 2.3.4
+ZODB3 = 3.10.2
+transaction =
+zope.testbrowser =
+mechanize =
[define]
keydir = ${buildout:directory}/keys
-port = 8081
+port = 8082
[zdaemon]
recipe = zc.recipe.egg
[py]
-recipe = zc.recipe.egg
+recipe = zc.recipe.egg
interpreter = py
unzip = true
eggs =
@@ -26,18 +29,17 @@
zope.server
PasteDeploy
PasteScript
- python-ldap
+ zc.zaam
[config]
recipe = zc.recipe.deployment:configuration
+s =
text =
[app:main]
use = egg:zope.publisher
publication = egg:zc.zopeorgkeyupload
- host = ${ldap:host}
- port = ${ldap:port}
- base = ${ldap:base}
keydir = ${define:keydir}
+ zeo = 8200
[server:main]
use = egg:zope.server
Modified: zc.zopeorgkeyupload/branches/dev/setup.py
===================================================================
--- zc.zopeorgkeyupload/branches/dev/setup.py 2011-10-11 19:24:39 UTC (rev 123056)
+++ zc.zopeorgkeyupload/branches/dev/setup.py 2011-10-11 21:02:53 UTC (rev 123057)
@@ -18,7 +18,7 @@
entry_points = """
[zope.publisher.publication_factory]
-default = zc.zopeorgkeyupload:Publication
+default = zc.zopeorgkeyupload.upload:Publication
[console_scripts]
mvkey = zc.zopeorgkeyupload.mvkey:main
Modified: zc.zopeorgkeyupload/branches/dev/src/zc/zopeorgkeyupload/__init__.py
===================================================================
--- zc.zopeorgkeyupload/branches/dev/src/zc/zopeorgkeyupload/__init__.py 2011-10-11 19:24:39 UTC (rev 123056)
+++ zc.zopeorgkeyupload/branches/dev/src/zc/zopeorgkeyupload/__init__.py 2011-10-11 21:02:53 UTC (rev 123057)
@@ -1,130 +1 @@
-import ldap
-import os
-import pwd
-import re
-import zope.app.security.basicauthadapter
-import zope.component
-import zope.publisher.http
-import zope.security.interfaces
-
-zope.component.provideAdapter(zope.publisher.http.HTTPCharsets)
-
-v1re = re.compile(r'\d+ \d+ \d+').match
-command = r'command="/usr/local/bin/scm $SSH_ORIGINAL_COMMAND" '
-
-class Publication:
-
- def __init__(self, global_config, host, port, base, keydir):
- self.host, self.port = host, int(port)
- self.base, self.keydir = base, keydir
- self.tmp = os.path.join(keydir, '.tmp')
-
- def beforeTraversal(self, request):
- pass
-
- def getApplication(self, request):
- return self
-
- def callTraversalHooks(self, request, ob):
- pass
-
- def traverseName(self, request, ob, name):
- return self
-
- def afterTraversal(self, request, ob):
- pass
-
- def callObject(self, request, ob):
- cred = zope.app.security.basicauthadapter.BasicAuthAdapter(request)
- login = cred.getLogin()
- authorized = False
- if login is not None:
- c = ldap.open(self.host, self.port)
- dn = "cn=%s,%s" % (login, self.base)
- try:
- c.bind_s(dn, cred.getPassword())
- authorized = True
- c.unbind()
- except ldap.INVALID_CREDENTIALS:
- pass
-
- if not authorized:
- cred.needLogin('ZopeCVSAdmin')
- return ("You need to register with www.zope.org and log in\n"
- "here with your www.zope.org login and password.")
-
- try:
- pwd.getpwnam(login)
- except KeyError:
- return "You are not yet a contributor"
-
- if 'key' not in request.form:
- return key_form % ''
-
- key = request.form['key'].read(10000)
- if len(key) >= 10000:
- return key_form % 'The key you uploaded is too long!<br />'
-
- v1keys = []
- v2keys = []
- for line in key.split('\n'):
- if not line.strip():
- continue
- if line.strip().startswith('#'):
- continue
- if line.strip().split()[0] in ('ssh-dss', 'ssh-rsa'):
- v2keys.append(command+line+'\n')
- elif v1re(line):
- v1keys.append(command+line+'\n')
- else:
- return key_form % (
- 'The key you uploaded is not properly formatted!<br />')
-
- if not (v1keys or v2keys):
- return key_form % 'The file you uploaded had no keys!<br />'
-
-
- if v1keys:
- writef(self.tmp, ''.join(v1keys))
- os.rename(self.tmp, os.path.join(self.keydir, login+'-1'))
-
- if v2keys:
- writef(self.tmp, ''.join(v2keys))
- os.rename(self.tmp, os.path.join(self.keydir, login+'-2'))
-
- return ("Your keys have been uploaded.\n"
- "It may take a few minutes for them to become effective.")
-
- def afterCall(self, request, ob):
- pass
-
- def handleException(self, object, request, exc_info, retry_allowed=1):
- raise exc_info[0], exc_info[1], exc_info[2]
-
- def endRequest(self, request, ob):
- pass
-
- def getDefaultTraversal(self, request, ob):
- return self, ()
-
-def writef(path, data):
- fd = os.open(path, os.O_WRONLY | os.O_CREAT, 0600)
- os.write(fd, data)
- os.close(fd)
-
-
-key_form = """
-<html>
- <head>
- <title>Upload your public SSH key</title>
- </head>
- <body>
- %s
- <form method="POST" enctype="multipart/form-data">
- Upload your public SSH key(s):
- <input type="file" name="key" size="40" /><br />
- <input type="submit" value="submit" />
- </form>
-</html>
-"""
-
+#
Modified: zc.zopeorgkeyupload/branches/dev/src/zc/zopeorgkeyupload/upload.py
===================================================================
--- zc.zopeorgkeyupload/branches/dev/src/zc/zopeorgkeyupload/upload.py 2011-10-11 19:24:39 UTC (rev 123056)
+++ zc.zopeorgkeyupload/branches/dev/src/zc/zopeorgkeyupload/upload.py 2011-10-11 21:02:53 UTC (rev 123057)
@@ -1,11 +1,15 @@
+import logging
import os
import pwd
import re
+import ZEO
import zope.app.security.basicauthadapter
import zope.component
import zope.publisher.http
import zope.security.interfaces
+logging.basicConfig()
+
zope.component.provideAdapter(zope.publisher.http.HTTPCharsets)
v1re = re.compile(r'\d+ \d+ \d+').match
@@ -13,10 +17,10 @@
class Publication:
- def __init__(self, global_config, host, port, base, keydir):
- self.host, self.port = host, int(port)
- self.base, self.keydir = base, keydir
+ def __init__(self, global_config, keydir, zeo):
+ self.keydir = keydir
self.tmp = os.path.join(keydir, '.tmp')
+ self.db = ZEO.DB(int(zeo), read_only=True)
def beforeTraversal(self, request):
pass
@@ -36,21 +40,22 @@
def callObject(self, request, ob):
cred = zope.app.security.basicauthadapter.BasicAuthAdapter(request)
login = cred.getLogin()
+
authorized = False
if login is not None:
- c = ldap.open(self.host, self.port)
- dn = "cn=%s,%s" % (login, self.base)
- try:
- c.bind_s(dn, cred.getPassword())
- authorized = True
- c.unbind()
- except ldap.INVALID_CREDENTIALS:
- pass
+ with self.db.transaction() as conn:
+ users = conn.root.zaam_users
+ user = users.authenticateCredentials(dict(
+ domain = 'svn.zope.org',
+ login = login,
+ password = cred.getPassword(),
+ ))
+ if user is not None:
+ authorized = True
if not authorized:
cred.needLogin('ZopeCVSAdmin')
- return ("You need to register with www.zope.org and log in\n"
- "here with your www.zope.org login and password.")
+ return ("You need to become a registered user.")
try:
pwd.getpwnam(login)
More information about the checkins
mailing list