[Zope-CVS] CVS: Products/PluggableAuthService - PluggableAuthService.py:1.8

Lennart Regebro regebro at nuxeo.com
Tue Aug 31 05:28:15 EDT 2004 

Update of /cvs-repository/Products/PluggableAuthService
In directory cvs.zope.org:/tmp/cvs-serv10707

Modified Files:
	PluggableAuthService.py 
Log Message:
Implemented the challenge call, so challende plugins now gets called.
Only raise "Redirect", url supported as challenge, but anything else requires
a rewrite of BasicRequest...


=== Products/PluggableAuthService/PluggableAuthService.py 1.7 => 1.8 ===
--- Products/PluggableAuthService/PluggableAuthService.py:1.7	Mon Aug 30 11:24:52 2004
+++ Products/PluggableAuthService/PluggableAuthService.py	Tue Aug 31 05:27:44 2004
@@ -250,7 +250,7 @@
         , name
         , value
         ) = self._getObjectContext( request[ 'PUBLISHED' ], request )
-
+        
         for user_id, login in user_ids:
 
             user = self._findUser( plugins, user_id, login
@@ -275,8 +275,24 @@
                 return user
 
         if not is_top:
-            return None
-
+            # Try to validate with user folders higher up.
+            innerob=self.aq_parent
+            while hasattr(innerob,"aq_parent"):
+                inner = getattr(innerob, 'aq_inner', innerob)
+                parent = getattr(inner, 'aq_parent', None)
+                if parent is not None:
+                    innerob = parent
+                else:
+                    if hasattr(innerob, 'im_self'):
+                        innerob = innerob.im_self
+                        innerob = getattr(innerob, 'aq_inner', innerob)
+                if hasattr(innerob,"__allow_groups__"):
+                    userfolder=innerob.__allow_groups__
+                    if hasattr(userfolder,"validate"):
+                        user=userfolder.validate(request,auth,roles)
+                        if user is not None:
+                            return user
+                        
         #
         #   No other user folder above us can satisfy, and we have no user;
         #   return a constructed anonymous only if anonymous is authorized.
@@ -291,6 +307,18 @@
                               ):
             return anonymous
 
+        # No validation in upper user folders: Make a challenge
+        challengers = plugins.listPlugins(IChallengePlugin)
+        for challenger_id, challenger in challengers:
+            try:
+                # A successful challenge involves raising a 
+                # "Redirect", url exception.
+                challenger.challenge(request, request.RESPONSE)
+            except _SWALLOWABLE_PLUGIN_EXCEPTIONS:
+                LOG('PluggableAuthService', WARNING, 
+                    'ChallengePlugin %s error' % challenger_id,
+                    error=sys.exc_info())
+        
         return None
 
     security.declareProtected( SearchPrincipals, 'searchUsers')
@@ -723,7 +751,6 @@
 
             if user_id is not None:
                 result.append( ( user_id, name ) )
-
         return result
 
     security.declarePrivate( '_unmangleId' )
@@ -733,7 +760,7 @@
 
     security.declarePrivate( '_mangleId' )
     def _mangleId( self, namespace, id ):
-
+    
         return MANGLE_DELIMITER.join( ( namespace, id ) )
 
     security.declarePrivate( '_computeMangledId' )

More information about the Zope-CVS mailing list