Python authentication.AuthenticatorMgr类代码示例

def create_dummy_user():
    """
    Creates a dummy user for testing purposes
    """
    avatar = Avatar()

    avatar.setName("fake")
    avatar.setSurName("fake")
    avatar.setOrganisation("fake")
    avatar.setLang("en_GB")
    avatar.setEmail("[email protected]")

    # registering user
    ah = AvatarHolder()
    ah.add(avatar)

    # setting up the login info
    li = LoginInfo("dummyuser", "dummyuser")
    ih = AuthenticatorMgr()
    userid = ih.createIdentity(li, avatar, "Local")
    ih.add(userid)

    # activate the account
    avatar.activateAccount()

    # since the DB is empty, we have to add dummy user as admin
    minfo = HelperMaKaCInfo.getMaKaCInfoInstance()

    al = minfo.getAdminList()
    al.grant(avatar)

    dc = DefaultConference()
    HelperMaKaCInfo.getMaKaCInfoInstance().setDefaultConference(dc)
    return avatar

 def _process( self ):
     am = AuthenticatorMgr()
     for id in self._identityList:
         identity = am.getIdentityById(id)
         am.removeIdentity(identity)
         self._avatar.removeIdentity(identity)
     self._redirect( urlHandlers.UHUserDetails.getURL( self._avatar ) )

    def _run(self, args):
        avatar = Avatar()

        name = raw_input("New administrator name: ").strip()
        surname = raw_input("New administrator surname: ").strip()
        organization = raw_input("New administrator organization: ").strip()
        email = raw_input("New administrator email: ").strip()
        login = raw_input("New administrator login: ").strip()
        password = getpass("New administrator password: ")
        password2 = getpass("Retype administrator password: ")
        if password != password2:
            raise Exception("Sorry, passwords do not match")

        avatar.setName(name)
        avatar.setSurName(surname)
        avatar.setOrganisation(organization)
        avatar.setLang("en_GB")
        avatar.setEmail(email)

        self.printUserInfo(avatar)

        if console.yesno("Are you sure to create and grant administrator privileges to this user?"):
            avatar.activateAccount()
            loginInfo = LoginInfo(login, password)
            authMgr = AuthenticatorMgr()
            userid = authMgr.createIdentity(loginInfo, avatar, "Local")
            authMgr.add(userid)
            adminList = info.HelperMaKaCInfo.getMaKaCInfoInstance().getAdminList()
            AvatarHolder().add(avatar)
            adminList.grant(avatar)
            print "New administrator created successfully with id: %s" % avatar.getId()

 def _makeLoginProcess(self):
     # Check for automatic login
     authManager = AuthenticatorMgr()
     if (
         authManager.isSSOLoginActive()
         and len(authManager.getList()) == 1
         and not Config.getInstance().getDisplayLoginPage()
     ):
         self._redirect(urlHandlers.UHSignInSSO.getURL(authId=authManager.getDefaultAuthenticator().getId()))
         return
     if request.method != "POST":
         return self._signInPage.display(returnURL=self._returnURL)
     else:
         li = LoginInfo(self._login, self._password)
         av = authManager.getAvatar(li)
         if not av:
             return self._signInPageFailed.display(returnURL=self._returnURL)
         elif not av.isActivated():
             if av.isDisabled():
                 self._redirect(self._disabledAccountURL(av))
             else:
                 self._redirect(self._unactivatedAccountURL(av))
             return _("Your account is not active\nPlease activate it and try again")
         else:
             self._setSessionVars(av)
         self._addExtraParamsToURL()
         self._redirect(self._url)

    def _process( self ):

        if self._params.get("Cancel",None) is not None :
            p = adminPages.WPUserDetails( self, self._avatar )
            return p.display()

        msg = ""
        ok = False
        if self._ok:
            ok = True
            ih = AuthenticatorMgr()
            #first, check if login is free
            if not ih.isLoginFree(self._login):
                msg += "Sorry, the login you requested is already in use. Please choose another one.<br>"
                ok = False
            if not self._pwd:
                msg += "you must enter a password<br>"
                ok = False
            #then, check if password is OK
            if self._pwd != self._pwdBis:
                msg += "You must enter the same password twice<br>"
                ok = False
            if ok:
                #create the indentity
                li = user.LoginInfo( self._login, self._pwd )
                id = ih.createIdentity( li, self._avatar, self._system )
                ih.add( id )
                self._redirect( urlHandlers.UHUserDetails.getURL( self._avatar ) )
                return

        self._params["msg"] = msg
        p = adminPages.WPIdentityCreation( self, self._avatar, self._params )
        return p.display()

 def _process( self ):
     authManager = AuthenticatorMgr()
     for i in self._identityList:
         identity = authManager.getIdentityById(i)
         if len(identity.getUser().getIdentityList()) > 1:
             authManager.removeIdentity(identity)
             self._avatar.removeIdentity(identity)
     self._redirect( urlHandlers.UHUserDetails.getURL( self._avatar ) )

class TestAuthentication(IndicoTestCase):
    _requires = ['db.Database']

    def setUp(self):
        super(TestAuthentication, self).setUp()

        with self._context("database"):
            # Create few users and groups
            gh = GroupHolder()
            ah = AvatarHolder()
            self._authMgr = AuthenticatorMgr()

            for i in xrange(1, 3):
                group = Group()
                group.setName("fake-group-%d" % i)
                group.setDescription("fake")
                group.setEmail("fake-group-%[email protected]" % i)
                group.setId("fake-group-%d" % i)
                avatar = Avatar()
                avatar.setName("fake-%d" % i)
                avatar.setSurName("fake")
                avatar.setOrganisation("fake")
                avatar.setLang("en_GB")
                avatar.setEmail("fake%[email protected]" % i)
                avatar.setId("fake-%d" % i)
                avatar.activateAccount()
                group.addMember(avatar)
                ah.add(avatar)
                gh.add(group)
                identity = self._authMgr.createIdentity(LoginInfo("fake-%d" % i, "fake-%d" % i), avatar, "Local")
                self._authMgr.add(identity)

    @with_context('database')
    def testAvatarHolder(self):
        """
        Test Avatar Holder
        """
        ah = AvatarHolder()
        self.assertEqual(ah.getById("fake-1").getName(), "fake-1")
        self.assertEqual(ah.match({"name": "fake-1"}, searchInAuthenticators=False)[0].getEmail(), "[email protected]")
        self.assertEqual(len(ah.matchFirstLetter("name", "f", searchInAuthenticators=False)), 2)

    @with_context('database')
    def testGroupHolder(self):
        gh = GroupHolder()
        ah = AvatarHolder()
        self.assert_(gh.getById("fake-group-1").containsUser(ah.getById("fake-1")))
        self.assertEqual(gh.match({"groupname": "fake-group-1"}, searchInAuthenticators=False)[0].getEmail(),
                         "[email protected]")
        self.assertEqual(len(gh.matchFirstLetter("f", searchInAuthenticators=False)), 2)

    @with_context('database')
    def testIdentities(self):
        ah = AvatarHolder()
        for i in xrange(1, 3):
            self.assertEqual(self._authMgr.getAvatar(LoginInfo("fake-%d" % i, "fake-%d" % i)),
                             ah.getById("fake-%d" % i))

 def _processIfActive( self ):
     self._tohttps = True
     #Check for automatic login
     auth = AuthenticatorMgr()
     av = auth.autoLogin(self)
     if av:
         url = self._returnURL
         self._getSession().setUser( av )
         self._redirect( url )
     p = registrationForm.WPRegistrationFormSignIn(self, self._conf)
     return p.display()

 def _processIfActive( self ):
     #Check for automatic login
     auth = AuthenticatorMgr()
     av = auth.autoLogin(self)
     if av:
         url = self._returnURL
         self._getSession().setUser( av )
         if Config.getInstance().getBaseSecureURL().startswith('https://'):
             url = str(url).replace('http://', 'https://')
         self._redirect( url )
     p = registrationForm.WPRegistrationFormSignIn(self, self._conf)
     return p.display()

 def _process( self ):
     autoLogoutRedirect = None
     if self._getUser():
         auth = AuthenticatorMgr()
         autoLogoutRedirect = auth.autoLogout(self)
         self._getSession().removeVar("ActiveTimezone")
         self._getSession().setUser( None )
         self._setUser( None )
     if autoLogoutRedirect:
         self._redirect(autoLogoutRedirect)
     else:
         self._redirect(self._returnURL)

    def _getAnswer(self):
        li = LoginInfo( self._username, self._password )
        auth = AuthenticatorMgr()
        av = auth.getAvatar(li)
        if not av:
            from MaKaC.services.interface.rpc.common import ServiceError
            raise ServiceError(message="Wrong login or password")

        elif not av.isActivated():
            from MaKaC.services.interface.rpc.common import ServiceError
            raise ServiceError(message="Your account is not active. Please activate it and retry.")
        else:
            self._getSession().setUser( av )
        return '%s OK %s' % (self._username, datetime.datetime.now())

    def _process(self):
        authManager = AuthenticatorMgr()
        if (authManager.isSSOLoginActive() and len(authManager.getList()) == 1 and
           not Config.getInstance().getDisplayLoginPage()):
            self._redirect(urlHandlers.UHSignInSSO.getURL(authId=authManager.getDefaultAuthenticator().getId()))
            return

        av = authManager.getAvatarByLogin(self._login).values()[0]
        self._responseUtil.content_type='application/json'
        if not av:
            return '{"success":false,"message":"User not found"}'
        elif not av.isActivated():
            return '{"success":false,"message":"User not activated"}'
        else:
            return '{"success":true}'

class RHResetPasswordBase:
    _isMobile = False
    _token_storage = GenericCache('resetpass')

    def _checkParams(self, params):
        self._token = request.view_args['token']
        self._data = self._token_storage.get(self._token)
        if not self._data:
            raise NoReportError(_('Invalid token. It might have expired.'))
        self._avatar = AuthenticatorMgr().getById(self._data['tag']).getAvatarByLogin(self._data['login'])
        self._identity = self._avatar.getIdentityById(self._data['login'], self._data['tag'])
        if not self._identity:
            raise NoReportError(_('Invalid token (no login found)'))

    def _checkParams_POST(self):
        self._password = request.form['password'].strip()
        if not self._password:
            raise FormValuesError(_('Your password must not be empty.'))
        if self._password != request.form['password_confirm'].strip():
            raise FormValuesError(_('Your password confirmation is not correct.'))

    def _process_GET(self):
        return self._getWP().display()

    def _process_POST(self):
        self._identity.setPassword(self._password.encode('utf-8'))
        self._token_storage.delete(self._token)
        url = self._getRedirectURL()
        url.addParam('passwordChanged', True)
        self._redirect(url)

    def authenticate(self, id):
        """
        id is MaKaC.user.LoginInfo instance, self.user is Avatar
        """

        log = Logger.get('auth.ldap')
        log.info("authenticate(%s)" % id.getLogin())
        data = AuthenticatorMgr.getInstance().getById(self.getAuthenticatorTag()).checkLoginPassword(id.getLogin(),
                                                                                                     id.getPassword())
        if not data or self.getLogin() != id.getLogin():
            return None
        # modify Avatar with the up-to-date info from LDAP
        av = self.user
        av.clearAuthenticatorPersonalData()
        udata = LDAPTools.extractUserDataFromLdapData(data)

        mail = udata.get('email', '').strip()
        if mail != '' and mail != av.getEmail():
            av.setEmail(mail, reindex=True)
        av.setAuthenticatorPersonalData('firstName', udata.get('name'))
        av.setAuthenticatorPersonalData('surName', udata.get('surName'))
        av.setAuthenticatorPersonalData('affiliation', udata.get('organisation'))
        av.setAuthenticatorPersonalData('address', udata.get('address'))
        av.setAuthenticatorPersonalData('phone', udata.get('phone'))
        av.setAuthenticatorPersonalData('fax', udata.get('fax'))
        return self.user

    def setUp(self):
        super(TestAuthentication, self).setUp()

        with self._context("database"):
            # Create few users and groups
            gh = GroupHolder()
            ah = AvatarHolder()
            self._authMgr = AuthenticatorMgr()

            for i in xrange(1, 3):
                group = Group()
                group.setName("fake-group-%d" % i)
                group.setDescription("fake")
                group.setEmail("fake-group-%[email protected]" % i)
                group.setId("fake-group-%d" % i)
                avatar = Avatar()
                avatar.setName("fake-%d" % i)
                avatar.setSurName("fake")
                avatar.setOrganisation("fake")
                avatar.setLang("en_GB")
                avatar.setEmail("fake%[email protected]" % i)
                avatar.setId("fake-%d" % i)
                avatar.activateAccount()
                group.addMember(avatar)
                ah.add(avatar)
                gh.add(group)
                identity = self._authMgr.createIdentity(LoginInfo("fake-%d" % i, "fake-%d" % i), avatar, "Local")
                self._authMgr.add(identity)