1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
from zope.interface import implements
from repoze.bfg.interfaces import IAuthenticationPolicy
from repoze.bfg.security import Everyone
from repoze.bfg.security import Authenticated
class RepozeWho1AuthenticationPolicy(object):
""" A BFG authentication policy which obtains data from the
repoze.who 1.X WSGI API """
implements(IAuthenticationPolicy)
identifier_name = 'auth_tkt'
def _get_identity(self, request):
return request.environ.get('repoze.who.identity')
def _get_identifier(self, request):
plugins = request.environ.get('repoze.who.plugins')
if plugins is None:
return None
identifier = plugins[self.identifier_name]
return identifier
def authenticated_userid(self, context, request):
identity = self._get_identity(request)
if identity is None:
return None
return identity['repoze.who.userid']
def effective_principals(self, context, request):
effective_principals = [Everyone]
identity = self._get_identity(request)
if identity is None:
return effective_principals
effective_principals.append(Authenticated)
userid = identity['repoze.who.userid']
groups = identity.get('groups', [])
effective_principals.append(userid)
effective_principals.extend(groups)
return effective_principals
def remember(self, context, request, principal, **kw):
identifier = self._get_identifier(request)
if identifier is None:
return []
environ = request.environ
identity = {'repoze.who.userid':principal}
return identifier.remember(environ, identity)
def forget(self, context, request):
identifier = self._get_identifier(request)
if identifier is None:
return []
identity = self._get_identity(request)
return identifier.forget(request.environ, identity)
class RemoteUserAuthenticationPolicy(object):
""" A BFG authentication policy which obtains data from the
REMOTE_USER WSGI envvar """
implements(IAuthenticationPolicy)
def _get_identity(self, request):
return request.environ.get('REMOTE_USER')
def authenticated_userid(self, context, request):
identity = self._get_identity(request)
if identity is None:
return None
return identity
def effective_principals(self, context, request):
effective_principals = [Everyone]
identity = self._get_identity(request)
if identity is None:
return effective_principals
effective_principals.append(Authenticated)
effective_principals.append(identity)
return effective_principals
def remember(self, context, request, principal, **kw):
return []
def forget(self, context, request):
return []
|
