Ajout d'un paramètre authenticationMethod afin de pouvoir différencier les
authentifications par certificat X.509v3 stocké dans le navigateur web et celles par certificat X.509v3 stocké dans une carte à puce.
This commit is contained in:
parent
332a4fbd45
commit
16d4970caf
|
@ -168,7 +168,7 @@ class PasswordAccountsServer(
|
|||
if object.password and password != object.password:
|
||||
raise faults.WrongPassword(password)
|
||||
identitiesProxy = getProxy(object.identityId)
|
||||
return identitiesProxy.getUserToken(object.identityId)
|
||||
return [identitiesProxy.getUserToken(object.identityId), 'password']
|
||||
|
||||
def fillEmptyVirtualServer(self, virtualServer):
|
||||
objects.ObjectsServer.fillEmptyVirtualServer(self, virtualServer)
|
||||
|
|
|
@ -146,7 +146,8 @@ class X509AccountsServer(
|
|||
raise faults.WrongX509Serial(serial)
|
||||
object = virtualServer.objectsBySerial[serial]
|
||||
identitiesProxy = getProxy(object.identityId)
|
||||
return identitiesProxy.getUserToken(object.identityId)
|
||||
return [identitiesProxy.getUserToken(object.identityId),
|
||||
object.authenticationMethod]
|
||||
|
||||
def registerPublicMethods(self):
|
||||
objects.ObjectsServer.registerPublicMethods(self)
|
||||
|
|
|
@ -53,8 +53,29 @@ class AdminX509Accounts(objects.AdminCommon):
|
|||
|
||||
|
||||
class X509Account(objects.ObjectCommon):
|
||||
language_kindName = None
|
||||
authenticationMethod = None
|
||||
class authenticationMethod_kindClass:
|
||||
_kindName = 'Choice'
|
||||
isRequired = 1
|
||||
label = N_('Authentication Method')
|
||||
labels = {
|
||||
'smartcardPki': N_('Smartcard Certificate'),
|
||||
'softwarePki': N_('Software Certificate'),
|
||||
}
|
||||
values = [
|
||||
'smartcardPki',
|
||||
'softwarePki',
|
||||
]
|
||||
|
||||
identityId = None
|
||||
class identityId_kindClass:
|
||||
_kindName = 'Id'
|
||||
isRequired = 1
|
||||
label = N_('Identity')
|
||||
serverRoles = ['identities']
|
||||
|
||||
language_kindName = None
|
||||
|
||||
serial = None
|
||||
class serial_kindClass:
|
||||
_kindName = 'String'
|
||||
|
@ -64,13 +85,6 @@ class X509Account(objects.ObjectCommon):
|
|||
label = N_('Serial')
|
||||
textMaxLength = 40
|
||||
widget_size = 15
|
||||
|
||||
identityId = None
|
||||
class identityId_kindClass:
|
||||
_kindName = 'Id'
|
||||
isRequired = 1
|
||||
label = N_('Identity')
|
||||
serverRoles = ['identities']
|
||||
|
||||
serverRole = 'x509accounts'
|
||||
|
||||
|
@ -83,7 +97,7 @@ class X509Account(objects.ObjectCommon):
|
|||
def getOrderedLayoutSlotNames(self, parentSlot = None):
|
||||
slotNames = objects.ObjectCommon.getOrderedLayoutSlotNames(
|
||||
self, parentSlot = parentSlot)
|
||||
slotNames += ['serial', 'identityId']
|
||||
slotNames += ['authenticationMethod', 'serial', 'identityId']
|
||||
return slotNames
|
||||
|
||||
|
||||
|
|
|
@ -171,7 +171,7 @@ class PasswordAccountsWeb(objects.ObjectsWebMixin,
|
|||
## return success(_('The password has been sent successfully.'), X.rootUrl())
|
||||
|
||||
try:
|
||||
userToken = self.checkObjectAuthentication(
|
||||
userToken, authenticationMethod = self.checkObjectAuthentication(
|
||||
object.login, object.password)
|
||||
except faults.WrongLogin, fault:
|
||||
context.getVar('error', 1)
|
||||
|
@ -186,6 +186,6 @@ class PasswordAccountsWeb(objects.ObjectsWebMixin,
|
|||
raise
|
||||
return accessForbidden()
|
||||
identitiesWeb = getWebForServerRole('identities')
|
||||
return identitiesWeb.loginSucceeded(userToken, 'password')
|
||||
return identitiesWeb.loginSucceeded(userToken, authenticationMethod)
|
||||
loginSubmit.isPublicForWeb = 1
|
||||
|
||||
|
|
|
@ -112,7 +112,8 @@ class X509AccountsWeb(objects.ObjectsWebMixin,
|
|||
else:
|
||||
serial = env['SSL_CLIENT_M_SERIAL']
|
||||
try:
|
||||
userToken = self.checkObjectAuthentication(serial)
|
||||
userToken, authenticationMethod \
|
||||
= self.checkObjectAuthentication(serial)
|
||||
except faults.WrongX509Serial:
|
||||
return self.returnToRetryPage(_(
|
||||
'Unknown certificate serial number = %s' % serial))
|
||||
|
@ -121,5 +122,5 @@ class X509AccountsWeb(objects.ObjectsWebMixin,
|
|||
raise
|
||||
return accessForbidden()
|
||||
identitiesWeb = getWebForServerRole('identities')
|
||||
return identitiesWeb.loginSucceeded(userToken, 'softwarePki')
|
||||
return identitiesWeb.loginSucceeded(userToken, authenticationMethod)
|
||||
login.isPublicForWeb = 1
|
||||
|
|
|
@ -110,9 +110,10 @@ class Application(applications.Application):
|
|||
|
||||
def login(self):
|
||||
passwordAccountsProxy = getProxyForServerRole('passwordaccounts')
|
||||
userToken = passwordAccountsProxy.checkObjectAuthentication(
|
||||
context.getVar('userLogin'),
|
||||
context.getVar('userPassword'))
|
||||
userToken, authenticationMethod \
|
||||
= passwordAccountsProxy.checkObjectAuthentication(
|
||||
context.getVar('userLogin'),
|
||||
context.getVar('userPassword'))
|
||||
context.setVar('userToken', userToken)
|
||||
|
||||
def logout(self):
|
||||
|
|
Reference in New Issue