Ajout d'un paramètre authenticationMethod afin de pouvoir différencier les

authentifications par certificat X.509v3 stocké dans le navigateur web et celles par certificat X.509v3 stocké dans une carte à puce.
2003-12-25 10:06:00 +00:00 · 2003-12-25 10:06:00 +00:00 · 16d4970caf
parent 332a4fbd45
commit 16d4970caf
6 changed files with 35 additions and 18 deletions
--- a/servers/PasswordAccountsServer/PasswordAccountsServer.py
+++ b/servers/PasswordAccountsServer/PasswordAccountsServer.py
@ -168,7 +168,7 @@ class PasswordAccountsServer(
        if object.password and password != object.password:
            raise faults.WrongPassword(password)
        identitiesProxy = getProxy(object.identityId)
-        return identitiesProxy.getUserToken(object.identityId)
+        return [identitiesProxy.getUserToken(object.identityId), 'password']

    def fillEmptyVirtualServer(self, virtualServer):
        objects.ObjectsServer.fillEmptyVirtualServer(self, virtualServer)
--- a/servers/X509AccountsServer/X509AccountsServer.py
+++ b/servers/X509AccountsServer/X509AccountsServer.py
@ -146,7 +146,8 @@ class X509AccountsServer(
            raise faults.WrongX509Serial(serial)
        object = virtualServer.objectsBySerial[serial]
        identitiesProxy = getProxy(object.identityId)
-        return identitiesProxy.getUserToken(object.identityId)
+        return [identitiesProxy.getUserToken(object.identityId),
+                object.authenticationMethod]

    def registerPublicMethods(self):
        objects.ObjectsServer.registerPublicMethods(self)
--- a/shared/common/X509AccountsCommon.py
+++ b/shared/common/X509AccountsCommon.py
@ -53,8 +53,29 @@ class AdminX509Accounts(objects.AdminCommon):


 class X509Account(objects.ObjectCommon):
-    language_kindName = None
+    authenticationMethod = None
+    class authenticationMethod_kindClass:
+        _kindName = 'Choice'
+        isRequired = 1
+        label = N_('Authentication Method')
+        labels = {
+                'smartcardPki': N_('Smartcard Certificate'),
+                'softwarePki': N_('Software Certificate'),
+                }
+        values = [
+                'smartcardPki',
+                'softwarePki',
+                ]
    
+    identityId = None
+    class identityId_kindClass:
+        _kindName = 'Id'
+        isRequired = 1
+        label = N_('Identity')
+        serverRoles = ['identities']
+
+    language_kindName = None
+
    serial = None
    class serial_kindClass:
        _kindName = 'String'
@ -64,13 +85,6 @@ class X509Account(objects.ObjectCommon):
        label = N_('Serial')
        textMaxLength = 40
        widget_size = 15
-
-    identityId = None
-    class identityId_kindClass:
-        _kindName = 'Id'
-        isRequired = 1
-        label = N_('Identity')
-        serverRoles = ['identities']
        
    serverRole = 'x509accounts'

@ -83,7 +97,7 @@ class X509Account(objects.ObjectCommon):
    def getOrderedLayoutSlotNames(self, parentSlot = None):
        slotNames = objects.ObjectCommon.getOrderedLayoutSlotNames(
                self, parentSlot = parentSlot)
-        slotNames += ['serial', 'identityId']
+        slotNames += ['authenticationMethod', 'serial', 'identityId']
        return slotNames


--- a/shared/web/PasswordAccountsWeb.py
+++ b/shared/web/PasswordAccountsWeb.py
@ -171,7 +171,7 @@ class PasswordAccountsWeb(objects.ObjectsWebMixin,
 ##             return success(_('The password has been sent successfully.'), X.rootUrl())

        try:
-            userToken = self.checkObjectAuthentication(
+            userToken, authenticationMethod = self.checkObjectAuthentication(
                    object.login, object.password)
        except faults.WrongLogin, fault:
            context.getVar('error', 1)
@ -186,6 +186,6 @@ class PasswordAccountsWeb(objects.ObjectsWebMixin,
                raise
            return accessForbidden()
        identitiesWeb = getWebForServerRole('identities')
-        return identitiesWeb.loginSucceeded(userToken, 'password')
+        return identitiesWeb.loginSucceeded(userToken, authenticationMethod)
    loginSubmit.isPublicForWeb = 1

--- a/shared/web/X509AccountsWeb.py
+++ b/shared/web/X509AccountsWeb.py
@ -112,7 +112,8 @@ class X509AccountsWeb(objects.ObjectsWebMixin,
        else:
            serial = env['SSL_CLIENT_M_SERIAL']
            try:
-                userToken = self.checkObjectAuthentication(serial)
+                userToken, authenticationMethod \
+                        = self.checkObjectAuthentication(serial)
            except faults.WrongX509Serial:
                return self.returnToRetryPage(_(
                        'Unknown certificate serial number = %s' % serial))
@ -121,5 +122,5 @@ class X509AccountsWeb(objects.ObjectsWebMixin,
                    raise
                return accessForbidden()
        identitiesWeb = getWebForServerRole('identities')
-        return identitiesWeb.loginSucceeded(userToken, 'softwarePki')
+        return identitiesWeb.loginSucceeded(userToken, authenticationMethod)
    login.isPublicForWeb = 1
--- a/system/generate-system.py
+++ b/system/generate-system.py
@ -110,9 +110,10 @@ class Application(applications.Application):

    def login(self):
        passwordAccountsProxy = getProxyForServerRole('passwordaccounts')
-        userToken = passwordAccountsProxy.checkObjectAuthentication(
-                context.getVar('userLogin'),
-                context.getVar('userPassword'))
+        userToken, authenticationMethod \
+                = passwordAccountsProxy.checkObjectAuthentication(
+                        context.getVar('userLogin'),
+                        context.getVar('userPassword'))
        context.setVar('userToken', userToken)

    def logout(self):