diff --git a/servers/PasswordAccountsServer/PasswordAccountsServer.py b/servers/PasswordAccountsServer/PasswordAccountsServer.py index 9cd04aff..ec034728 100755 --- a/servers/PasswordAccountsServer/PasswordAccountsServer.py +++ b/servers/PasswordAccountsServer/PasswordAccountsServer.py @@ -168,7 +168,7 @@ class PasswordAccountsServer( if object.password and password != object.password: raise faults.WrongPassword(password) identitiesProxy = getProxy(object.identityId) - return identitiesProxy.getUserToken(object.identityId) + return [identitiesProxy.getUserToken(object.identityId), 'password'] def fillEmptyVirtualServer(self, virtualServer): objects.ObjectsServer.fillEmptyVirtualServer(self, virtualServer) diff --git a/servers/X509AccountsServer/X509AccountsServer.py b/servers/X509AccountsServer/X509AccountsServer.py index 69ef5970..e59b779a 100755 --- a/servers/X509AccountsServer/X509AccountsServer.py +++ b/servers/X509AccountsServer/X509AccountsServer.py @@ -146,7 +146,8 @@ class X509AccountsServer( raise faults.WrongX509Serial(serial) object = virtualServer.objectsBySerial[serial] identitiesProxy = getProxy(object.identityId) - return identitiesProxy.getUserToken(object.identityId) + return [identitiesProxy.getUserToken(object.identityId), + object.authenticationMethod] def registerPublicMethods(self): objects.ObjectsServer.registerPublicMethods(self) diff --git a/shared/common/X509AccountsCommon.py b/shared/common/X509AccountsCommon.py index a4935f15..ed7d3806 100644 --- a/shared/common/X509AccountsCommon.py +++ b/shared/common/X509AccountsCommon.py @@ -53,8 +53,29 @@ class AdminX509Accounts(objects.AdminCommon): class X509Account(objects.ObjectCommon): - language_kindName = None + authenticationMethod = None + class authenticationMethod_kindClass: + _kindName = 'Choice' + isRequired = 1 + label = N_('Authentication Method') + labels = { + 'smartcardPki': N_('Smartcard Certificate'), + 'softwarePki': N_('Software Certificate'), + } + values = [ + 'smartcardPki', + 'softwarePki', + ] + identityId = None + class identityId_kindClass: + _kindName = 'Id' + isRequired = 1 + label = N_('Identity') + serverRoles = ['identities'] + + language_kindName = None + serial = None class serial_kindClass: _kindName = 'String' @@ -64,13 +85,6 @@ class X509Account(objects.ObjectCommon): label = N_('Serial') textMaxLength = 40 widget_size = 15 - - identityId = None - class identityId_kindClass: - _kindName = 'Id' - isRequired = 1 - label = N_('Identity') - serverRoles = ['identities'] serverRole = 'x509accounts' @@ -83,7 +97,7 @@ class X509Account(objects.ObjectCommon): def getOrderedLayoutSlotNames(self, parentSlot = None): slotNames = objects.ObjectCommon.getOrderedLayoutSlotNames( self, parentSlot = parentSlot) - slotNames += ['serial', 'identityId'] + slotNames += ['authenticationMethod', 'serial', 'identityId'] return slotNames diff --git a/shared/web/PasswordAccountsWeb.py b/shared/web/PasswordAccountsWeb.py index b7c141ff..89aed727 100644 --- a/shared/web/PasswordAccountsWeb.py +++ b/shared/web/PasswordAccountsWeb.py @@ -171,7 +171,7 @@ class PasswordAccountsWeb(objects.ObjectsWebMixin, ## return success(_('The password has been sent successfully.'), X.rootUrl()) try: - userToken = self.checkObjectAuthentication( + userToken, authenticationMethod = self.checkObjectAuthentication( object.login, object.password) except faults.WrongLogin, fault: context.getVar('error', 1) @@ -186,6 +186,6 @@ class PasswordAccountsWeb(objects.ObjectsWebMixin, raise return accessForbidden() identitiesWeb = getWebForServerRole('identities') - return identitiesWeb.loginSucceeded(userToken, 'password') + return identitiesWeb.loginSucceeded(userToken, authenticationMethod) loginSubmit.isPublicForWeb = 1 diff --git a/shared/web/X509AccountsWeb.py b/shared/web/X509AccountsWeb.py index 37485362..a794a5d4 100644 --- a/shared/web/X509AccountsWeb.py +++ b/shared/web/X509AccountsWeb.py @@ -112,7 +112,8 @@ class X509AccountsWeb(objects.ObjectsWebMixin, else: serial = env['SSL_CLIENT_M_SERIAL'] try: - userToken = self.checkObjectAuthentication(serial) + userToken, authenticationMethod \ + = self.checkObjectAuthentication(serial) except faults.WrongX509Serial: return self.returnToRetryPage(_( 'Unknown certificate serial number = %s' % serial)) @@ -121,5 +122,5 @@ class X509AccountsWeb(objects.ObjectsWebMixin, raise return accessForbidden() identitiesWeb = getWebForServerRole('identities') - return identitiesWeb.loginSucceeded(userToken, 'softwarePki') + return identitiesWeb.loginSucceeded(userToken, authenticationMethod) login.isPublicForWeb = 1 diff --git a/system/generate-system.py b/system/generate-system.py index ca930a34..fad7faaa 100755 --- a/system/generate-system.py +++ b/system/generate-system.py @@ -110,9 +110,10 @@ class Application(applications.Application): def login(self): passwordAccountsProxy = getProxyForServerRole('passwordaccounts') - userToken = passwordAccountsProxy.checkObjectAuthentication( - context.getVar('userLogin'), - context.getVar('userPassword')) + userToken, authenticationMethod \ + = passwordAccountsProxy.checkObjectAuthentication( + context.getVar('userLogin'), + context.getVar('userPassword')) context.setVar('userToken', userToken) def logout(self):