From 16d4970caf91998dc636bd718cadfc88124d3a2e Mon Sep 17 00:00:00 2001 From: eraviart <> Date: Thu, 25 Dec 2003 10:06:00 +0000 Subject: [PATCH] =?UTF-8?q?Ajout=20d'un=20param=C3=A8tre=20authenticationM?= =?UTF-8?q?ethod=20afin=20de=20pouvoir=20diff=C3=A9rencier=20les=20authent?= =?UTF-8?q?ifications=20par=20certificat=20X.509v3=20stock=C3=A9=20dans=20?= =?UTF-8?q?le=20navigateur=20web=20et=20celles=20par=20certificat=20X.509v?= =?UTF-8?q?3=20stock=C3=A9=20dans=20une=20carte=20=C3=A0=20puce.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../PasswordAccountsServer.py | 2 +- .../X509AccountsServer/X509AccountsServer.py | 3 +- shared/common/X509AccountsCommon.py | 32 +++++++++++++------ shared/web/PasswordAccountsWeb.py | 4 +-- shared/web/X509AccountsWeb.py | 5 +-- system/generate-system.py | 7 ++-- 6 files changed, 35 insertions(+), 18 deletions(-) diff --git a/servers/PasswordAccountsServer/PasswordAccountsServer.py b/servers/PasswordAccountsServer/PasswordAccountsServer.py index 9cd04aff..ec034728 100755 --- a/servers/PasswordAccountsServer/PasswordAccountsServer.py +++ b/servers/PasswordAccountsServer/PasswordAccountsServer.py @@ -168,7 +168,7 @@ class PasswordAccountsServer( if object.password and password != object.password: raise faults.WrongPassword(password) identitiesProxy = getProxy(object.identityId) - return identitiesProxy.getUserToken(object.identityId) + return [identitiesProxy.getUserToken(object.identityId), 'password'] def fillEmptyVirtualServer(self, virtualServer): objects.ObjectsServer.fillEmptyVirtualServer(self, virtualServer) diff --git a/servers/X509AccountsServer/X509AccountsServer.py b/servers/X509AccountsServer/X509AccountsServer.py index 69ef5970..e59b779a 100755 --- a/servers/X509AccountsServer/X509AccountsServer.py +++ b/servers/X509AccountsServer/X509AccountsServer.py @@ -146,7 +146,8 @@ class X509AccountsServer( raise faults.WrongX509Serial(serial) object = virtualServer.objectsBySerial[serial] identitiesProxy = getProxy(object.identityId) - return identitiesProxy.getUserToken(object.identityId) + return [identitiesProxy.getUserToken(object.identityId), + object.authenticationMethod] def registerPublicMethods(self): objects.ObjectsServer.registerPublicMethods(self) diff --git a/shared/common/X509AccountsCommon.py b/shared/common/X509AccountsCommon.py index a4935f15..ed7d3806 100644 --- a/shared/common/X509AccountsCommon.py +++ b/shared/common/X509AccountsCommon.py @@ -53,8 +53,29 @@ class AdminX509Accounts(objects.AdminCommon): class X509Account(objects.ObjectCommon): - language_kindName = None + authenticationMethod = None + class authenticationMethod_kindClass: + _kindName = 'Choice' + isRequired = 1 + label = N_('Authentication Method') + labels = { + 'smartcardPki': N_('Smartcard Certificate'), + 'softwarePki': N_('Software Certificate'), + } + values = [ + 'smartcardPki', + 'softwarePki', + ] + identityId = None + class identityId_kindClass: + _kindName = 'Id' + isRequired = 1 + label = N_('Identity') + serverRoles = ['identities'] + + language_kindName = None + serial = None class serial_kindClass: _kindName = 'String' @@ -64,13 +85,6 @@ class X509Account(objects.ObjectCommon): label = N_('Serial') textMaxLength = 40 widget_size = 15 - - identityId = None - class identityId_kindClass: - _kindName = 'Id' - isRequired = 1 - label = N_('Identity') - serverRoles = ['identities'] serverRole = 'x509accounts' @@ -83,7 +97,7 @@ class X509Account(objects.ObjectCommon): def getOrderedLayoutSlotNames(self, parentSlot = None): slotNames = objects.ObjectCommon.getOrderedLayoutSlotNames( self, parentSlot = parentSlot) - slotNames += ['serial', 'identityId'] + slotNames += ['authenticationMethod', 'serial', 'identityId'] return slotNames diff --git a/shared/web/PasswordAccountsWeb.py b/shared/web/PasswordAccountsWeb.py index b7c141ff..89aed727 100644 --- a/shared/web/PasswordAccountsWeb.py +++ b/shared/web/PasswordAccountsWeb.py @@ -171,7 +171,7 @@ class PasswordAccountsWeb(objects.ObjectsWebMixin, ## return success(_('The password has been sent successfully.'), X.rootUrl()) try: - userToken = self.checkObjectAuthentication( + userToken, authenticationMethod = self.checkObjectAuthentication( object.login, object.password) except faults.WrongLogin, fault: context.getVar('error', 1) @@ -186,6 +186,6 @@ class PasswordAccountsWeb(objects.ObjectsWebMixin, raise return accessForbidden() identitiesWeb = getWebForServerRole('identities') - return identitiesWeb.loginSucceeded(userToken, 'password') + return identitiesWeb.loginSucceeded(userToken, authenticationMethod) loginSubmit.isPublicForWeb = 1 diff --git a/shared/web/X509AccountsWeb.py b/shared/web/X509AccountsWeb.py index 37485362..a794a5d4 100644 --- a/shared/web/X509AccountsWeb.py +++ b/shared/web/X509AccountsWeb.py @@ -112,7 +112,8 @@ class X509AccountsWeb(objects.ObjectsWebMixin, else: serial = env['SSL_CLIENT_M_SERIAL'] try: - userToken = self.checkObjectAuthentication(serial) + userToken, authenticationMethod \ + = self.checkObjectAuthentication(serial) except faults.WrongX509Serial: return self.returnToRetryPage(_( 'Unknown certificate serial number = %s' % serial)) @@ -121,5 +122,5 @@ class X509AccountsWeb(objects.ObjectsWebMixin, raise return accessForbidden() identitiesWeb = getWebForServerRole('identities') - return identitiesWeb.loginSucceeded(userToken, 'softwarePki') + return identitiesWeb.loginSucceeded(userToken, authenticationMethod) login.isPublicForWeb = 1 diff --git a/system/generate-system.py b/system/generate-system.py index ca930a34..fad7faaa 100755 --- a/system/generate-system.py +++ b/system/generate-system.py @@ -110,9 +110,10 @@ class Application(applications.Application): def login(self): passwordAccountsProxy = getProxyForServerRole('passwordaccounts') - userToken = passwordAccountsProxy.checkObjectAuthentication( - context.getVar('userLogin'), - context.getVar('userPassword')) + userToken, authenticationMethod \ + = passwordAccountsProxy.checkObjectAuthentication( + context.getVar('userLogin'), + context.getVar('userPassword')) context.setVar('userToken', userToken) def logout(self):