Ajout d'un paramètre authenticationMethod afin de pouvoir différencier les
authentifications par certificat X.509v3 stocké dans le navigateur web et celles par certificat X.509v3 stocké dans une carte à puce.
This commit is contained in:
parent
332a4fbd45
commit
16d4970caf
|
@ -168,7 +168,7 @@ class PasswordAccountsServer(
|
||||||
if object.password and password != object.password:
|
if object.password and password != object.password:
|
||||||
raise faults.WrongPassword(password)
|
raise faults.WrongPassword(password)
|
||||||
identitiesProxy = getProxy(object.identityId)
|
identitiesProxy = getProxy(object.identityId)
|
||||||
return identitiesProxy.getUserToken(object.identityId)
|
return [identitiesProxy.getUserToken(object.identityId), 'password']
|
||||||
|
|
||||||
def fillEmptyVirtualServer(self, virtualServer):
|
def fillEmptyVirtualServer(self, virtualServer):
|
||||||
objects.ObjectsServer.fillEmptyVirtualServer(self, virtualServer)
|
objects.ObjectsServer.fillEmptyVirtualServer(self, virtualServer)
|
||||||
|
|
|
@ -146,7 +146,8 @@ class X509AccountsServer(
|
||||||
raise faults.WrongX509Serial(serial)
|
raise faults.WrongX509Serial(serial)
|
||||||
object = virtualServer.objectsBySerial[serial]
|
object = virtualServer.objectsBySerial[serial]
|
||||||
identitiesProxy = getProxy(object.identityId)
|
identitiesProxy = getProxy(object.identityId)
|
||||||
return identitiesProxy.getUserToken(object.identityId)
|
return [identitiesProxy.getUserToken(object.identityId),
|
||||||
|
object.authenticationMethod]
|
||||||
|
|
||||||
def registerPublicMethods(self):
|
def registerPublicMethods(self):
|
||||||
objects.ObjectsServer.registerPublicMethods(self)
|
objects.ObjectsServer.registerPublicMethods(self)
|
||||||
|
|
|
@ -53,8 +53,29 @@ class AdminX509Accounts(objects.AdminCommon):
|
||||||
|
|
||||||
|
|
||||||
class X509Account(objects.ObjectCommon):
|
class X509Account(objects.ObjectCommon):
|
||||||
language_kindName = None
|
authenticationMethod = None
|
||||||
|
class authenticationMethod_kindClass:
|
||||||
|
_kindName = 'Choice'
|
||||||
|
isRequired = 1
|
||||||
|
label = N_('Authentication Method')
|
||||||
|
labels = {
|
||||||
|
'smartcardPki': N_('Smartcard Certificate'),
|
||||||
|
'softwarePki': N_('Software Certificate'),
|
||||||
|
}
|
||||||
|
values = [
|
||||||
|
'smartcardPki',
|
||||||
|
'softwarePki',
|
||||||
|
]
|
||||||
|
|
||||||
|
identityId = None
|
||||||
|
class identityId_kindClass:
|
||||||
|
_kindName = 'Id'
|
||||||
|
isRequired = 1
|
||||||
|
label = N_('Identity')
|
||||||
|
serverRoles = ['identities']
|
||||||
|
|
||||||
|
language_kindName = None
|
||||||
|
|
||||||
serial = None
|
serial = None
|
||||||
class serial_kindClass:
|
class serial_kindClass:
|
||||||
_kindName = 'String'
|
_kindName = 'String'
|
||||||
|
@ -64,13 +85,6 @@ class X509Account(objects.ObjectCommon):
|
||||||
label = N_('Serial')
|
label = N_('Serial')
|
||||||
textMaxLength = 40
|
textMaxLength = 40
|
||||||
widget_size = 15
|
widget_size = 15
|
||||||
|
|
||||||
identityId = None
|
|
||||||
class identityId_kindClass:
|
|
||||||
_kindName = 'Id'
|
|
||||||
isRequired = 1
|
|
||||||
label = N_('Identity')
|
|
||||||
serverRoles = ['identities']
|
|
||||||
|
|
||||||
serverRole = 'x509accounts'
|
serverRole = 'x509accounts'
|
||||||
|
|
||||||
|
@ -83,7 +97,7 @@ class X509Account(objects.ObjectCommon):
|
||||||
def getOrderedLayoutSlotNames(self, parentSlot = None):
|
def getOrderedLayoutSlotNames(self, parentSlot = None):
|
||||||
slotNames = objects.ObjectCommon.getOrderedLayoutSlotNames(
|
slotNames = objects.ObjectCommon.getOrderedLayoutSlotNames(
|
||||||
self, parentSlot = parentSlot)
|
self, parentSlot = parentSlot)
|
||||||
slotNames += ['serial', 'identityId']
|
slotNames += ['authenticationMethod', 'serial', 'identityId']
|
||||||
return slotNames
|
return slotNames
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -171,7 +171,7 @@ class PasswordAccountsWeb(objects.ObjectsWebMixin,
|
||||||
## return success(_('The password has been sent successfully.'), X.rootUrl())
|
## return success(_('The password has been sent successfully.'), X.rootUrl())
|
||||||
|
|
||||||
try:
|
try:
|
||||||
userToken = self.checkObjectAuthentication(
|
userToken, authenticationMethod = self.checkObjectAuthentication(
|
||||||
object.login, object.password)
|
object.login, object.password)
|
||||||
except faults.WrongLogin, fault:
|
except faults.WrongLogin, fault:
|
||||||
context.getVar('error', 1)
|
context.getVar('error', 1)
|
||||||
|
@ -186,6 +186,6 @@ class PasswordAccountsWeb(objects.ObjectsWebMixin,
|
||||||
raise
|
raise
|
||||||
return accessForbidden()
|
return accessForbidden()
|
||||||
identitiesWeb = getWebForServerRole('identities')
|
identitiesWeb = getWebForServerRole('identities')
|
||||||
return identitiesWeb.loginSucceeded(userToken, 'password')
|
return identitiesWeb.loginSucceeded(userToken, authenticationMethod)
|
||||||
loginSubmit.isPublicForWeb = 1
|
loginSubmit.isPublicForWeb = 1
|
||||||
|
|
||||||
|
|
|
@ -112,7 +112,8 @@ class X509AccountsWeb(objects.ObjectsWebMixin,
|
||||||
else:
|
else:
|
||||||
serial = env['SSL_CLIENT_M_SERIAL']
|
serial = env['SSL_CLIENT_M_SERIAL']
|
||||||
try:
|
try:
|
||||||
userToken = self.checkObjectAuthentication(serial)
|
userToken, authenticationMethod \
|
||||||
|
= self.checkObjectAuthentication(serial)
|
||||||
except faults.WrongX509Serial:
|
except faults.WrongX509Serial:
|
||||||
return self.returnToRetryPage(_(
|
return self.returnToRetryPage(_(
|
||||||
'Unknown certificate serial number = %s' % serial))
|
'Unknown certificate serial number = %s' % serial))
|
||||||
|
@ -121,5 +122,5 @@ class X509AccountsWeb(objects.ObjectsWebMixin,
|
||||||
raise
|
raise
|
||||||
return accessForbidden()
|
return accessForbidden()
|
||||||
identitiesWeb = getWebForServerRole('identities')
|
identitiesWeb = getWebForServerRole('identities')
|
||||||
return identitiesWeb.loginSucceeded(userToken, 'softwarePki')
|
return identitiesWeb.loginSucceeded(userToken, authenticationMethod)
|
||||||
login.isPublicForWeb = 1
|
login.isPublicForWeb = 1
|
||||||
|
|
|
@ -110,9 +110,10 @@ class Application(applications.Application):
|
||||||
|
|
||||||
def login(self):
|
def login(self):
|
||||||
passwordAccountsProxy = getProxyForServerRole('passwordaccounts')
|
passwordAccountsProxy = getProxyForServerRole('passwordaccounts')
|
||||||
userToken = passwordAccountsProxy.checkObjectAuthentication(
|
userToken, authenticationMethod \
|
||||||
context.getVar('userLogin'),
|
= passwordAccountsProxy.checkObjectAuthentication(
|
||||||
context.getVar('userPassword'))
|
context.getVar('userLogin'),
|
||||||
|
context.getVar('userPassword'))
|
||||||
context.setVar('userToken', userToken)
|
context.setVar('userToken', userToken)
|
||||||
|
|
||||||
def logout(self):
|
def logout(self):
|
||||||
|
|
Reference in New Issue