web pour l'auth ldap
This commit is contained in:
parent
f49e5cee27
commit
9cb95b8154
|
@ -0,0 +1,258 @@
|
|||
# -*- coding: iso-8859-15 -*-
|
||||
|
||||
|
||||
# Glasnost
|
||||
# By: Odile Bénassy <obenassy@entrouvert.com>
|
||||
# Romain Chantereau <rchantereau@entrouvert.com>
|
||||
# Nicolas Clapiès <nclapies@easter-eggs.org>
|
||||
# Pierre-Antoine Dejace <padejace@entrouvert.be>
|
||||
# Thierry Dulieu <tdulieu@easter-eggs.com>
|
||||
# Florent Monnier <monnier@codelutin.com>
|
||||
# Cédric Musso <cmusso@easter-eggs.org>
|
||||
# Frédéric Péters <fpeters@entrouvert.be>
|
||||
# Benjamin Poussin <poussin@codelutin.com>
|
||||
# Emmanuel Raviart <eraviart@entrouvert.com>
|
||||
# Sébastien Régnier <regnier@codelutin.com>
|
||||
# Emmanuel Saracco <esaracco@easter-eggs.com>
|
||||
#
|
||||
# Copyright (C) 2000, 2001 Easter-eggs & Emmanuel Raviart
|
||||
# Copyright (C) 2002 Odile Bénassy, Code Lutin, Thierry Dulieu, Easter-eggs,
|
||||
# Entr'ouvert, Frédéric Péters, Benjamin Poussin, Emmanuel Raviart,
|
||||
# Emmanuel Saracco & Théridion
|
||||
# Copyright (C) 2003 Odile Bénassy, Romain Chantereau, Nicolas Clapiès,
|
||||
# Code Lutin, Pierre-Antoine Dejace, Thierry Dulieu, Easter-eggs,
|
||||
# Entr'ouvert, Florent Monnier, Cédric Musso, Ouvaton, Frédéric Péters,
|
||||
# Benjamin Poussin, Rodolphe Quiédeville, Emmanuel Raviart, Sébastien
|
||||
# Régnier, Emmanuel Saracco, Théridion & Vecam
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU General Public License
|
||||
# as published by the Free Software Foundation; either version 2
|
||||
# of the License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
|
||||
|
||||
__doc__ = """Glasnost Authentication (Login/Password) Web"""
|
||||
|
||||
__version__ = '$Revision$'[11:-2]
|
||||
|
||||
|
||||
import glasnost.common.context as context
|
||||
import glasnost.common.faults as faults
|
||||
from glasnost.common.ObjectsCommon import *
|
||||
import glasnost.common.slots as slots
|
||||
import glasnost.common.translation as translation
|
||||
import glasnost.common.tools_new as commonTools
|
||||
|
||||
from glasnost.proxy.AuthenticationLdapProxy import *
|
||||
|
||||
from ObjectsWeb import register, AdminWithoutWritersMixin, WebMixin, BaseObjectWebMixin
|
||||
from tools import *
|
||||
|
||||
class AdminAuthenticationLdap(AdminWithoutWritersMixin,
|
||||
AdminAuthenticationLdap):
|
||||
bindString_kind_widget_size = 50
|
||||
bindString_kind_widgetName = 'InputText'
|
||||
register(AdminAuthenticationLdap)
|
||||
|
||||
|
||||
class AccountLdap(BaseObjectWebMixin, AccountLdap):
|
||||
def getEditLayoutSlotNames(self, fields, parentSlot = None):
|
||||
slotNames = BaseObjectWebMixin.getEditLayoutSlotNames(self,
|
||||
fields, parentSlot = parentSlot)
|
||||
if context.getVar('authMode') != 'login':
|
||||
slotNames.remove('password')
|
||||
return slotNames
|
||||
register(AccountLdap)
|
||||
|
||||
class AuthenticationLdapWeb(WebMixin, AuthenticationLdapProxy):
|
||||
# FIXME: admin*() should be in a AdministrableWebMixin class
|
||||
|
||||
def admin(self):
|
||||
if not self.canGetAdmin():
|
||||
return accessForbidden()
|
||||
admin = self.getAdmin()
|
||||
|
||||
keywords = {}
|
||||
admin.makeFieldsFromInstance(keywords)
|
||||
admin.repairFields(keywords)
|
||||
|
||||
layout = X.array()
|
||||
layout += admin.getViewLayout(keywords)
|
||||
|
||||
buttonsBar = X.div(_class = 'buttons-bar')
|
||||
layout += buttonsBar
|
||||
if self.canModifyAdmin():
|
||||
actionButtonsBar = X.span(_class = 'action-buttons-bar')
|
||||
buttonsBar += actionButtonsBar
|
||||
actionButtonsBar += X.buttonStandalone(
|
||||
'edit', X.actionUrl('adminEdit'))
|
||||
|
||||
return writePageLayout(layout, _('Authentication (LDAP) Settings'))
|
||||
admin.isPublicForWeb = 1
|
||||
|
||||
def adminEdit(self, again = '', error = '', **keywords):
|
||||
if keywords is None:
|
||||
keywords = {}
|
||||
if not self.isAdmin():
|
||||
return accessForbidden()
|
||||
admin = self.getAdmin()
|
||||
|
||||
if not again:
|
||||
admin.makeFieldsFromInstance(keywords)
|
||||
admin.repairFields(keywords)
|
||||
|
||||
context.push(_level = 'adminEdit', layoutMode = 'edit')
|
||||
try:
|
||||
layout = X.array()
|
||||
layout += admin.getErrorLayout(error, keywords)
|
||||
form = X.form(action = X.actionUrl('adminSubmit'),
|
||||
enctype= 'multipart/form-data', method = 'post')
|
||||
layout += form
|
||||
form += admin.getEditLayout(keywords)
|
||||
|
||||
buttonsBar = X.div(_class = 'buttons-bar')
|
||||
form += buttonsBar
|
||||
actionButtonsBar = X.span(_class = 'action-buttons-bar')
|
||||
buttonsBar += actionButtonsBar
|
||||
actionButtonsBar += X.buttonInForm('modify', 'modifyButton')
|
||||
|
||||
return writePageLayout(
|
||||
layout, _('Editing Authentication Settings'))
|
||||
finally:
|
||||
context.pull(_level = 'adminEdit')
|
||||
adminEdit.isPublicForWeb = 1
|
||||
|
||||
def adminSubmit(self, **keywords):
|
||||
if keywords is None:
|
||||
keywords = {}
|
||||
if not self.isAdmin():
|
||||
return accessForbidden()
|
||||
admin = self.getAdmin()
|
||||
|
||||
if isButtonSelected('applyButton', keywords):
|
||||
keywords['again'] = '1'
|
||||
keywords['hideErrors'] = '1'
|
||||
admin = self.newAdmin(keywords)
|
||||
admin.submitFields(keywords)
|
||||
if keywords.has_key('again') and keywords['again']:
|
||||
uri = X.actionUrl('adminEdit')
|
||||
uri.addKeywords(keywords)
|
||||
return redirect(uri)
|
||||
try:
|
||||
self.modifyAdmin(admin)
|
||||
except faults.WrongVersion:
|
||||
keywords['again'] = '1'
|
||||
keywords['error'] = '1'
|
||||
keywords['versionError'] = '1'
|
||||
uri = X.actionUrl('adminEdit')
|
||||
uri.addKeywords(keywords)
|
||||
return redirect(uri)
|
||||
except:
|
||||
if context.getVar('debug'):
|
||||
raise
|
||||
return accessForbidden()
|
||||
return redirect(X.actionUrl('admin'))
|
||||
adminSubmit.isPublicForWeb = 1
|
||||
|
||||
def login(self, nextUri = '', access = '', again = '', error = '', **keywords):
|
||||
req = context.getVar('req')
|
||||
req.headers_out['Cache-Control'] = 'no-cache, must-revalidate'
|
||||
req.headers_out['Pragma'] = 'no-cache'
|
||||
if keywords is None:
|
||||
keywords = {}
|
||||
authObject = self.newAuthenticationObject()
|
||||
if not again:
|
||||
authObject.initFields(keywords)
|
||||
authObject.repairFields(keywords)
|
||||
context.push(_level = 'index', layoutMode = 'edit',
|
||||
authMode = 'login')
|
||||
try:
|
||||
layout = X.array()
|
||||
if access == 'forbidden':
|
||||
layout += X.p(_(
|
||||
'To access this part of the site, you need to sign in.'))
|
||||
layout += authObject.getErrorLayout(error, keywords)
|
||||
|
||||
submitUrl = X.roleUrl(self.serverRole, 'loginSubmit')
|
||||
if context.getVar('virtualHost').useHTTPS:
|
||||
hostNameAndPort = commonTools.makeHttpHostNameAndPort(
|
||||
context.getVar('httpHostName'),
|
||||
context.getVar('httpPort'))
|
||||
submitUrl = 'https://%s%s' % (hostNameAndPort, submitUrl)
|
||||
|
||||
form = X.form(action = submitUrl, enctype = 'multipart/form-data',
|
||||
method = 'post')
|
||||
layout += form
|
||||
|
||||
form += authObject.getEditLayout(keywords)
|
||||
|
||||
if nextUri:
|
||||
form += X.div(X.input(name = 'nextUri', type = 'hidden',
|
||||
value = nextUri))
|
||||
form += X.div(_class = 'buttons-bar')(
|
||||
X.span(_class = 'action-buttons-bar')(
|
||||
X.buttonInForm('login', 'loginButton')),
|
||||
)
|
||||
return writePageLayout(layout, _('Login'))
|
||||
finally:
|
||||
context.pull(_level = 'index')
|
||||
login.isPublicForWeb = 1
|
||||
|
||||
def loginSubmit(self, nextUri = '', **keywords):
|
||||
if keywords is None:
|
||||
keywords = {}
|
||||
error = 0
|
||||
|
||||
authObject = self.newAuthenticationObject()
|
||||
if error:
|
||||
keywords['again'] = 1
|
||||
keywords['error'] = 1
|
||||
else:
|
||||
authObject.submitFields(keywords)
|
||||
if keywords.has_key('again') and keywords['again']:
|
||||
uri = X.roleUrl(self.serverRole, 'login')
|
||||
uri.add('nextUri', nextUri)
|
||||
uri.addKeywords(keywords)
|
||||
return redirect(uri)
|
||||
authWeb = getWebForServerRole('authentication')
|
||||
try:
|
||||
return authWeb.loginSubmitted(
|
||||
'ldap', authObject, nextUri)
|
||||
except faults.WrongLogin:
|
||||
keywords['again'] = '1'
|
||||
keywords['error'] = '1'
|
||||
keywords['login_error'] = 'wrongValue'
|
||||
uri = X.roleUrl(self.serverRole, 'login')
|
||||
uri.add('nextUri', nextUri)
|
||||
uri.addKeywords(keywords)
|
||||
return redirect(uri)
|
||||
except faults.WrongPassword:
|
||||
keywords['again'] = '1'
|
||||
keywords['error'] = '1'
|
||||
keywords['password_error'] = 'wrongValue'
|
||||
uri = X.roleUrl(self.serverRole, 'login')
|
||||
uri.add('nextUri', nextUri)
|
||||
uri.addKeywords(keywords)
|
||||
return redirect(uri)
|
||||
except:
|
||||
if context.getVar('debug'):
|
||||
raise
|
||||
return accessForbidden()
|
||||
loginSubmit.isPublicForWeb = 1
|
||||
|
||||
def getViewAllButtonsBarLayout(self):
|
||||
layout = X.div(_class = 'buttons-bar')
|
||||
userToken = context.getVar('userToken')
|
||||
if self.canModifyAdmin() and userToken:
|
||||
layout += X.buttonStandalone('settings', X.actionUrl('admin'))
|
||||
return layout
|
||||
|
Reference in New Issue