web pour l'auth ldap

shared/web/AuthenticationLdapWeb.py

@@ -0,0 +1,258 @@
+# -*- coding: iso-8859-15 -*-
+
+
+# Glasnost
+# By: Odile Bénassy <obenassy@entrouvert.com>
+#     Romain Chantereau <rchantereau@entrouvert.com>
+#     Nicolas Clapiès <nclapies@easter-eggs.org>
+#     Pierre-Antoine Dejace <padejace@entrouvert.be>
+#     Thierry Dulieu <tdulieu@easter-eggs.com>
+#     Florent Monnier <monnier@codelutin.com>
+#     Cédric Musso <cmusso@easter-eggs.org>
+#     Frédéric Péters <fpeters@entrouvert.be>
+#     Benjamin Poussin <poussin@codelutin.com>
+#     Emmanuel Raviart <eraviart@entrouvert.com>
+#     Sébastien Régnier <regnier@codelutin.com>
+#     Emmanuel Saracco <esaracco@easter-eggs.com>
+#
+# Copyright (C) 2000, 2001 Easter-eggs & Emmanuel Raviart
+# Copyright (C) 2002 Odile Bénassy, Code Lutin, Thierry Dulieu, Easter-eggs,
+#     Entr'ouvert, Frédéric Péters, Benjamin Poussin, Emmanuel Raviart,
+#     Emmanuel Saracco & Théridion
+# Copyright (C) 2003 Odile Bénassy, Romain Chantereau, Nicolas Clapiès,
+#     Code Lutin, Pierre-Antoine Dejace, Thierry Dulieu, Easter-eggs,
+#     Entr'ouvert, Florent Monnier, Cédric Musso, Ouvaton, Frédéric Péters,
+#     Benjamin Poussin, Rodolphe Quiédeville, Emmanuel Raviart, Sébastien
+#     Régnier, Emmanuel Saracco, Théridion & Vecam
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+
+
+__doc__ = """Glasnost Authentication (Login/Password) Web"""
+
+__version__ = '$Revision$'[11:-2]
+
+
+import glasnost.common.context as context
+import glasnost.common.faults as faults
+from glasnost.common.ObjectsCommon import *
+import glasnost.common.slots as slots
+import glasnost.common.translation as translation
+import glasnost.common.tools_new as commonTools
+
+from glasnost.proxy.AuthenticationLdapProxy import *
+
+from ObjectsWeb import register, AdminWithoutWritersMixin, WebMixin, BaseObjectWebMixin
+from tools import *
+
+class AdminAuthenticationLdap(AdminWithoutWritersMixin,
+                              AdminAuthenticationLdap):
+    bindString_kind_widget_size = 50
+    bindString_kind_widgetName = 'InputText'
+register(AdminAuthenticationLdap)
+
+
+class AccountLdap(BaseObjectWebMixin, AccountLdap):
+    def getEditLayoutSlotNames(self, fields, parentSlot = None):
+        slotNames = BaseObjectWebMixin.getEditLayoutSlotNames(self,
+                fields, parentSlot = parentSlot)
+        if context.getVar('authMode') != 'login':
+            slotNames.remove('password')
+        return slotNames
+register(AccountLdap)
+
+class AuthenticationLdapWeb(WebMixin, AuthenticationLdapProxy):
+    # FIXME: admin*() should be in a AdministrableWebMixin class
+
+    def admin(self):
+        if not self.canGetAdmin():
+            return accessForbidden()
+        admin = self.getAdmin()
+
+        keywords = {}
+        admin.makeFieldsFromInstance(keywords)
+        admin.repairFields(keywords)
+
+        layout = X.array()
+        layout += admin.getViewLayout(keywords)
+
+        buttonsBar = X.div(_class = 'buttons-bar')
+        layout += buttonsBar
+        if self.canModifyAdmin():
+            actionButtonsBar = X.span(_class = 'action-buttons-bar')
+            buttonsBar += actionButtonsBar
+            actionButtonsBar += X.buttonStandalone(
+                    'edit', X.actionUrl('adminEdit'))
+
+        return writePageLayout(layout, _('Authentication (LDAP) Settings'))
+    admin.isPublicForWeb = 1
+    
+    def adminEdit(self, again = '', error = '', **keywords):
+        if keywords is None:
+            keywords = {}
+        if not self.isAdmin():
+            return accessForbidden()
+        admin = self.getAdmin()
+
+        if not again:
+            admin.makeFieldsFromInstance(keywords)
+        admin.repairFields(keywords)
+
+        context.push(_level = 'adminEdit', layoutMode = 'edit')
+        try:
+            layout = X.array()
+            layout += admin.getErrorLayout(error, keywords)
+            form = X.form(action = X.actionUrl('adminSubmit'),
+                          enctype= 'multipart/form-data', method = 'post')
+            layout += form
+            form += admin.getEditLayout(keywords)
+
+            buttonsBar = X.div(_class = 'buttons-bar')
+            form += buttonsBar
+            actionButtonsBar = X.span(_class = 'action-buttons-bar')
+            buttonsBar += actionButtonsBar
+            actionButtonsBar += X.buttonInForm('modify', 'modifyButton')
+
+            return writePageLayout(
+                layout, _('Editing Authentication Settings'))
+        finally:
+            context.pull(_level = 'adminEdit')
+    adminEdit.isPublicForWeb = 1
+
+    def adminSubmit(self, **keywords):
+        if keywords is None:
+            keywords = {}
+        if not self.isAdmin():
+            return accessForbidden()
+        admin = self.getAdmin()
+
+        if isButtonSelected('applyButton', keywords):
+            keywords['again'] = '1'
+            keywords['hideErrors'] = '1'
+        admin = self.newAdmin(keywords)
+        admin.submitFields(keywords)
+        if keywords.has_key('again') and keywords['again']:
+            uri = X.actionUrl('adminEdit')
+            uri.addKeywords(keywords)
+            return redirect(uri)
+        try:
+            self.modifyAdmin(admin)
+        except faults.WrongVersion:
+            keywords['again'] = '1'
+            keywords['error'] = '1'
+            keywords['versionError'] = '1'
+            uri = X.actionUrl('adminEdit')
+            uri.addKeywords(keywords)
+            return redirect(uri)
+        except:
+            if context.getVar('debug'):
+                raise
+            return accessForbidden()
+        return redirect(X.actionUrl('admin'))
+    adminSubmit.isPublicForWeb = 1
+    
+    def login(self, nextUri = '', access = '', again = '', error = '', **keywords):
+        req = context.getVar('req')
+        req.headers_out['Cache-Control'] = 'no-cache, must-revalidate'
+        req.headers_out['Pragma'] = 'no-cache'
+        if keywords is None:
+            keywords = {}
+        authObject = self.newAuthenticationObject()
+        if not again:
+            authObject.initFields(keywords)
+        authObject.repairFields(keywords)
+        context.push(_level = 'index', layoutMode = 'edit',
+                authMode = 'login')
+        try:
+            layout = X.array()
+            if access == 'forbidden':
+                layout += X.p(_(
+                        'To access this part of the site, you need to sign in.'))
+            layout += authObject.getErrorLayout(error, keywords)
+
+            submitUrl = X.roleUrl(self.serverRole, 'loginSubmit')
+            if context.getVar('virtualHost').useHTTPS:
+                hostNameAndPort = commonTools.makeHttpHostNameAndPort(
+                        context.getVar('httpHostName'),
+                        context.getVar('httpPort'))
+                submitUrl = 'https://%s%s' % (hostNameAndPort, submitUrl)
+
+            form = X.form(action = submitUrl, enctype = 'multipart/form-data',
+                          method = 'post')
+            layout += form
+
+            form += authObject.getEditLayout(keywords)
+
+            if nextUri:
+                form += X.div(X.input(name = 'nextUri', type = 'hidden',
+                                      value = nextUri))
+            form += X.div(_class = 'buttons-bar')(
+                X.span(_class = 'action-buttons-bar')(
+                    X.buttonInForm('login', 'loginButton')),
+                )
+            return writePageLayout(layout, _('Login'))
+        finally:
+            context.pull(_level = 'index')
+    login.isPublicForWeb = 1
+
+    def loginSubmit(self, nextUri = '', **keywords):
+        if keywords is None:
+            keywords = {}
+        error = 0
+
+        authObject = self.newAuthenticationObject()
+        if error:
+            keywords['again'] = 1
+            keywords['error'] = 1
+        else:
+            authObject.submitFields(keywords)
+        if keywords.has_key('again') and keywords['again']:
+            uri = X.roleUrl(self.serverRole, 'login')
+            uri.add('nextUri', nextUri)
+            uri.addKeywords(keywords)
+            return redirect(uri)
+        authWeb = getWebForServerRole('authentication')
+        try:
+            return authWeb.loginSubmitted(
+                    'ldap', authObject, nextUri)
+        except faults.WrongLogin:
+            keywords['again'] = '1'
+            keywords['error'] = '1'
+            keywords['login_error'] = 'wrongValue'
+            uri = X.roleUrl(self.serverRole, 'login')
+            uri.add('nextUri', nextUri)
+            uri.addKeywords(keywords)
+            return redirect(uri)
+        except faults.WrongPassword:
+            keywords['again'] = '1'
+            keywords['error'] = '1'
+            keywords['password_error'] = 'wrongValue'
+            uri = X.roleUrl(self.serverRole, 'login')
+            uri.add('nextUri', nextUri)
+            uri.addKeywords(keywords)
+            return redirect(uri)
+        except:
+            if context.getVar('debug'):
+                raise
+            return accessForbidden()
+    loginSubmit.isPublicForWeb = 1
+
+    def getViewAllButtonsBarLayout(self):
+        layout = X.div(_class = 'buttons-bar')
+        userToken = context.getVar('userToken')
+        if self.canModifyAdmin() and userToken:
+            layout += X.buttonStandalone('settings', X.actionUrl('admin'))
+        return layout
+