glasnost/servers/AuthenticationServer/AuthenticationServer.py

#!/usr/bin/env python
# -*- coding: iso-8859-15 -*-


# Glasnost
# By: Odile Bénassy <obenassy@entrouvert.com>
#     Romain Chantereau <rchantereau@entrouvert.com>
#     Nicolas Clapiès <nclapies@easter-eggs.org>
#     Pierre-Antoine Dejace <padejace@entrouvert.be>
#     Thierry Dulieu <tdulieu@easter-eggs.com>
#     Florent Monnier <monnier@codelutin.com>
#     Cédric Musso <cmusso@easter-eggs.org>
#     Frédéric Péters <fpeters@entrouvert.be>
#     Benjamin Poussin <poussin@codelutin.com>
#     Emmanuel Raviart <eraviart@entrouvert.com>
#     Sébastien Régnier <regnier@codelutin.com>
#     Emmanuel Saracco <esaracco@easter-eggs.com>
#
# Copyright (C) 2000, 2001 Easter-eggs & Emmanuel Raviart
# Copyright (C) 2002 Odile Bénassy, Code Lutin, Thierry Dulieu, Easter-eggs,
#     Entr'ouvert, Frédéric Péters, Benjamin Poussin, Emmanuel Raviart,
#     Emmanuel Saracco & Théridion
# Copyright (C) 2003 Odile Bénassy, Romain Chantereau, Nicolas Clapiès,
#     Code Lutin, Pierre-Antoine Dejace, Thierry Dulieu, Easter-eggs,
#     Entr'ouvert, Florent Monnier, Cédric Musso, Ouvaton, Frédéric Péters,
#     Benjamin Poussin, Rodolphe Quiédeville, Emmanuel Raviart, Sébastien
#     Régnier, Emmanuel Saracco, Théridion & Vecam
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.


__doc__ = """Glasnost Authentication Server"""

__version__ = '$Revision$'[11:-2]


import cPickle
import imp
import sys
import time
import whrandom

glasnostPythonDir = '/usr/local/lib/glasnost-devel' # changed on make install
sys.path.insert(0, glasnostPythonDir)

import glasnost

from glasnost.common.AuthenticationCommon import *
import glasnost.common.faults as faults
import glasnost.common.tools_new as commonTools

from glasnost.proxy.DispatcherProxy import getApplicationId, \
        getApplicationToken, registerServer, registerVirtualServer
from glasnost.server.ObjectsServer import register, AdministrableServerMixin, \
        AdminServerMixin, Server, VirtualServer, AdministrableVirtualServer
from glasnost.server.tools import *

from glasnost.proxy.GroupsProxy import setContains

import glasnost.server.kinds as kinds


applicationName = 'AuthenticationServer'
applicationRole = 'authentication'
dispatcher = None

# Don't forget to also change the value in SessionsServer.py.
expirationTime = 120


# FIXME: those are necessary to get access to PeopleServer.pickle; they should
# be removed at the time it is no longer necessary to access this file.
class PeopleVirtualServer: pass
class Person: pass
class AdminPeople: pass

class AdminAuthentication(AdminServerMixin, AdminAuthenticationCommon):
    pass
register(AdminAuthentication)

class AuthenticationVirtualServer(AdministrableVirtualServer):
    userIds = None
    userTokens = None
    tokenExpirations = None

    def init(self):
        AdministrableVirtualServer.init(self)
        if not self.admin.authenticationMethods:
            self.admin.authenticationMethods = ['login-password']
        self.userIds = {}
        self.userTokens = {}
        self.tokenExpirations = {}

    def testExpiration(self, userToken):
        if not self.userIds.has_key(userToken):
            return
        if time.time() > self.tokenExpirations[userToken]:
            print 'userToken %s expired' % userToken
            userId = self.userIds[userToken]
            del self.userIds[userToken]
            del self.userTokens[userId]
            del self.tokenExpirations[userToken]
        else:
            self.tokenExpirations[userToken] = time.time() + expirationTime

class AuthenticationServer(AuthenticationCommonMixin,
            AdministrableServerMixin, Server):
    VirtualServer = AuthenticationVirtualServer

    def computeVirtualServerIdFromUserToken(self, userToken):
        return self.computeVirtualServerId(userToken)

    def getUserId(self):
        virtualServerId = context.getVar('applicationId')
        userToken = context.getVar('userToken')
        virtualServer = self.getVirtualServer(virtualServerId)
        virtualServer.testExpiration(userToken)
        if not userToken:
            return ''
        if not virtualServer.userIds.has_key(userToken):
            raise faults.UnknownUserToken(userToken)
        userId = virtualServer.userIds[userToken]
        return userId

    def getUserToken(self, authenticationMethod, tupleInfo):
        virtualServerId = context.getVar('applicationId')
        virtualServer = self.getVirtualServer(virtualServerId)

        authServer = getProxyForServerRole('authentication-%s' % \
                authenticationMethod)
        userId = authServer.checkAuthentication(tuple(tupleInfo))

        virtualServer.lock.acquire()
        if virtualServer.userTokens.has_key(userId):
            userToken = virtualServer.userTokens[userId]
            virtualServer.testExpiration(userToken)

        if virtualServer.userTokens.has_key(userId):
            userToken = virtualServer.userTokens[userId]
            virtualServer.lock.release()
        else:
            while 1:
                userLocalToken = str(
                    self.randomGenerator.uniform(0.1, 1))[2:]
                userToken = '%s/%s' % (virtualServerId, userLocalToken)
                if not virtualServer.userIds.has_key(userToken):
                    break
            virtualServer.userTokens[userId] = userToken
            virtualServer.userIds[userToken] = userId
            virtualServer.tokenExpirations[userToken] = \
                time.time() + expirationTime
            virtualServer.lock.release()
            virtualServer.markAllAsDirtyFIXME()
        return userToken

    def init(self):
        self.randomGenerator = whrandom.whrandom()
        Server.init(self)

    def loadConfigOptions(self):
        Server.loadConfigOptions(self)

        # Default expiration time is 120 minutes.
        global expirationTime
        expirationTime = int(
                commonTools.getConfig('Misc', 'ExpirationTime', '120')) * 60

    def registerAuthenticationMethod(self, method):
        print 'adding authentication method:', method
    
    def registerPublicMethods(self):
        Server.registerPublicMethods(self)
        AdministrableServerMixin.registerPublicMethods(self)
        self.registerPublicMethod('getUserId')
        self.registerPublicMethod('getUserToken')
        self.registerPublicMethod('registerAuthenticationMethod')
        self.registerPublicMethod('setContainsUser')

    def repairVirtualServer(self, virtualServer, version):
        changed = 0
        if version < 1049000:
            admin = virtualServer.admin
            if not admin.authenticationMethods:
                admin.authenticationMethods = ['login-password']
                changed = 1
        if changed:
            virtualServer.markAllAsDirtyFIXME()

    def setContainsUser(self, set):
        userId = getProxyForServerRole('authentication').getUserId()
        return setContains(set, userId)


authenticationServer = AuthenticationServer()


if __name__ == "__main__":
    authenticationServer.launch(applicationName, applicationRole)