# Copyright (C) 2004,2005 PreludeIDS Technologies. All Rights Reserved. # Author: Nicolas Delon # # This file is part of the Prewikka program. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; see the file COPYING. If not, write to # the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA. import time import md5 import random from prewikka.Error import PrewikkaError, SimpleError from prewikka import DataSet from prewikka import Database from prewikka import Log from prewikka import User class AuthError(PrewikkaError): def __init__(self, message="", arguments={}): self.dataset = DataSet.DataSet() self.dataset["message"] = message self.dataset["arguments"] = arguments.items() self.template = "LoginPasswordForm" class Auth: def __init__(self, env): self.db = env.db self.log = env.log has_user_manager = False for login in self.db.getUserLogins(): user = self.db.getUser(login) if User.PERM_USER_MANAGEMENT in user.permissions: has_user_manager = True break if not has_user_manager: self.db.createUser(User.ADMIN_LOGIN) self.db.setPermissions(User.ADMIN_LOGIN, User.ALL_PERMISSIONS) def canSetPassword(self): return hasattr(self, "setPassword") def canLogout(self): return hasattr(self, "logout") class Session: def __init__(self, expiration): self._expiration = expiration def checkSession(self, request): if not request.input_cookie.has_key("sessionid"): raise AuthError(arguments=request.arguments) sessionid = request.input_cookie["sessionid"].value try: login, t = self.db.getSession(sessionid) except Database.DatabaseInvalidSessionError: self.log(Log.EVENT_INVALID_SESSIONID, request) raise AuthError("invalid sessionid", request.arguments) now = int(time.time()) if now > t + self._expiration: self.db.deleteSession(sessionid) self.log(Log.EVENT_SESSION_EXPIRED, request) raise AuthError("session expired", request.arguments) self.db.updateSession(sessionid, now) return login def createSession(self, request, login): t = int(time.time()) self.db.deleteExpiredSessions(t - self._expiration) sessionid = md5.new(str(t * random.random())).hexdigest() self.db.createSession(sessionid, login, t) request.output_cookie["sessionid"] = sessionid request.output_cookie["sessionid"]["expires"] = self._expiration def deleteSession(self, request): self.db.deleteSession(request.input_cookie["sessionid"].value) class LoginPasswordAuth(Auth, Session): def __init__(self, env, session_expiration): Auth.__init__(self, env) Session.__init__(self, session_expiration) def getUser(self, request): if not request.arguments.has_key("view") and request.arguments.has_key("login"): login = request.arguments["login"] del request.arguments["login"] password = request.arguments.get("password") try: del request.arguments["password"] except KeyError: pass try: self.checkPassword(login, password) except AuthError, e: e.dataset["arguments"] = request.arguments.items() raise e self.createSession(request, login) else: login = self.checkSession(request) return self.db.getUser(login) def logout(self, request): self.deleteSession(request) raise AuthError() class AnonymousAuth(Auth): def __init__(self): pass def getUser(self, request): return User.User("anonymous", User.ALL_PERMISSIONS)