Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- python:grok-1.4-ldapauth [2011/10/19 10:06] – jenad
+++ python:grok-1.4-ldapauth [2017/11/15 08:08] (aktuell) – gelöscht jenad
@@ Zeile 1: / Zeile 1: @@
-app.py
-<code python>
-import grok
-import rolesAndPerms
-import ldapauth
-from demo import resource
-from zope.pluggableauth.authentication import PluggableAuthentication
-from zope.authentication.interfaces import IAuthentication
-class Demo(grok.Application, grok.Container):
-    grok.local_utility(
-         PluggableAuthentication, provides=IAuthentication,
-              setup=ldapauth.setup_authentication,
-                   )
-class Index(grok.View):
-    grok.require("mysite.View")
-    def update(self):
-        resource.style.need()
-from zope.interface import Interface
-from zope import schema
-class ILoginForm(Interface):
-    login = schema.BytesLine(title=u'Username', required=True)
-    password = schema.Password(title=u'Password', required=True)
-class MyLogin(grok.Form):
-    grok.context(Interface)
-    grok.require('zope.Public')
-    form_fields = grok.Fields(ILoginForm)
-    @grok.action('login')
-    def handle_login(self, **data):
-      uid=self.request.get('camefrom','hans')
-      self.redirect(self.request.form.get('camefrom', uid))
-from zope.pluggableauth.interfaces import ILogout
-from zope.authentication.interfaces import IUnauthenticatedPrincipal
-from zope.component import getUtility
-class Logout(grok.View):
-    grok.context(Interface)
-    grok.require('zope.Public')
-    def update(self):
-        if not IUnauthenticatedPrincipal.providedBy(self.request.principal):
-            auth = getUtility(IAuthentication)
-            ILogout(auth).logout(self.request)
-    def render(self):
-      return "logout successful!!"
-</code>
-rolesAndPerms.py
-<code python>
-import grok
-from zope.pluggableauth.interfaces import IAuthenticatedPrincipalCreated
-from zope.securitypolicy.interfaces import IRolePermissionManager,IPrincipalRoleManager
-@grok.subscribe(IAuthenticatedPrincipalCreated)
-def update_principal_info_from_ldap(event):
- principal = event.principal
- app = grok.getSite()
- prm = IPrincipalRoleManager(app)
- prm.assignRoleToPrincipal('mysite.Viewer', principal.id)
-class ViewDemo(grok.Permission):
-    grok.name('mysite.View')
-    grok.title('View this Demo') # optional
-class Viewer(grok.Role):
-    """
-    A Viewer can view.
-    """
-    grok.name('mysite.Viewer')
-    grok.title('The Viewer')
-    grok.description('A Viewer.')
-    grok.permissions('mysite.View')
-    # alternatively, use permission names
-    # grok.permissions(
-    #    'paint.ViewPainting', 'paint.EditPainting', 'paint.ErasePainting')
-</code>
-ldapauth.py
-<code python>
-import grok
-def setup_authentication(pau):
-    """Set up pluggable authentication utility.
-    Sets up an IAuthenticatorPlugin and
-    ICredentialsPlugin (for the authentication mechanism)
-    """
-    pau.credentialsPlugins = ['credentials']
-    pau.authenticatorPlugins = ['ldapusers']
-    pau.prefix = u'pau3.'
-from zope.pluggableauth.plugins.session import SessionCredentialsPlugin
-from zope.pluggableauth.interfaces import ICredentialsPlugin
-class MyCreds(grok.GlobalUtility, SessionCredentialsPlugin):
-    grok.provides(ICredentialsPlugin)
-    grok.name('credentials')
-    loginpagename = 'mylogin'
-    loginfield = 'form.login'
-    passwordfield = 'form.password'
-from zope.pluggableauth.interfaces import IAuthenticatorPlugin
-class UserAuthenticatorPlugin(grok.GlobalUtility):
-    grok.provides(IAuthenticatorPlugin)
-    grok.name('ldapusers')
-    def authenticateCredentials(self, credentials):
-        if not isinstance(credentials, dict):
-            return None
-        if not ('login' in credentials and 'password' in credentials):
-            return None
-        account = self.getAccount(credentials['login'].strip().lower())
-        if account is None:
-            return None
-        if not account.checkPassword(credentials['password']):
-            return None
-        return PrincipalInfo(id=account.name,
-                             title=account.cn,
-                             description=account.cn)
-    def principalInfo(self, id):
-        account = self.getAccount(id)
-        if account is None:
-            return None
-        return PrincipalInfo(id=account.name,
-                             title=account.name,
-                             description=account.name)
-    def getAccount(self, login):
-      #  ... look up the account object and return it ...
-      return Account(login)
-from zope.pluggableauth.interfaces import IPrincipalInfo
-class PrincipalInfo(object):
-    grok.implements(IPrincipalInfo)
-    def __init__(self, id, title, description):
-        self.id = id
-        self.title = title
-        self.description = description
-        self.credentialsPlugin = None
-        self.authenticatorPlugin = None
-import ldap
-from zope import component
-from zope.password.interfaces import IPasswordManager
-class Account(object):
-    """ erzeugt einen account und stellt eine methode
-    checkpassword bereit, um das passwort zu testen
-    todo: das passwort wird bei jedem seitenaufruf ueberprueft,
-    hier sollte irgendwas in der session gemerkt werden (user is
-    authenticated oder sowas)
-    """
-    def __init__(self, name):
-        self.name = name
-        self.password = None
-    def checkPassword(self, password):
-      """ hier wird das passwort ueberprueft, kann gegen beliebige
-          auth-quellen gemacht werden
-          in diesem fall gegen ldap
-      """
-      lconn=ldap.initialize('ldaps://'+LDAPSERVER)
-      if True:
-        lconn.simple_bind_s()
-        r=lconn.search_s(LDAPSEARCHBASE,
-                            ldap.SCOPE_SUBTREE,
-                            '(uid=%s)' % self.name,
-                            ['cn'])
-        if len(r)==1:
-          dn,atts=r[0]
-          try:
-            lconn.simple_bind_s(dn,password)
-          except:
-            return False
-          self.cn=atts['cn'][0].decode('utf8')
-          return True
-        else:
-          return False
-</code>
-app_templates/mylogin.pt
-<code xml>
-<html>
-<head>
-</head>
-<body>
-<form action=""
-      method="post" class="edit-form"
-      enctype="multipart/form-data">
-  <table class="form-fields">
-    <tbody>
-        <tr>
-          <td class="label">
-            <label for="form.login">
-              <span class="required">*</span><span>Username</span>
-            </label>
-          </td>
-          <td class="field">
-            <div class="widget"><input class="textType" id="form.login" name="form.login" size="20" type="text" value=""  /></div>
-          </td>
-        </tr>
-        <tr>
-          <td class="label">
-            <label for="form.password">
-              <span class="required">*</span><span>Password</span>
-            </label>
-          </td>
-          <td class="field">
-            <div class="widget"><input class="passwordType" id="form.password" name="form.password" size="20" type="password" value=""  /></div>
-          </td>
-        </tr>
-    </tbody>
-  </table>
-  <div id="actionsView">
-    <span class="actionButtons">
-      <input type="submit" id="form.actions.login" name="form.actions.login" value="login" class="button" />
-    </span>
-  </div>
-  <input tal:condition="request/camefrom | nothing" type="hidden"
-       name="camefrom" tal:attributes="value request/form/camefrom | nothing" />
-</form>
-</body>
-</html>
-</code>
-resource.py
-<code python>
-from fanstatic import Library, Resource
-library = Library('demo', 'static')
-style = Resource(library, 'style.css'
-</code>