Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
erp5
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Douglas
erp5
Commits
d5008fbe
Commit
d5008fbe
authored
Apr 25, 2012
by
Łukasz Nowak
Committed by
Rafael Monnerat
Sep 17, 2012
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Rewrite in order to simplify future expansion.
parent
30e131ed
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
43 additions
and
31 deletions
+43
-31
product/ERP5Security/ERP5BearerExtractionPlugin.py
product/ERP5Security/ERP5BearerExtractionPlugin.py
+43
-31
No files found.
product/ERP5Security/ERP5BearerExtractionPlugin.py
View file @
d5008fbe
...
@@ -81,41 +81,53 @@ class ERP5BearerExtractionPlugin(BasePlugin):
...
@@ -81,41 +81,53 @@ class ERP5BearerExtractionPlugin(BasePlugin):
def
extractCredentials
(
self
,
request
):
def
extractCredentials
(
self
,
request
):
""" Extract credentials from the request header. """
""" Extract credentials from the request header. """
creds
=
{}
creds
=
{}
authorisation
=
request
.
_auth
token
=
None
if
authorisation
is
not
None
:
if
request
.
_auth
is
not
None
:
if
'Bearer'
in
authorisation
:
# 1st - try to fetch from Authorization header
if
'Bearer'
in
request
.
_auth
:
l
=
authorisation
.
split
()
l
=
authorisation
.
split
()
if
len
(
l
)
==
2
:
if
len
(
l
)
==
2
:
token
=
l
[
1
]
token
=
l
[
1
]
sm
=
getSecurityManager
()
if
sm
.
getUser
().
getId
()
!=
SUPER_USER
:
newSecurityManager
(
self
,
self
.
getUser
(
SUPER_USER
))
try
:
now
=
DateTime
()
token_document
=
self
.
portal_catalog
.
getResultValue
(
portal_type
=
self
.
token_portal_type
,
reference
=
token
,
query
=
SimpleQuery
(
comparison_operator
=
'<='
,
expiration_date
=
now
),
validation_state
=
'validated'
)
if
token_document
is
not
None
:
if
token_document
.
getReference
()
==
token
and
\
token_document
.
getExpirationDate
()
<=
now
and
\
token_document
.
getValidationState
()
==
'validated'
and
\
token_document
.
getDestinationReference
()
is
not
None
:
creds
[
'external_login'
]
=
\
token_document
.
getDestinationReference
()
finally
:
setSecurityManager
(
sm
)
if
'external_login'
in
creds
:
creds
[
'external_login'
]
=
token
creds
[
'remote_host'
]
=
request
.
get
(
'REMOTE_HOST'
,
''
)
try
:
creds
[
'remote_address'
]
=
request
.
getClientAddr
()
except
AttributeError
:
creds
[
'remote_address'
]
=
request
.
get
(
'REMOTE_ADDR'
,
''
)
return
creds
if
token
is
None
:
# 2nd - try to fetch from Form-Encoded Body Parameter
# Not implemented as not required and enforced with high
# security considerations
pass
if
token
is
None
:
# 3rd - try to fetch from URI Query Parameter
# Not implemented as considered as unsecure.
pass
if
token
is
not
None
:
sm
=
getSecurityManager
()
if
sm
.
getUser
().
getId
()
!=
SUPER_USER
:
newSecurityManager
(
self
,
self
.
getUser
(
SUPER_USER
))
try
:
now
=
DateTime
()
token_document
=
self
.
portal_catalog
.
getResultValue
(
portal_type
=
self
.
token_portal_type
,
reference
=
token
,
query
=
SimpleQuery
(
comparison_operator
=
'<='
,
expiration_date
=
now
),
validation_state
=
'validated'
)
if
token_document
is
not
None
:
if
token_document
.
getReference
()
==
token
and
\
token_document
.
getExpirationDate
()
<=
now
and
\
token_document
.
getValidationState
()
==
'validated'
and
\
token_document
.
getDestinationReference
()
is
not
None
:
creds
[
'external_login'
]
=
\
token_document
.
getDestinationReference
()
finally
:
setSecurityManager
(
sm
)
if
'external_login'
in
creds
:
creds
[
'remote_host'
]
=
request
.
get
(
'REMOTE_HOST'
,
''
)
try
:
creds
[
'remote_address'
]
=
request
.
getClientAddr
()
except
AttributeError
:
creds
[
'remote_address'
]
=
request
.
get
(
'REMOTE_ADDR'
,
''
)
return
creds
# fallback to default way
# fallback to default way
return
DumbHTTPExtractor
().
extractCredentials
(
request
)
return
DumbHTTPExtractor
().
extractCredentials
(
request
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment