1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
# -*- coding: utf-8 -*-
##############################################################################
#
# Copyright (c) 2012 Nexedi SA and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly advised to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
##############################################################################
from zLOG import LOG, WARNING
from Products.ERP5Type.Globals import InitializeClass
from AccessControl import ClassSecurityInfo
from Products.PageTemplates.PageTemplateFile import PageTemplateFile
from Products.PluggableAuthService.interfaces import plugins
from Products.PluggableAuthService.utils import classImplements
from Products.PluggableAuthService.plugins.BasePlugin import BasePlugin
from .utils import getHostFromRequest
class ERP5CacheCookieCredentialExtractionPlugin(BasePlugin):
"""
Extracts credentials from a ram cache, based on a cookie value received
from request.
"""
security = ClassSecurityInfo()
meta_type = 'ERP5 Cache Cookie Credential Extraction Plugin'
_properties=(
{'id': 'cookie_id', 'type': 'string', 'mode': 'w'},
{'id': 'cache_factory_id', 'type': 'string', 'mode': 'w'},
{'id': 'cache_scope', 'type': 'string', 'mode': 'w'},
)
def __init__(self, id, cookie_id, cache_factory_id, title=None,
cache_scope=None):
self._setId(id)
self.title = title
self.cookie_id = cookie_id
self.cache_factory_id = cache_factory_id
self.cache_scope = cache_scope
security.declarePrivate('extractCredentials')
def extractCredentials(self, request):
try:
cookie = request.cookies[self.cookie_id]
except KeyError:
pass
else:
portal_caches = self.getPortalObject().portal_caches
try:
# TODO: When portal_cache allows accessing factories from persistent
# objects, catch AttributeError instead of KeyError and replace the
# following line with this:
#cache_factory = getattr(portal_caches, self.cache_factory_id)
# XXX: getRamCacheRoot is misnamed: its return value contains all kinds
# of caches, actually.
cache_factory = portal_caches.getRamCacheRoot()[self.cache_factory_id]
except KeyError:
LOG(self.id, WARNING, 'Cache factory not found: %r' % (
self.cache_factory_id, ))
else:
for cache_plugin in cache_factory.getCachePluginList():
cache_entry = cache_plugin.get(cookie, self.cache_scope or
self.cookie_id, None)
if cache_entry is not None:
entry_value = cache_entry.getValue()
try:
login = entry_value['login']
except KeyError:
pass
else:
remote_host, remote_address = getHostFromRequest(request)
return {
'external_login': login,
'remote_host': remote_host,
'remote_address': remote_address,
}
return {}
classImplements(ERP5CacheCookieCredentialExtractionPlugin,
plugins.IExtractionPlugin,
)
InitializeClass(ERP5CacheCookieCredentialExtractionPlugin)
manage_addERP5CacheCookieCredentialExtractionPluginForm = PageTemplateFile(
'www/ERP5Security_addERP5CacheCookieCredentialExtractionPlugin', globals(),
__name__='manage_addERP5CacheCookieCredentialExtractionPluginForm')
def addERP5CacheCookieCredentialExtractionPlugin(dispatcher, id, cookie_id,
cache_scope, cache_factory_id, title=None, REQUEST=None):
""" bla bla, mandatory docstring """
if not cookie_id:
raise ValueError('cookie_id is mandatory')
if not cache_factory_id:
raise ValueError('cache_factory_id is mandatory')
plugin = ERP5CacheCookieCredentialExtractionPlugin(
id=id,
title=title,
cookie_id=cookie_id,
cache_scope=cache_scope,
cache_factory_id=cache_factory_id,
)
dispatcher._setObject(plugin.getId(), plugin)
if REQUEST is not None:
REQUEST['RESPONSE'].redirect(
dispatcher.absolute_url() + '/manage_workspace?manage_tabs_message='
'Add+ERP5+Cache+Cookie+Credential+Extraction+Plugin+added.',
)