Changeset 6

Timestamp:

11/24/06 16:13:08 (2 years ago)

Author:

pacopablo

Message:

• Begin migration to 0.11

Location:

trac_plugins/pacopablodbauth

Files:

• 0.10/dbauth/admin.py (deleted)
• 0.10/dbauth/htdocs (deleted)
• trunk (copied) (copied from trac_plugins/pacopablodbauth/0.10)
• trunk/dbauth/__init__.py (modified) (1 diff)
• trunk/dbauth/auth.py (modified) (11 diffs)
• trunk/dbauth/web_ui.py (added)
• trunk/setup.py (modified) (2 diffs)

trac_plugins/pacopablodbauth/trunk/dbauth/__init__.py

@@ -1 +1 @@
 from auth import *
-from admin import *
+from web_ui import *

trac_plugins/pacopablodbauth/trunk/dbauth/auth.py

@@ -17 +17 @@
 import re
 import time
+import random
+from time import time
+from crypt import crypt
+from string import ascii_letters, digits
 
 from trac.core import *
@@ -28 +32 @@
 from acct_mgr.web_ui import if_enabled
 
-__all__ = ['PostgresDbAuth', 'LoginModule']
+__all__ = ['PostgresDbAuth']
+
+SALT_VALS = ''.join(['.', '/', ascii_letters, digits])
 
 SQL_USERS = """SELECT u.uname 
@@ -67 +73 @@
 
 
-class PostgresDbAuth(Component):
+class PacopabloPasswordStore(Component):
     """Manages user accounts stored in the Casa de Pacopablo database
 
@@ -73 +79 @@
     {{{
     [account-manager]
-    password_format = pacopablodb
+    password_store = PacopabloPasswordStore
     }}}
     """
@@ -79 +85 @@
     implements(IPasswordStore)
 
+    domain = Option('account-manager', 'auth_domain', '',
+        """Domain for which auth covers.""")
+
     def config_key(self):
-        return 'pacopablodb'
+        """ Deprecated """
+        pass
 
     def get_users(self):
@@ -86 +96 @@
         global SQL_USERS
         cnx = self.env.get_db_cnx()
-        domain = self.env.config.get('acct_mgr', 'password_domain', 'pacopablo.com')
+       
+        domain = self.domain or '' 
         cur = cnx.cursor()
         cur.execute(SQL_USERS, [domain])
@@ -95 +106 @@
     def has_user(self, user):
         """ Returns whether or not the specified user exists """
+        if self._has_user(user):
+            return True
+        return False
+
+    def _has_user(self, user):
+        """Return the uid and password of the user if they exist"""
         global SQL_USER_EXISTS
         cnx = self.env.get_db_cnx()
-        domain = self.env.config.get('acct_mgr', 'password_domain', 'pacopablo.com')
+        domain = selfdomain or ''
         cur = cnx.cursor()
         cur.execute(SQL_USER_EXISTS, [user, domain])
         exists = cur.fetchone()
         cnx.close()
-        return (exists and True) or False
+        return (exists and exists[0]) or False
+
+    def _get_uid(self, user):
+        """Returns the uid for the given user, or a new UID if the user 
+        doesn't exist"""
+        return self._has_user(user)
+
+    def _get_next_uid(self):
+        """Returns the next availiable UID"""
+        cnx = self.env.get_db_cnx()
+        domain = selfdomain or ''
+        cur = cnx.cursor()
+        cur.execute(SQL_GET_NEXT_UID)
+        uid = cur.fetchone()
+        cnx.close()
+        return uid and int(uid[0]) or None
 
     def set_password(self, user, password):
@@ -116 +148 @@
         newacct = False
         cnx = self.env.get_db_cnx()
-        domain = self.env.config.get('acct_mgr', 'password_domain', 'pacopablo.com')
-        cur = cnx.cursor()
-        cur.execute(SQL_USER_EXISTS, [user, domain])
-        exists = cur.fetchone()
-        if exists:
-            uid = exists[0]
-        else:
-            cur.execute(SQL_GET_NEXT_UID)
-            uid = cur.fetchone()[0]
+        domain = self.domain or ''
+        uid = self._get_uid(user)
+        cur = cnx.cursor()
         try:
-            if exists:
+            if uid:
                 cur.execute(SQL_UPDATE_PASSWD, [password, uid])
             else:
+                uid = self._get_next_uid()
                 cur.execute(SQL_ADD_USER, [uid, user, password])
                 cur.execute(SQL_ADD_USER_MEMBERSHIP, [uid, domain])
@@ -138 +165 @@
         cnx.close()
         return newacct
+
+    def _cryptpw(self, passwd, salt=None):
+        """Use crypt(2) to encrypt the password"""
+        global SALT_VALS
+        if not salt:
+            random.seed(time())
+            salt1 = SALT_VALS[random.randint(1,64) - 1]
+            salt2 = SALT_VALS[random.randint(1,64) - 1]
+            salt = salt1 + salt2
+        return crypt(passwd, salt)
+
     
     def check_password(self, user, password):
         """Checks if the password is valid for the user."""
-        global SQL_USER_EXISTS
-        cnx = self.env.get_db_cnx()
-        domain = self.env.config.get('acct_mgr', 'password_domain', 'pacopablo.com')
-        cur = cnx.cursor()
-        cur.execute(SQL_USER_EXISTS, [user, domain])
-        row = cur.fetchone()
+        domain = self.domain or ''
+        uinfo = self._has_user(user)
         valid = False
-        if row:
-            uid, dbpass = row
-            valid = dbpass == password
-        cnx.close()
+        if uinfo:
+            uid = uinfo[0]
+            dbpass = uinfo[1]
+            valid = dbpass == self._cryptpw(password, dbpass)
         return valid
     
@@ -163 +197 @@
         
         cnx = self.env.get_db_cnx()
-        domain = self.env.config.get('acct_mgr', 'password_domain', 'pacopablo.com')
-        cur = cnx.cursor()
-        cur.execute(SQL_USER_EXISTS, [user, domain])
-        uid = cur.fetchone()[0]
+        domain = self.domain or ''
+        uinfo = self._has_user(user)
+        cur = cnx.cursor()
         try:
-            cur.execute(SQL_DELETE_USER, [uid])
-            cur.execute(SQL_DELETE_MEMBERSHIP, [uid])
-            cnx.commit()
-            self.log.info('Delete account for %s' % str(user))
+            if uinfo:
+                uid = uinfo[0]
+                cur.execute(SQL_DELETE_USER, [uid])
+                cur.execute(SQL_DELETE_MEMBERSHIP, [uid])
+                cnx.commit()
+                self.log.info('Delete account for %s' % str(user))
+            else:
+                raise TracError, "Unable to delete non-existant account: %s" % user
         except:
             self.log.debug('Error encountered while deleting user %s' % str(user))
@@ -180 +217 @@
         return True
 
-def get_schema(obj):
-    """Return the schema name of the trac environment
-    
-    """
-    db = obj.env.get_db_cnx()
-    schema = db.schema
-    db.close()
-    del db
-    return schema
-
-class LoginModule(Component):
-    """Implements user authentication based on a central database
-
-    """
-
-    implements(IAuthenticator, INavigationContributor, IRequestHandler)
-
-    check_ip = BoolOption('trac', 'check_auth_ip', 'true',
-         """Whether the IP address of the user should be checked for
-         authentication (''since 0.9'').""")
-
-    ignore_case = BoolOption('trac', 'ignore_auth_case', 'false',
-        """Whether case should be ignored for login names (''since 0.9'').""")
-
-    auth_schema = Option('account-manager', 'auth_schema', '',
-        """PostgreSQL schema in which the auth_cookie table resides.""")
-
-    # IAuthenticator methods
-
-    def authenticate(self, req):
-        if req.method == 'POST' and req.path_info.startswith('/login'):
-            req.environ['REMOTE_USER'] = self._remote_user(req)
-        authname = None
-        if req.remote_user:
-            authname = req.remote_user
-        elif req.incookie.has_key('trac_auth'):
-            authname = self._get_name_for_cookie(req, req.incookie['trac_auth'])
-
-        if not authname:
-            return None
-
-        if self.ignore_case:
-            authname = authname.lower()
-
-        return authname
-    authenticate = if_enabled(authenticate)
-
-    # INavigationContributor methods
-
-    def get_active_navigation_item(self, req):
-        return 'login'
-
-    def get_navigation_items(self, req):
-        if req.authname and req.authname != 'anonymous':
-            yield ('metanav', 'login', 'logged in as %s' % req.authname)
-            yield ('metanav', 'logout',
-                   Markup('<a href="%s">Logout</a>' 
-                          % escape(self.env.href.logout())))
-        else:
-            yield ('metanav', 'login',
-                   Markup('<a href="%s">Login</a>' 
-                          % escape(self.env.href.login())))
-
-    # IRequestHandler methods
-
-    def match_request(self, req):
-        return re.match('/(login|logout)/?', req.path_info)
-    match_request = if_enabled(match_request)
-
-    def process_request(self, req):
-        self.log.debug('path_info: %s' % str(req.path_info))
-        self.log.debug('authname: %s' % str(req.authname))
-        if req.path_info.startswith('/login') and req.authname == 'anonymous':
-            req.hdf['referer'] = self._referer(req)
-            if req.method == 'POST':
-                req.hdf['login.error'] = 'Invalid username or password'
-            return 'login.cs', None
-        if req.path_info.startswith('/login'):
-            self._do_login(req)
-        elif req.path_info.startswith('/logout'):
-            self._do_logout(req)
-        self._redirect_back(req)
-
-    # Protect against module contention
-    def enabled(self):
-        # Users should disable the built-in authentication to use this one
-        return not self.env.is_component_enabled(auth.LoginModule)
-    enabled = property(enabled)
-
-    # Internal methods
-
-    def _remote_user(self, req):
-        user = req.args.get('user')
-        if AccountManager(self.env).check_password(user,
-                req.args.get('password')):
-            return user
-        return None
-
-    def _do_login(self, req):
-        if not req.remote_user:
-            req.redirect(self.env.abs_href())
-        assert req.remote_user, 'Authentication information not available.'
-
-        remote_user = req.remote_user
-        if self.ignore_case:
-            remote_user = remote_user.lower()
-
-        assert req.authname in ('anonymous', remote_user), \
-               'Already logged in as %s.' % req.authname
-
-        cookie = hex_entropy()
-        db = self.env.get_db_cnx()
-        cursor = db.cursor()
-#        auth_schema = self.env.config.get('acct_mgr', 'auth_schema', db.schema)
-        sql = "INSERT INTO %s.auth_cookie (cookie,name,ipnr,time)" % \
-              self.auth_schema or db.schema
-        cursor.execute(sql +  " VALUES (%s, %s, %s, %s)", (cookie, remote_user,
-                       req.remote_addr, int(time.time())))
-        db.commit()
-
-        req.authname = remote_user
-        req.outcookie['trac_auth'] = cookie
-        req.outcookie['trac_auth']['path'] = '/'
-        domain = self.env.config.get('acct_mgr', 'password_domain', 'pacopablo.com')
-        req.outcookie['trac_auth']['domain'] = ''.join(['.', domain])
-
-    def _do_logout(self, req):
-        """Log the user out.
-
-        Simply deletes the corresponding record from the auth_cookie table.
-        """
-        if req.authname == 'anonymous':
-            # Not logged in
-            return
-
-        # While deleting this cookie we also take the opportunity to delete
-        # cookies older than 10 days
-        db = self.env.get_db_cnx()
-        cursor = db.cursor()
-#        auth_schema = self.env.config.get('acct_mgr', 'auth_schema', db.schema)
-        sql = "DELETE FROM %s.auth_cookie " % self.auth_schema or db.schema
-        cursor.execute(sql + " WHERE name=%s OR time < %s",
-                       (req.authname, int(time.time()) - 86400 * 10))
-        db.commit()
-        self._expire_cookie(req)
-
-    def _expire_cookie(self, req):
-        """Instruct the user agent to drop the auth cookie by setting the
-        "expires" property to a date in the past.
-        """
-        req.outcookie['trac_auth'] = ''
-        req.outcookie['trac_auth']['path'] = self.env.href()
-        req.outcookie['trac_auth']['expires'] = -10000
-
-    def _get_name_for_cookie(self, req, cookie):
-        db = self.env.get_db_cnx()
-        cursor = db.cursor()
-#        auth_schema = self.env.config.get('acct_mgr', 'auth_schema', db.schema)
-        sql = "SELECT name FROM %s.auth_cookie " % self.auth_schema or db.schema
-        if self.check_ip:
-            self.log.debug('cooke.value: %s' % str(cookie.value))
-            self.log.debug('req.remote_addr: %s' % str(req.remote_addr))
-            self.log.debug('sql: %s' % str(sql))
-            cursor.execute(sql + " WHERE cookie=%s AND ipnr=%s",
-                           (cookie.value, req.remote_addr))
-        else:
-            cursor.execute(sql + " WHERE cookie=%s", (cookie.value,))
-        row = cursor.fetchone()
-        if not row:
-            # The cookie is invalid (or has been purged from the database), so
-            # tell the user agent to drop it as it is invalid
-            self._expire_cookie(req)
-            return None
-
-        return row[0]
-
-    def _redirect_back(self, req):
-        """Redirect the user back to the URL she came from."""
-        referer = self._referer(req)
-        if referer and not referer.startswith(req.base_url):
-            # don't redirect to external sites
-            referer = None
-        req.redirect(referer or self.env.abs_href())
-
-    def _referer(self, req):
-        return req.args.get('referer') or req.get_header('Referer')
-
-
-
-
-

trac_plugins/pacopablodbauth/trunk/setup.py

@@ -4 +4 @@
 
 PACKAGE = 'PacopabloDbAuth'
-VERSION = '0.1'
+VERSION = '0.11'
 
 setup(  name=PACKAGE, version=VERSION,
@@ -15 +15 @@
         package_dir = { 'PacopabloDbAuth' : 'dbauth' },
         packages = ['PacopabloDbAuth'],
-        package_data = { 'PacopabloDbAuth' : ['templates/*.cs', ]},
+        package_data = { 'PacopabloDbAuth' : ['templates/*.html', ]},
         entry_points = {'trac.plugins': ['PacopabloDbAuth = PacopabloDbAuth']},
-        install_requires = ['TracAccountManager', 'TracWebAdmin']
+        install_requires = ['TracAccountManager']
 )