Skip to content
Browse files

enable pylons controller to use repoze.who for authentication

  • Loading branch information...
1 parent 137ce4b commit 457489c11668b351be91e398c599464885ea6765 richard-jones committed Jan 24, 2012
Showing with 51 additions and 18 deletions.
  1. +8 −7 sss/core.py
  2. +43 −11 sss/pylons_sword_controller.py
View
15 sss/core.py
@@ -139,6 +139,9 @@ def __init__(self, config):
def basic_authenticate(self, username, password, obo):
raise NotImplementedError()
+
+ def repoze_who_authenticate(self, identity, obo):
+ raise NotImplementedError()
class EntryDocument(object):
@@ -557,17 +560,15 @@ def _generate_error_document(self, msg, verbose_description):
return etree.tostring(entry, pretty_print=True)
class AuthException(Exception):
- def __init__(self, authentication_failed=False, target_owner_unknown=False):
+ def __init__(self, authentication_failed=False, target_owner_unknown=False, msg=None):
self.authentication_failed = authentication_failed
self.target_owner_unknown = target_owner_unknown
+ self.msg = msg
class Auth(object):
- def __init__(self, by=None, obo=None):
- self.by = by
- self.obo = obo
-
- def success(self):
- return self.by is not None and not self.target_owner_unknown
+ def __init__(self, username=None, on_behalf_of=None):
+ self.username = username
+ self.on_behalf_of = on_behalf_of
class SWORDRequest(object):
"""
View
54 sss/pylons_sword_controller.py
@@ -42,7 +42,39 @@ def __call__(self, environ, start_response):
# Generically useful methods
############################
+ def authenticate(self):
+ # first check to see if there's a repoze.who auth
+ identity = request.environ.get("repoze.who.identity")
+ if identity is not None:
+ # we have authenticated with repoze.who already
+ return self.repoze_who_authenticate()
+ else:
+ # try and do HTTP basic
+ return self.http_basic_authenticate()
+
+ def repoze_who_authenticate(self):
+ ssslog.debug("Authentication handled by repoze.who")
+
+ # get the auth details
+ identity = request.environ.get("repoze.who.identity")
+ obo = request.environ.get(HEADER_MAP[HttpHeaders.on_behalf_of])
+
+ ssslog.info("Authentication details: " + str(identity["repoze.who.userid"]) + "; On Behalf Of: " + str(obo))
+
+ authenticator = Authenticator(config)
+ try:
+ auth = authenticator.repoze_who_authenticate(identity, obo)
+ except AuthException as e:
+ if e.authentication_failed:
+ raise SwordError(status=401, empty=True)
+ elif e.target_owner_unknown:
+ raise SwordError(error_uri=Errors.target_owner_unknown, msg="unknown user " + str(obo) + " as on behalf of user")
+
+ return auth
+
def http_basic_authenticate(self):
+ ssslog.debug("Attempting HTTP Basic Authentication")
+
# extract the appropriate HTTP headers
auth_header = request.environ.get('HTTP_AUTHORIZATION')
obo = request.environ.get(HEADER_MAP[HttpHeaders.on_behalf_of])
@@ -360,7 +392,7 @@ def _GET_service_document(self, path=None):
# authenticate
try:
- auth = self.http_basic_authenticate()
+ auth = self.authenticate()
except SwordError as e:
return self.manage_error(e)
@@ -382,7 +414,7 @@ def _GET_collection(self, path=None):
# authenticate
try:
- auth = self.http_basic_authenticate()
+ auth = self.authenticate()
except SwordError as e:
return self.manage_error(e)
@@ -404,7 +436,7 @@ def _POST_collection(self, path=None):
try:
# authenticate
- auth = self.http_basic_authenticate()
+ auth = self.authenticate()
# check the validity of the request
self.validate_deposit_request("6.3.3", "6.3.1", "6.3.2")
@@ -502,7 +534,7 @@ def _PUT_media_resource(self, path=None):
# authenticate
try:
- auth = self.http_basic_authenticate()
+ auth = self.authenticate()
# check the validity of the request (note that multipart requests
# and atom-only are not permitted in this method)
@@ -542,7 +574,7 @@ def _POST_media_resource(self, path=None):
# authenticate
try:
- auth = self.http_basic_authenticate()
+ auth = self.authenticate()
# check the validity of the request
self.validate_deposit_request(None, "6.7.1", None, allow_multipart=False)
@@ -586,7 +618,7 @@ def _DELETE_media_resource(self, path=None):
# authenticate
try:
- auth = self.http_basic_authenticate()
+ auth = self.authenticate()
# check the validity of the request
self.validate_delete_request("6.6")
@@ -620,7 +652,7 @@ def _GET_container(self, path=None):
# authenticate
try:
- auth = self.http_basic_authenticate()
+ auth = self.authenticate()
ss = SwordServer(config, auth)
@@ -666,7 +698,7 @@ def _PUT_container(self, path=None):
try:
# authenticate
- auth = self.http_basic_authenticate()
+ auth = self.authenticate()
# check the validity of the request
self.validate_deposit_request("6.5.2", None, "6.5.3")
@@ -712,7 +744,7 @@ def _POST_container(self, path=None):
try:
# authenticate
- auth = self.http_basic_authenticate()
+ auth = self.authenticate()
# check the validity of the request
self.validate_deposit_request("6.7.2", None, "6.7.3", "9.3", allow_empty=True)
@@ -758,7 +790,7 @@ def _DELETE_container(self, path=None):
raise SwordError(error_uri=Errors.method_not_allowed, msg="Delete operations not currently permitted")
# authenticate
- auth = self.http_basic_authenticate()
+ auth = self.authenticate()
# check the validity of the request
self.validate_delete_request("6.8")
@@ -784,7 +816,7 @@ def _GET_statement(self, path=None):
try:
# authenticate
- auth = self.http_basic_authenticate()
+ auth = self.authenticate()
ss = SwordServer(config, auth)

0 comments on commit 457489c

Please sign in to comment.
Something went wrong with that request. Please try again.