diff --git a/setup.py b/setup.py index 9df16e1f..dc3a882d 100644 --- a/setup.py +++ b/setup.py @@ -59,7 +59,8 @@ def _package_doc(name): 'Products.PluggableAuthService'), }, license='ZPL 2.1 (http://www.zope.org/Resources/License/ZPL-2.1)', - packages=find_packages(), + packages=find_packages('src'), + package_dir={'': 'src'}, include_package_data=True, namespace_packages=['Products'], zip_safe=False, diff --git a/src/Products/PluggableAuthService/Extensions/basic_auth.py b/src/Products/PluggableAuthService/Extensions/basic_auth.py index 89719e50..b9aaa747 100644 --- a/src/Products/PluggableAuthService/Extensions/basic_auth.py +++ b/src/Products/PluggableAuthService/Extensions/basic_auth.py @@ -16,7 +16,6 @@ def extraction(self, request): - """ Fetch HTTP Basic Auth credentials from the request. """ creds = request._authUserPW() @@ -30,7 +29,6 @@ def extraction(self, request): def authentication(self, credentials): - """ Authenticate against nested acl_users. """ real_user_folder = self.simple_uf.acl_users @@ -44,7 +42,6 @@ def authentication(self, credentials): def authorize(self, user): - """ Fetch user roles from nested acl_users. """ real_user_folder = self.simple_uf.acl_users diff --git a/src/Products/PluggableAuthService/PluggableAuthService.py b/src/Products/PluggableAuthService/PluggableAuthService.py index f572fd3d..ccd91605 100644 --- a/src/Products/PluggableAuthService/PluggableAuthService.py +++ b/src/Products/PluggableAuthService/PluggableAuthService.py @@ -113,7 +113,6 @@ class DumbHTTPExtractor(Implicit): @security.private def extractCredentials(self, request): - """ Pull HTTP credentials out of the request. """ creds = {} @@ -146,7 +145,6 @@ class EmergencyUserAuthenticator(Implicit): @security.private def authenticateCredentials(self, credentials): - """ Check credentials against the emergency user. """ if isinstance(credentials, dict): @@ -195,7 +193,7 @@ class PluggableAuthService(Folder, Cacheable): dict(id='title', type='string', mode='w', label='Title'), dict(id='login_transform', type='string', mode='w', label='Transform to apply to login name'), - ) + ) def getId(self): @@ -206,7 +204,6 @@ def getId(self): # @security.protected(ManageUsers) def getUser(self, name): - """ See IUserFolder. """ plugins = self._getOb('plugins') @@ -221,7 +218,6 @@ def getUser(self, name): @security.protected(ManageUsers) def getUserById(self, id, default=None): - """ See IUserFolder. """ plugins = self._getOb('plugins') @@ -235,7 +231,6 @@ def getUserById(self, id, default=None): @security.public def validate(self, request, auth='', roles=_noroles): - """ See IUserFolder. """ plugins = self._getOb('plugins') @@ -511,7 +506,6 @@ def _getBatchLink(self, qs, old_start, new_start): # @security.private def _isNotCompetent(self, request, plugins): - """ return true when this user folder should not try authentication. Never called for top level user folder. @@ -535,7 +529,6 @@ def _isNotCompetent(self, request, plugins): @security.private def _extractUserIds(self, request, plugins): - """ request -> [validated_user_id] o For each set of extracted credentials, try to authenticate @@ -585,7 +578,7 @@ def _extractUserIds(self, request, plugins): # First try to authenticate against the emergency # user and return immediately if authenticated user_id, name = self._tryEmergencyUserAuthentication( - credentials) + credentials) if user_id is not None: return [(user_id, name)] @@ -616,7 +609,7 @@ def _extractUserIds(self, request, plugins): except _SWALLOWABLE_PLUGIN_EXCEPTIONS: reraise(auth) msg = 'AuthenticationPlugin %s error' % ( - authenticator_id,) + authenticator_id,) logger.debug(msg, exc_info=True) continue @@ -631,7 +624,7 @@ def _extractUserIds(self, request, plugins): # Emergency user via HTTP basic auth always wins user_id, name = self._tryEmergencyUserAuthentication( - DumbHTTPExtractor().extractCredentials(request)) + DumbHTTPExtractor().extractCredentials(request)) if user_id is not None: return [(user_id, name)] @@ -640,7 +633,6 @@ def _extractUserIds(self, request, plugins): @security.private def _tryEmergencyUserAuthentication(self, credentials): - """ credentials -> emergency_user or None """ try: @@ -677,7 +669,6 @@ def _getGroupsForPrincipal(self, principal, request=None, plugins=None, @security.private def _createAnonymousUser(self, plugins): - """ Allow IAnonymousUserFactoryPlugins to create or fall back. """ factories = plugins.listPlugins(IAnonymousUserFactoryPlugin) @@ -693,7 +684,6 @@ def _createAnonymousUser(self, plugins): @security.private def _createUser(self, plugins, user_id, name): - """ Allow IUserFactoryPlugins to create, or fall back to default. """ name = self.applyTransform(name) @@ -710,7 +700,6 @@ def _createUser(self, plugins, user_id, name): @security.private def _findUser(self, plugins, user_id, name=None, request=None): - """ user_id -> decorated_user """ if user_id == self._emergency_user.getUserName(): @@ -807,7 +796,6 @@ def _verifyUser(self, plugins, user_id=None, login=None): @security.private def _authorizeUser(self, user, accessed, container, name, value, roles=_noroles): - """ -> boolean (whether user has roles). o Add the user to the SM's stack, if successful. @@ -837,7 +825,6 @@ def _authorizeUser(self, user, accessed, container, name, value, @security.private def _isTop(self): - """ Are we the user folder in the root object? """ try: @@ -850,7 +837,6 @@ def _isTop(self): @security.private def _getObjectContext(self, v, request): - """ request -> (a, c, n, v) o 'a 'is the object the object was accessed through diff --git a/src/Products/PluggableAuthService/PropertiedUser.py b/src/Products/PluggableAuthService/PropertiedUser.py index 4e61b281..fda9b628 100644 --- a/src/Products/PluggableAuthService/PropertiedUser.py +++ b/src/Products/PluggableAuthService/PropertiedUser.py @@ -29,6 +29,7 @@ class PropertiedUser(BasicUser): """ User objects which manage propertysheets, obtained from decorators. """ + def __init__(self, id, login=None): self._id = id @@ -46,19 +47,16 @@ def __init__(self, id, login=None): # BasicUser's public interface # def getId(self): - """ -> user ID """ return self._id def getUserName(self): - """ -> login name """ return self._login def getRoles(self): - """ -> [role] o Include only "global" roles. @@ -73,7 +71,6 @@ def getGroups(self): return list(self._groups.keys()) def getDomains(self): - """ -> [domain] o The list represents the only domains from which the user is @@ -82,7 +79,6 @@ def getDomains(self): return () def getRolesInContext(self, object): - """ Return the list of roles assigned to the user. o Include local roles assigned in context of the passed-in object. @@ -102,7 +98,7 @@ def getRolesInContext(self, object): local = {} object = aq_inner(object) - while 1: + while True: local_roles = getattr(object, '__ac_local_roles__', None) @@ -136,7 +132,6 @@ def getRolesInContext(self, object): return list(self.getRoles()) + list(local.keys()) def allowed(self, object, object_roles=None): - """ Check whether the user has access to object. o The user must have one of the roles in object_roles to allow access. @@ -189,7 +184,7 @@ def allowed(self, object, object_roles=None): principal_ids = list(group_ids) principal_ids.insert(0, user_id) - while 1: + while True: local_roles = getattr(inner_obj, '__ac_local_roles__', None) @@ -234,7 +229,6 @@ def allowed(self, object, object_roles=None): # Interfaces to allow user folder plugins to annotate the user. # def _addGroups(self, groups=()): - """ Extend our set of groups. o Don't complain about duplicates. @@ -243,7 +237,6 @@ def _addGroups(self, groups=()): self._groups[group] = 1 def _addRoles(self, roles=()): - """ Extend our set of roles. o Don't complain about duplicates. @@ -255,13 +248,11 @@ def _addRoles(self, roles=()): # Propertysheet management # def listPropertysheets(self): - """ -> [propertysheet_id] """ return list(self._propertysheets.keys()) def getPropertysheet(self, id): - """ id -> sheet o Raise KeyError if no such seet exists. @@ -271,7 +262,6 @@ def getPropertysheet(self, id): __getitem__ = getPropertysheet def addPropertysheet(self, id, data): - """ Add a new propertysheet. o Raise KeyError if a sheet of the given ID already exists. diff --git a/src/Products/PluggableAuthService/UserPropertySheet.py b/src/Products/PluggableAuthService/UserPropertySheet.py index 21a8f67d..077c0a50 100644 --- a/src/Products/PluggableAuthService/UserPropertySheet.py +++ b/src/Products/PluggableAuthService/UserPropertySheet.py @@ -112,25 +112,21 @@ def __init__(self, id, schema=None, **kw): # IPropertySheet implementation # def getId(self): - """ See IPropertySheet. """ return self._id def hasProperty(self, id): - """ See IPropertySheet. """ return id in self.propertyIds() def getProperty(self, id, default=None): - """ See IPropertySheet. """ return self._properties.get(id, default) def getPropertyType(self, id): - """ See IPropertySheet. """ found = [x[1] for x in self._schema if x[0] == id] @@ -138,7 +134,6 @@ def getPropertyType(self, id): return found and found[0] or None def propertyInfo(self, id): - """ See IPropertySheet. """ for schema_id, ptype in self._schema: @@ -149,7 +144,6 @@ def propertyInfo(self, id): return None def propertyMap(self): - """ See IPropertySheet. """ result = [] @@ -160,13 +154,11 @@ def propertyMap(self): return tuple(result) def propertyIds(self): - """ See IPropertySheet. """ return [x[0] for x in self._schema] def propertyValues(self): - """ See IPropertySheet. """ return [self._properties.get(x) for x in self.propertyIds()] diff --git a/src/Products/PluggableAuthService/__init__.py b/src/Products/PluggableAuthService/__init__.py index bcace401..b660704c 100644 --- a/src/Products/PluggableAuthService/__init__.py +++ b/src/Products/PluggableAuthService/__init__.py @@ -108,7 +108,7 @@ def initialize(context): context.registerClass(PluggableAuthService.PluggableAuthService, permission=ManageUsers, constructors=( - PluggableAuthService.addPluggableAuthService,), + PluggableAuthService.addPluggableAuthService,), icon='www/PluggableAuthService.png') context.registerClass(HBAH.HTTPBasicAuthHelper, @@ -145,47 +145,47 @@ def initialize(context): context.registerClass(ScriptablePlugin.ScriptablePlugin, permission=ManageUsers, constructors=( - ScriptablePlugin.manage_addScriptablePluginForm, - ScriptablePlugin.addScriptablePlugin), + ScriptablePlugin.manage_addScriptablePluginForm, + ScriptablePlugin.addScriptablePlugin), visibility=None, icon='plugins/www/ScriptablePlugin.png') context.registerClass(ZODBGroupManager.ZODBGroupManager, permission=ManageGroups, constructors=( - ZODBGroupManager.manage_addZODBGroupManagerForm, - ZODBGroupManager.addZODBGroupManager), + ZODBGroupManager.manage_addZODBGroupManagerForm, + ZODBGroupManager.addZODBGroupManager), visibility=None, icon='plugins/www/ZODBGroupManager.gif') context.registerClass(ZODBUserManager.ZODBUserManager, permission=ManageUsers, constructors=( - ZODBUserManager.manage_addZODBUserManagerForm, - ZODBUserManager.addZODBUserManager), + ZODBUserManager.manage_addZODBUserManagerForm, + ZODBUserManager.addZODBUserManager), visibility=None, icon='plugins/www/ZODBUserManager.gif') context.registerClass(ZODBRoleManager.ZODBRoleManager, permission=ManageUsers, constructors=( - ZODBRoleManager.manage_addZODBRoleManagerForm, - ZODBRoleManager.addZODBRoleManager), + ZODBRoleManager.manage_addZODBRoleManagerForm, + ZODBRoleManager.addZODBRoleManager), visibility=None, icon='plugins/www/ZODBRoleManager.gif') context.registerClass(LocalRolePlugin.LocalRolePlugin, permission=ManageUsers, constructors=( - LocalRolePlugin.manage_addLocalRolePluginForm, - LocalRolePlugin.addLocalRolePlugin), + LocalRolePlugin.manage_addLocalRolePluginForm, + LocalRolePlugin.addLocalRolePlugin), visibility=None, icon='plugins/www/ZODBRoleManager.gif') context.registerClass(DMP.DelegatingMultiPlugin, permission=ManageUsers, constructors=( - DMP.manage_addDelegatingMultiPluginForm, - DMP.manage_addDelegatingMultiPlugin), + DMP.manage_addDelegatingMultiPluginForm, + DMP.manage_addDelegatingMultiPlugin), visibility=None, icon='plugins/www/DelegatingMultiPlugin.png') @@ -197,8 +197,8 @@ def initialize(context): context.registerClass(RGP.RecursiveGroupsPlugin, permission=ManageUsers, constructors=( - RGP.manage_addRecursiveGroupsPluginForm, - RGP.addRecursiveGroupsPlugin), + RGP.manage_addRecursiveGroupsPluginForm, + RGP.addRecursiveGroupsPlugin), visibility=None, icon='plugins/www/RecursiveGroupsPlugin.png') @@ -210,8 +210,8 @@ def initialize(context): context.registerClass(CPC.ChallengeProtocolChooser, permission=ManageUsers, constructors=( - CPC.manage_addChallengeProtocolChooserForm, - CPC.addChallengeProtocolChooserPlugin), + CPC.manage_addChallengeProtocolChooserForm, + CPC.addChallengeProtocolChooserPlugin), visibility=None, icon='plugins/www/DelegatingMultiPlugin.png') @@ -229,8 +229,8 @@ def initialize(context): context.registerClass(PluggableAuthService.PluggableAuthService, meta_type='Configured PAS', permission=ManageUsers, constructors=( - PluggableAuthService.addConfiguredPASForm, - PluggableAuthService.addConfiguredPAS), + PluggableAuthService.addConfiguredPASForm, + PluggableAuthService.addConfiguredPAS), icon='www/PluggableAuthService.png') try: diff --git a/src/Products/PluggableAuthService/events.py b/src/Products/PluggableAuthService/events.py index 8942e183..81c0fe0b 100644 --- a/src/Products/PluggableAuthService/events.py +++ b/src/Products/PluggableAuthService/events.py @@ -95,10 +95,10 @@ def __init__(self, principal, properties): def userCredentialsUpdatedHandler(principal, event): pas = aq_parent(principal) pas.updateCredentials( - pas.REQUEST, - pas.REQUEST.RESPONSE, - principal.getId(), - event.password) + pas.REQUEST, + pas.REQUEST.RESPONSE, + principal.getId(), + event.password) @adapter(IPASEvent) diff --git a/src/Products/PluggableAuthService/interfaces/authservice.py b/src/Products/PluggableAuthService/interfaces/authservice.py index ac6f71a4..b67e3390 100644 --- a/src/Products/PluggableAuthService/interfaces/authservice.py +++ b/src/Products/PluggableAuthService/interfaces/authservice.py @@ -26,7 +26,6 @@ class IBasicUser(Interface): """ def getId(): - """ Get the ID of the user. o The ID can be used, at least from Python, to get the user from @@ -34,7 +33,6 @@ def getId(): """ def getUserName(): - """ Return the name used by the user to log into the system. o Note that this may not be identical to the user's 'getId' @@ -43,12 +41,10 @@ def getUserName(): """ def getRoles(): - """ Return the roles assigned to a user "globally". """ def getRolesInContext(object): - """ Return the roles assigned to the user in context of 'object'. o Roles include both global roles (ones assigned to the user @@ -57,7 +53,6 @@ def getRolesInContext(object): """ def getDomains(): - """ Return the list of domain restrictions for a user. """ @@ -70,14 +65,12 @@ class IPropertiedUser(IBasicUser): """ def addPropertysheet(id, data): - """ Add a new property sheet to the user. The property sheet has to be a map or an IPropertySheet instance. """ def listPropertysheets(): - """ Return a sequence of property sheet ids o for each id in the list getPropertysheet(id) @@ -85,7 +78,6 @@ def listPropertysheets(): """ def getPropertysheet(id): - """ Return a property sheet for the given id o the returned object implements IPropertySheet @@ -109,19 +101,16 @@ class IUserFolder(Interface): """ def getUser(name): - """ Return the named user object or None. """ def getUserById(id, default=None): - """ Return the user corresponding to the given id. o If no such user can be found, return 'default'. """ def validate(request, auth='', roles=_noroles): - """ Perform identification, authentication, and authorization. o Return an IUser-conformant user object, or None if we can't @@ -142,7 +131,6 @@ class IPluggableAuthService(IUserFolder): """ def searchUsers(**kw): - """ Search for users. Returns a sequence of dicts, each dict representing a user matching the query, with the keys 'userid','id', 'login', 'title', and 'principal_type', @@ -250,17 +238,14 @@ class IMutableUserFolder(Interface): """ def userFolderAddUser(name, password, roles, domains, **kw): - """ Create a new user object. """ def userFolderEditUser(name, password, roles, domains, **kw): - """ Change user object attributes. """ def userFolderDelUsers(names): - """ Delete one or more user objects. """ @@ -271,11 +256,9 @@ class IEnumerableUserFolder(IUserFolder): """ def getUserNames(): - """ Return a list of usernames. """ def getUsers(): - """ Return a list of user objects. """ diff --git a/src/Products/PluggableAuthService/interfaces/plugins.py b/src/Products/PluggableAuthService/interfaces/plugins.py index 1bd38b13..02e5fd9b 100644 --- a/src/Products/PluggableAuthService/interfaces/plugins.py +++ b/src/Products/PluggableAuthService/interfaces/plugins.py @@ -23,7 +23,6 @@ class IExtractionPlugin(Interface): """ def extractCredentials(request): - """ request -> {...} o Return a mapping of any derived credentials. @@ -39,7 +38,6 @@ class ILoginPasswordExtractionPlugin(IExtractionPlugin): """ def extractCredentials(request): - """ request -> {'login': login, 'password': password, k1: v1, ... , kN: vN} | empty dict @@ -57,7 +55,6 @@ class ILoginPasswordHostExtractionPlugin(ILoginPasswordExtractionPlugin): """ def extractCredentials(request): - """ request -> { 'login' : login , 'password' : password , 'remote_host' : remote_host @@ -82,7 +79,6 @@ class IAuthenticationPlugin(Interface): """ def authenticateCredentials(credentials): - """ credentials -> (userid, login) o 'credentials' will be a mapping, as returned by IExtractionPlugin. @@ -108,7 +104,6 @@ class IChallengePlugin(Interface): """ def challenge(request, response): - """ Assert via the response that credentials will be gathered. Takes a REQUEST object and a RESPONSE object. @@ -136,7 +131,6 @@ class ICredentialsUpdatePlugin(Interface): """ def updateCredentials(request, response, login, new_password): - """ Scribble as appropriate. """ @@ -147,7 +141,6 @@ class ICredentialsResetPlugin(Interface): """ def resetCredentials(request, response): - """ Scribble as appropriate. """ @@ -158,7 +151,6 @@ class IUserAdderPlugin(Interface): """ def doAddUser(login, password): - """ Add a user record to a User Manager, with the given login and password. It is up to the implementation to determine if the login is used as user id as well. @@ -173,14 +165,12 @@ class IRoleAssignerPlugin(Interface): """ def doAssignRoleToPrincipal(principal_id, role): - """ Create a principal/role association in a Role Manager o Return a Boolean indicating whether the role was assigned or not """ def doRemoveRoleFromPrincipal(principal_id, role): - """ Remove a principal/role association from a Role Manager o Return a Boolean indicating whether the role was removed or not @@ -193,7 +183,6 @@ class IUserFactoryPlugin(Interface): """ def createUser(user_id, name): - """ Return a user, if possible. o Return None to allow another plugin, or the default, to fire. @@ -206,7 +195,6 @@ class IAnonymousUserFactoryPlugin(Interface): """ def createAnonymousUser(): - """ Return an anonymous user, if possible. o Return None to allow another plugin, or the default, to fire. @@ -219,7 +207,6 @@ class IPropertiesPlugin(Interface): """ def getPropertiesForUser(user, request=None): - """ user -> empty dict o User will implement IPropertiedUser. @@ -241,7 +228,6 @@ class IGroupsPlugin(Interface): """ def getGroupsForPrincipal(principal, request=None): - """ principal -> (group_1, ... group_N) o Return a sequence of group names to which the principal @@ -257,7 +243,6 @@ class IRolesPlugin(Interface): """ def getRolesForPrincipal(principal, request=None): - """ principal -> (role_1, ... role_N) o Return a sequence of role names which the principal has. @@ -272,7 +257,6 @@ class IUpdatePlugin(Interface): """ def updateUserInfo(user, set_id, set_info): - """ Update backing store for 'set_id' using 'set_info'. """ @@ -287,7 +271,6 @@ class IValidationPlugin(Interface): """ def validateUserInfo(user, set_id, set_info): - """ -> (error_info_1, ... error_info_N) o Returned values are dictionaries, containing at least keys: @@ -308,7 +291,6 @@ class IUserEnumerationPlugin(Interface): def enumerateUsers(id=None, login=None, exact_match=False, sort_by=None, max_results=None, **kw): - """ -> (user_info_1, ... user_info_N) o Return mappings for users matching the given criteria. @@ -382,7 +364,6 @@ class IGroupEnumerationPlugin(Interface): def enumerateGroups(id=None, exact_match=False, sort_by=None, max_results=None, **kw): - """ -> (group_info_1, ... group_info_N) o Return mappings for groups matching the given criteria. @@ -430,7 +411,6 @@ class IRoleEnumerationPlugin(Interface): """ def enumerateRoles(id=None, exact_match=False, sort_by=None, max_results=None, **kw): - """ -> (role_info_1, ... role_info_N) o Return mappings for roles matching the given criteria. @@ -515,6 +495,5 @@ class INotCompetentPlugin(Interface): """ def isNotCompetentToAuthenticate(request): - """return true if this user folder should not authenticate *request*. """ diff --git a/src/Products/PluggableAuthService/interfaces/propertysheets.py b/src/Products/PluggableAuthService/interfaces/propertysheets.py index a83080b1..b7c9fac3 100644 --- a/src/Products/PluggableAuthService/interfaces/propertysheets.py +++ b/src/Products/PluggableAuthService/interfaces/propertysheets.py @@ -28,31 +28,26 @@ class IPropertySheet(Interface): """ def getId(): - """ Identify the sheet within a collection. """ def hasProperty(id): - """ Does the sheet have a property corresponding to 'id'? """ def getProperty(id, default=None): - """ Return the value of the property corresponding to 'id'. o If no such property exists within the sheet, return 'default'. """ def getPropertyType(id): - """ Return the string identifying the type of property, 'id'. o If no such property exists within the sheet, return None. """ def propertyInfo(id): - """ Return a mapping describing property, 'id'. o Keys must include: @@ -65,21 +60,17 @@ def propertyInfo(id): """ def propertyMap(): - """ Return a tuple of 'propertyInfo' mappings, one per property. """ def propertyIds(): - """ Return a sequence of the IDs of the sheet's properties. """ def propertyValues(): - """ Return a sequence of the values of the sheet's properties. """ def propertyItems(): - """ Return a sequence of (id, value) tuples, one per property. """ diff --git a/src/Products/PluggableAuthService/plugins/BasePlugin.py b/src/Products/PluggableAuthService/plugins/BasePlugin.py index 7f5587aa..f4628d1b 100644 --- a/src/Products/PluggableAuthService/plugins/BasePlugin.py +++ b/src/Products/PluggableAuthService/plugins/BasePlugin.py @@ -85,7 +85,7 @@ def manage_activateInterfaces(self, interfaces, RESPONSE=None): for iface_name in interfaces: active_interfaces.append(plugins._getInterfaceFromName( - iface_name)) + iface_name)) pt = plugins._plugin_types id = self.getId() diff --git a/src/Products/PluggableAuthService/plugins/DelegatingMultiPlugin.py b/src/Products/PluggableAuthService/plugins/DelegatingMultiPlugin.py index 16724640..a3eb6959 100644 --- a/src/Products/PluggableAuthService/plugins/DelegatingMultiPlugin.py +++ b/src/Products/PluggableAuthService/plugins/DelegatingMultiPlugin.py @@ -202,7 +202,7 @@ def enumerateUsers(self, id=None, login=None, exact_match=0, sort_by=None, if max_results is not None: try: max_results = int(max_results) - result = result[:max_results+1] + result = result[:max_results + 1] except ValueError: pass diff --git a/src/Products/PluggableAuthService/plugins/DynamicGroupsPlugin.py b/src/Products/PluggableAuthService/plugins/DynamicGroupsPlugin.py index c5dc5a97..96442b7d 100644 --- a/src/Products/PluggableAuthService/plugins/DynamicGroupsPlugin.py +++ b/src/Products/PluggableAuthService/plugins/DynamicGroupsPlugin.py @@ -46,11 +46,10 @@ class IDynamicGroupsPlugin(Interface): manage_addDynamicGroupsPluginForm = PageTemplateFile( - 'www/dgpAdd', globals(), __name__='manage_addDynamicGroupsPluginForm') + 'www/dgpAdd', globals(), __name__='manage_addDynamicGroupsPluginForm') def addDynamicGroupsPlugin(dispatcher, id, title='', RESPONSE=None): - """ Add a DGP to 'dispatcher'. """ dgp = DynamicGroupsPlugin(id, title) @@ -87,7 +86,6 @@ def __init__(self, id, predicate, title, description, active): self.active = bool(active) def __call__(self, principal, request=None): - """ Evaluate our expression to determine whether 'principal' belongs. """ predicate = self._getPredicate() @@ -97,11 +95,11 @@ def __call__(self, principal, request=None): for k, v in self.propertyItems(): properties[k] = v - data = getEngine().getContext({'request': request, - 'nothing': None, - 'principal': principal, - 'group': properties, - 'plugin': plugin}) + data = getEngine().getContext({'request': request, + 'nothing': None, + 'principal': principal, + 'group': properties, + 'plugin': plugin}) result = predicate(data) @@ -176,7 +174,6 @@ def __init__(self, id, title=''): # @security.protected(ManageGroups) def getGroupsForPrincipal(self, principal, request=None): - """ See IGroupsPlugin. """ grps = [] @@ -225,7 +222,7 @@ def enumerateGroups(self, id=None, exact_match=False, sort_by=None, if g_info is not None: url = '/%s/%s/manage_propertiesForm' % ( - self.absolute_url(1), group_id) + self.absolute_url(1), group_id) info = {} info.update(self.getGroupInfo(group_id)) @@ -249,14 +246,12 @@ def enumerateGroups(self, id=None, exact_match=False, sort_by=None, # @security.protected(ManageGroups) def listGroupIds(self): - """ Return a list of IDs for the dynamic groups we manage. """ return self.objectIds(DynamicGroupDefinition.meta_type) @security.protected(ManageGroups) def getGroupInfo(self, group_id, raise_keyerror=True): - """ Return a mappings describing one dynamic group we manage. o If 'raise_keyerror' is True, raise KeyError if we don't have an @@ -297,7 +292,6 @@ def getGroupInfo(self, group_id, raise_keyerror=True): @security.protected(ManageGroups) def listGroupInfo(self): - """ Return a list of mappings describing the dynamic groups we manage. o Keys include: @@ -313,7 +307,6 @@ def listGroupInfo(self): @security.private def addGroup(self, group_id, predicate, title='', description='', active=True): - """ Add a group definition. o Raise KeyError if we have an existing group definition @@ -336,7 +329,6 @@ def addGroup(self, group_id, predicate, title='', description='', @security.private def updateGroup(self, group_id, predicate, title=None, description=None, active=None): - """ Update a group definition. o Raise KeyError if we don't have an existing group definition @@ -368,7 +360,6 @@ def updateGroup(self, group_id, predicate, title=None, description=None, @security.private def removeGroup(self, group_id): - """ Remove a group definition. o Raise KeyError if we don't have an existing group definition diff --git a/src/Products/PluggableAuthService/plugins/HTTPBasicAuthHelper.py b/src/Products/PluggableAuthService/plugins/HTTPBasicAuthHelper.py index 76b10f9e..069d10be 100644 --- a/src/Products/PluggableAuthService/plugins/HTTPBasicAuthHelper.py +++ b/src/Products/PluggableAuthService/plugins/HTTPBasicAuthHelper.py @@ -36,7 +36,6 @@ class IHTTPBasicAuthHelper(Interface): def addHTTPBasicAuthHelper(dispatcher, id, title=None, REQUEST=None): - """ Add a HTTP Basic Auth Helper to a Pluggable Auth Service. """ sp = HTTPBasicAuthHelper(id, title) @@ -64,7 +63,6 @@ def __init__(self, id, title=None): @security.private def extractCredentials(self, request): - """ Extract basic auth credentials from 'request'. """ creds = {} @@ -86,7 +84,6 @@ def extractCredentials(self, request): @security.private def challenge(self, request, response, **kw): - """ Challenge the user for credentials. """ realm = response.realm @@ -101,7 +98,6 @@ def challenge(self, request, response, **kw): @security.private def resetCredentials(self, request, response): - """ Raise unauthorized to tell browser to clear credentials. """ # ???: Does this need to check whether we have an HTTP response? diff --git a/src/Products/PluggableAuthService/plugins/LocalRolePlugin.py b/src/Products/PluggableAuthService/plugins/LocalRolePlugin.py index d0251b8e..49dc636b 100644 --- a/src/Products/PluggableAuthService/plugins/LocalRolePlugin.py +++ b/src/Products/PluggableAuthService/plugins/LocalRolePlugin.py @@ -64,7 +64,6 @@ def __init__(self, id, title=None): # @security.private def getRolesForPrincipal(self, principal, request=None): - """ See IRolesPlugin. """ local_roles = getattr(self.getPhysicalRoot(), diff --git a/src/Products/PluggableAuthService/plugins/NotCompetentHelper.py b/src/Products/PluggableAuthService/plugins/NotCompetentHelper.py index b97a9c95..d237c364 100644 --- a/src/Products/PluggableAuthService/plugins/NotCompetentHelper.py +++ b/src/Products/PluggableAuthService/plugins/NotCompetentHelper.py @@ -42,6 +42,7 @@ class HigherLevelUserFolderAccessMixin(object): requires to be mixed with a `BasePlugin`. """ + def _generateHigherLevelUserFolders(self): folder = aq_parent(aq_inner(self._getPAS())) while True: diff --git a/src/Products/PluggableAuthService/plugins/ZODBGroupManager.py b/src/Products/PluggableAuthService/plugins/ZODBGroupManager.py index 25121595..85e5df00 100644 --- a/src/Products/PluggableAuthService/plugins/ZODBGroupManager.py +++ b/src/Products/PluggableAuthService/plugins/ZODBGroupManager.py @@ -80,7 +80,6 @@ def __init__(self, id, title=None): @security.private def enumerateGroups(self, id=None, title=None, exact_match=False, sort_by=None, max_results=None, **kw): - """ See IGroupEnumerationPlugin. """ group_info = [] @@ -133,7 +132,6 @@ def enumerateGroups(self, id=None, title=None, exact_match=False, # @security.private def getGroupsForPrincipal(self, principal, request=None): - """ See IGroupsPlugin. """ unadorned = self._principal_groups.get(principal.getId(), ()) @@ -144,14 +142,12 @@ def getGroupsForPrincipal(self, principal, request=None): # @security.protected(ManageGroups) def listGroupIds(self): - """ -> (group_id_1, ... group_id_n) """ return self._groups.keys() @security.protected(ManageGroups) def listGroupInfo(self): - """ -> (dict, ...dict) o Return one mapping per group, with the following keys: @@ -162,14 +158,12 @@ def listGroupInfo(self): @security.protected(ManageGroups) def getGroupInfo(self, group_id): - """ group_id -> dict """ return self._groups[group_id] @security.private def addGroup(self, group_id, title=None, description=None): - """ Add 'group_id' to the list of groups managed by this object. o Raise KeyError on duplicate. @@ -183,7 +177,6 @@ def addGroup(self, group_id, title=None, description=None): @security.private def updateGroup(self, group_id, title=None, description=None): - """ Update properties for 'group_id' o Raise KeyError if group_id doesn't already exist. @@ -196,7 +189,6 @@ def updateGroup(self, group_id, title=None, description=None): @security.private def removeGroup(self, group_id): - """ Remove 'role_id' from the list of roles managed by this object, removing assigned members from it before doing so. @@ -211,7 +203,6 @@ def removeGroup(self, group_id): # @security.protected(ManageGroups) def listAvailablePrincipals(self, group_id, search_id): - """ Return a list of principal IDs to that can belong to the group. o If supplied, 'search_id' constrains the principal IDs; if not, @@ -238,7 +229,6 @@ def listAvailablePrincipals(self, group_id, search_id): @security.protected(ManageGroups) def listAssignedPrincipals(self, group_id): - """ Return a list of principal IDs belonging to a group. """ result = [] @@ -258,7 +248,6 @@ def listAssignedPrincipals(self, group_id): @security.private def addPrincipalToGroup(self, principal_id, group_id): - """ Add a principal to a group. o Return a boolean indicating whether a new assignment was created. @@ -281,7 +270,6 @@ def addPrincipalToGroup(self, principal_id, group_id): @security.private def removePrincipalFromGroup(self, principal_id, group_id): - """ Remove a prinicpal from from a group. o Return a boolean indicating whether the principal was already diff --git a/src/Products/PluggableAuthService/plugins/ZODBRoleManager.py b/src/Products/PluggableAuthService/plugins/ZODBRoleManager.py index 4c49bbe7..e0aa1eaf 100644 --- a/src/Products/PluggableAuthService/plugins/ZODBRoleManager.py +++ b/src/Products/PluggableAuthService/plugins/ZODBRoleManager.py @@ -99,7 +99,6 @@ def manage_afterAdd(self, item, container): # @security.private def getRolesForPrincipal(self, principal, request=None): - """ See IRolesPlugin. """ result = list(self._principal_roles.get(principal.getId(), ())) @@ -115,7 +114,6 @@ def getRolesForPrincipal(self, principal, request=None): # def enumerateRoles(self, id=None, exact_match=False, sort_by=None, max_results=None, **kw): - """ See IRoleEnumerationPlugin. """ role_info = [] @@ -170,28 +168,24 @@ def doRemoveRoleFromPrincipal(self, principal_id, role): # @security.protected(ManageUsers) def listRoleIds(self): - """ Return a list of the role IDs managed by this object. """ return self._roles.keys() @security.protected(ManageUsers) def listRoleInfo(self): - """ Return a list of the role mappings. """ return self._roles.values() @security.protected(ManageUsers) def getRoleInfo(self, role_id): - """ Return a role mapping. """ return self._roles[role_id] @security.private def addRole(self, role_id, title='', description=''): - """ Add 'role_id' to the list of roles managed by this object. o Raise KeyError on duplicate. @@ -204,7 +198,6 @@ def addRole(self, role_id, title='', description=''): @security.private def updateRole(self, role_id, title, description): - """ Update title and description for the role. o Raise KeyError if not found. @@ -214,7 +207,6 @@ def updateRole(self, role_id, title, description): @security.private def removeRole(self, role_id, REQUEST=None): - """ Remove 'role_id' from the list of roles managed by this object. o Raise KeyError if not found. @@ -233,7 +225,6 @@ def removeRole(self, role_id, REQUEST=None): # @security.protected(ManageUsers) def listAvailablePrincipals(self, role_id, search_id): - """ Return a list of principal IDs to whom a role can be assigned. o If supplied, 'search_id' constrains the principal IDs; if not, @@ -261,7 +252,6 @@ def listAvailablePrincipals(self, role_id, search_id): @security.protected(ManageUsers) def listAssignedPrincipals(self, role_id): - """ Return a list of principal IDs to whom a role is assigned. """ result = [] @@ -290,7 +280,6 @@ def listAssignedPrincipals(self, role_id): @security.private def assignRoleToPrincipal(self, role_id, principal_id): - """ Assign a role to a principal (user or group). o Return a boolean indicating whether a new assignment was created. @@ -312,7 +301,6 @@ def assignRoleToPrincipal(self, role_id, principal_id): @security.private def removeRoleFromPrincipal(self, role_id, principal_id): - """ Remove a role from a principal (user or group). o Return a boolean indicating whether the role was already present. diff --git a/src/Products/PluggableAuthService/plugins/ZODBUserManager.py b/src/Products/PluggableAuthService/plugins/ZODBUserManager.py index 65ff736a..ba1c9c97 100644 --- a/src/Products/PluggableAuthService/plugins/ZODBUserManager.py +++ b/src/Products/PluggableAuthService/plugins/ZODBUserManager.py @@ -94,7 +94,6 @@ def __init__(self, id, title=None): # @security.private def authenticateCredentials(self, credentials): - """ See IAuthenticationPlugin. o We expect the credentials to be those returned by @@ -147,7 +146,6 @@ def authenticateCredentials(self, credentials): @security.private def enumerateUsers(self, id=None, login=None, exact_match=False, sort_by=None, max_results=None, **kw): - """ See IUserEnumerationPlugin. """ user_info = [] @@ -237,14 +235,12 @@ def doAddUser(self, login, password): # @security.protected(ManageUsers) def listUserIds(self): - """ -> (user_id_1, ... user_id_n) """ return self._user_passwords.keys() @security.protected(ManageUsers) def getUserInfo(self, user_id): - """ user_id -> dict """ return {'user_id': user_id, @@ -253,7 +249,6 @@ def getUserInfo(self, user_id): @security.protected(ManageUsers) def listUserInfo(self): - """ -> (dict, ...dict) o Return one mapping per user, with the following keys: @@ -265,7 +260,6 @@ def listUserInfo(self): @security.protected(ManageUsers) def getUserIdForLogin(self, login_name): - """ login_name -> user_id o Raise KeyError if no user exists for the login name. @@ -274,7 +268,6 @@ def getUserIdForLogin(self, login_name): @security.protected(ManageUsers) def getLoginForUserId(self, user_id): - """ user_id -> login_name o Raise KeyError if no user exists for that ID. @@ -519,7 +512,6 @@ def manage_removeUsers(self, user_ids, RESPONSE=None, REQUEST=None): # @security.protected(SetOwnPassword) def getOwnUserInfo(self): - """ Return current user's info. """ user_id = getSecurityManager().getUser().getId() @@ -529,9 +521,9 @@ def getOwnUserInfo(self): security.declareProtected(SetOwnPassword, # NOQA: D001 'manage_updatePasswordForm') manage_updatePasswordForm = PageTemplateFile( - 'www/zuPasswd', - globals(), - __name__='manage_updatePasswordForm') + 'www/zuPasswd', + globals(), + __name__='manage_updatePasswordForm') @security.protected(SetOwnPassword) @csrf_only diff --git a/src/Products/PluggableAuthService/plugins/exportimport.py b/src/Products/PluggableAuthService/plugins/exportimport.py index 89f452e8..30b0f79e 100644 --- a/src/Products/PluggableAuthService/plugins/exportimport.py +++ b/src/Products/PluggableAuthService/plugins/exportimport.py @@ -418,6 +418,7 @@ def _getExportInfo(self): class ScriptablePluginExportImport(FolderishExporterImporter): """ Export / import the Scriptable type plugin. """ + def export(self, export_context, subdir, root=False): """ See IFilesystemExporter. """ @@ -432,6 +433,7 @@ def import_(self, import_context, subdir, root=False): class PythonScriptFileAdapter(DAVAwareFileAdapter): """File-ish for PythonScript. """ + def _getFileName(self): """ Return the name under which our file data is stored. """ diff --git a/src/Products/PluggableAuthService/plugins/tests/test_ZODBGroupManager.py b/src/Products/PluggableAuthService/plugins/tests/test_ZODBGroupManager.py index 66126f6f..7b1897c2 100644 --- a/src/Products/PluggableAuthService/plugins/tests/test_ZODBGroupManager.py +++ b/src/Products/PluggableAuthService/plugins/tests/test_ZODBGroupManager.py @@ -395,4 +395,4 @@ def test_manage_removeGroup_POST_permissions(self): def test_suite(): return unittest.TestSuite(( unittest.makeSuite(ZODBGroupManagerTests), - )) + )) diff --git a/src/Products/PluggableAuthService/plugins/tests/test_ZODBRoleManager.py b/src/Products/PluggableAuthService/plugins/tests/test_ZODBRoleManager.py index 929d4135..8bc6f0bb 100644 --- a/src/Products/PluggableAuthService/plugins/tests/test_ZODBRoleManager.py +++ b/src/Products/PluggableAuthService/plugins/tests/test_ZODBRoleManager.py @@ -568,4 +568,4 @@ def test_manage_removeRoles_POST_permissions(self): def test_suite(): return unittest.TestSuite(( unittest.makeSuite(ZODBRoleManagerTests), - )) + )) diff --git a/src/Products/PluggableAuthService/plugins/tests/test_ZODBUserManager.py b/src/Products/PluggableAuthService/plugins/tests/test_ZODBUserManager.py index 72253025..75169f67 100644 --- a/src/Products/PluggableAuthService/plugins/tests/test_ZODBUserManager.py +++ b/src/Products/PluggableAuthService/plugins/tests/test_ZODBUserManager.py @@ -136,8 +136,8 @@ def test_authenticateCredentials_valid_creds(self): zum.addUser('userid', 'userid@example.com', 'password') user_id, login = zum.authenticateCredentials( - {'login': 'userid@example.com', - 'password': 'password'}) + {'login': 'userid@example.com', + 'password': 'password'}) self.assertEqual(user_id, 'userid') self.assertEqual(login, 'userid@example.com') @@ -380,15 +380,15 @@ def test_authenticateWithOldPasswords(self): zum.addUser('new_user', 'new_user@example.com', 'new_password') user_id, login = zum.authenticateCredentials( - {'login': 'old_user@example.com', - 'password': 'old_password'}) + {'login': 'old_user@example.com', + 'password': 'old_password'}) self.assertEqual(user_id, 'old_user') self.assertEqual(login, 'old_user@example.com') user_id, login = zum.authenticateCredentials( - {'login': 'new_user@example.com', - 'password': 'new_password'}) + {'login': 'new_user@example.com', + 'password': 'new_password'}) self.assertEqual(user_id, 'new_user') self.assertEqual(login, 'new_user@example.com') diff --git a/src/Products/PluggableAuthService/plugins/tests/test_exportimport.py b/src/Products/PluggableAuthService/plugins/tests/test_exportimport.py index d9e9c076..2f5c52ec 100644 --- a/src/Products/PluggableAuthService/plugins/tests/test_exportimport.py +++ b/src/Products/PluggableAuthService/plugins/tests/test_exportimport.py @@ -579,7 +579,7 @@ def test_import_no_title(self): ctx = DummyImportContext(plugin) ctx._files['plugins/no_title.xml'] = _COOKIE_AUTH_TEMPLATE_NO_TITLE % ( - COOKIE_NAME, LOGIN_PATH) + COOKIE_NAME, LOGIN_PATH) adapter.import_(ctx, 'plugins', False) self.assertEqual(plugin.title, None) @@ -682,8 +682,8 @@ def test_export_with_map(self): self.assertEqual(filename, 'plugins/with_map.xml') self._compareDOM(text.decode('UTF-8'), _FILLED_DOMAIN_AUTH % ( - TITLE, USER_ID, DOMAIN, 'equals', - ','.join(ROLES), USER_ID)) + TITLE, USER_ID, DOMAIN, 'equals', + ','.join(ROLES), USER_ID)) self.assertEqual(content_type, 'text/xml') def test_import_empty(self): @@ -697,7 +697,7 @@ def test_import_empty(self): context = DummyImportContext(plugin) context._files['plugins/empty.xml'] = _FILLED_DOMAIN_AUTH % ( - TITLE, USER_ID, DOMAIN, 'equals', ','.join(ROLES), USER_ID) + TITLE, USER_ID, DOMAIN, 'equals', ','.join(ROLES), USER_ID) self.assertEqual(plugin.title, '') adapter.import_(context, 'plugins', False) @@ -955,7 +955,7 @@ def test_import_with_title(self): context = DummyImportContext(plugin) context._files['plugins/with_title.xml'] = _DELEGATE_PATH_TEMPLATE % ( - TITLE, DELEGATE_PATH) + TITLE, DELEGATE_PATH) adapter.import_(context, 'plugins', False) self.assertEqual(plugin.title, TITLE) diff --git a/src/Products/PluggableAuthService/tests/test_PluggableAuthService.py b/src/Products/PluggableAuthService/tests/test_PluggableAuthService.py index a947d714..7ccca49f 100644 --- a/src/Products/PluggableAuthService/tests/test_PluggableAuthService.py +++ b/src/Products/PluggableAuthService/tests/test_PluggableAuthService.py @@ -1935,7 +1935,7 @@ def test_validate_simple_authenticated(self): directlyProvides(olivier, IUserEnumerationPlugin, IRolesPlugin) olivier.enumerateUsers = lambda id: id == 'foo' or None olivier.getRolesForPrincipal = lambda user, req: ( - user.getId() == 'olivier' and ('Hamlet',) or ()) + user.getId() == 'olivier' and ('Hamlet',) or ()) zcuf._setObject('olivier', olivier) @@ -1985,7 +1985,7 @@ def test_validate_simple_authenticated_transform(self): directlyProvides(olivier, IUserEnumerationPlugin, IRolesPlugin) olivier.enumerateUsers = lambda id: id == 'foo' or None olivier.getRolesForPrincipal = lambda user, req: ( - user.getId() == 'olivier' and ('Hamlet',) or ()) + user.getId() == 'olivier' and ('Hamlet',) or ()) zcuf._setObject('olivier', olivier) @@ -2079,7 +2079,7 @@ def _setup_for_authentication(self): directlyProvides(olivier, IUserEnumerationPlugin, IRolesPlugin) olivier.enumerateUsers = lambda id: id == 'foo' or None olivier.getRolesForPrincipal = lambda user, req: ( - user.getId() == 'olivier' and ('Hamlet',) or ()) + user.getId() == 'olivier' and ('Hamlet',) or ()) zcuf._setObject('olivier', olivier) diff --git a/src/Products/PluggableAuthService/tests/test_UserFolder.py b/src/Products/PluggableAuthService/tests/test_UserFolder.py index 769ae5e1..64a595d8 100644 --- a/src/Products/PluggableAuthService/tests/test_UserFolder.py +++ b/src/Products/PluggableAuthService/tests/test_UserFolder.py @@ -234,7 +234,7 @@ def test__doAddUser_with_not_yet_encrypted_passwords(self): self.uf._doAddUser(USER_ID, PASSWORD, [], []) uid_and_info = self.uf.users.authenticateCredentials( - {'login': USER_ID, 'password': PASSWORD}) + {'login': USER_ID, 'password': PASSWORD}) self.assertEqual(uid_and_info, (USER_ID, USER_ID)) @@ -250,7 +250,7 @@ def test__doAddUser_with_preencrypted_passwords(self): self.uf._doAddUser(USER_ID, ENCRYPTED, [], []) uid_and_info = self.uf.users.authenticateCredentials( - {'login': USER_ID, 'password': PASSWORD}) + {'login': USER_ID, 'password': PASSWORD}) self.assertEqual(uid_and_info, (USER_ID, USER_ID)) diff --git a/src/Products/PluggableAuthService/tests/test_utils.py b/src/Products/PluggableAuthService/tests/test_utils.py index 7ce9e438..538ac156 100644 --- a/src/Products/PluggableAuthService/tests/test_utils.py +++ b/src/Products/PluggableAuthService/tests/test_utils.py @@ -279,8 +279,7 @@ def _createHashedValue(items): from hashlib import sha1 as sha hasher = sha() - items = list(items) - items.sort() + items = sorted(items) for k, v in items: if isinstance(k, six.text_type): k = k.encode('utf-8')