1 From daniel_clark@us.ibm.com Wed Feb 6 04:27:15 2002
2 X-Sieve: cmu-sieve 2.0
3 Return-Path: <roundup-devel-admin@lists.sourceforge.net>
4 Received: (from uucp@localhost)
5 by crown.off.ekorp.com (8.9.3/8.9.3) id RAA12435
6 for rjones@ekit-inc.com; Tue, 5 Feb 2002 17:30:24 GMT
7 Received: from usw-sf-fw2.sourceforge.net(216.136.171.252), claiming to be "usw-sf-list1.sourceforge.net"
8 via SMTP by mx3.ekorp.com, id smtpdAAALJaWqy; Tue Feb 5 17:30:22 2002
9 Received: from localhost ([127.0.0.1] helo=usw-sf-list1.sourceforge.net)
10 by usw-sf-list1.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian))
11 id 16Y9Q6-0002kj-00; Tue, 05 Feb 2002 09:30:14 -0800
12 Received: from lotus2.lotus.com ([129.42.241.42])
13 by usw-sf-list1.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian))
14 id 16Y9Ps-0002ee-00
15 for <roundup-devel@lists.sourceforge.net>; Tue, 05 Feb 2002 09:30:00 -0800
16 Received: from internet2.lotus.com (internet2 [172.16.131.236])
17 by lotus2.lotus.com (8.12.1/8.12.1) with ESMTP id g15HUnTQ013140
18 for <roundup-devel@lists.sourceforge.net>; Tue, 5 Feb 2002 12:30:54 -0500 (EST)
19 Received: from a3mail.lotus.com (a3mail.lotus.com [9.95.5.66])
20 by internet2.lotus.com (8.12.1/8.12.1) with ESMTP id g15HTHS0005917
21 for <roundup-devel@lists.sourceforge.net>; Tue, 5 Feb 2002 12:29:17 -0500 (EST)
22 To: roundup-devel@lists.sourceforge.net
23 X-Mailer: Lotus Notes Release 5.0.8 June 18, 2001
24 Message-ID: <OF2C7B87C4.DF1574A8-ON85256B56.0060B9A2@lotus.com>
25 From: "Daniel Clark/CAM/Lotus" <daniel_clark@us.ibm.com>
26 X-MIMETrack: Serialize by Router on A3MAIL/CAM/H/Lotus(Build V5010_01222002 |January 22, 2002) at
27 02/05/2002 12:25:48 PM
28 MIME-Version: 1.0
29 Content-type: text/plain;
30 charset=iso-8859-1
31 Content-transfer-encoding: quoted-printable
32 Subject: [Roundup-devel] Alternative authentication for roundup
33 Sender: roundup-devel-admin@lists.sourceforge.net
34 Errors-To: roundup-devel-admin@lists.sourceforge.net
35 X-BeenThere: roundup-devel@lists.sourceforge.net
36 X-Mailman-Version: 2.0.5
37 Precedence: bulk
38 List-Help: <mailto:roundup-devel-request@lists.sourceforge.net?subject=help>
39 List-Post: <mailto:roundup-devel@lists.sourceforge.net>
40 List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/roundup-devel>,
41 <mailto:roundup-devel-request@lists.sourceforge.net?subject=subscribe>
42 List-Id: <roundup-devel.lists.sourceforge.net>
43 List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/roundup-devel>,
44 <mailto:roundup-devel-request@lists.sourceforge.net?subject=unsubscribe>
45 List-Archive: <http://www.geocrawler.com/redir-sf.php3?list=roundup-devel>
46 X-Original-Date: Tue, 5 Feb 2002 12:27:15 -0500
47 Date: Tue, 5 Feb 2002 12:27:15 -0500
48 Status: R
49 X-Status: N
51 I'm trying to get roundup to work with an alternative method of
52 authentication (due to a corporate requirement of using a common intran=
53 et
54 password). I've created an "altauth" module to abstract the details of =
55 the
56 authentication. Since the hyperdb usernames and passwords seem to be
57 referenced in a lot of places in the code, I am just creating hyperdb
58 entries for the users if they exist and enter their correct passwords
59 against the alternate authentication source. For the most part this eff=
60 ects
61 the login_action function in cgi_client.py. I've completed some changes=
63 that make this work for the web interface, but as I am new to roundup a=
64 nd
65 relatively new to python I thought I'd post the changes for review. If
66 others would find this functionality useful I would be happy if these
67 changes (probably reworked) could make it into future releases.
69 The main things I think I still need to do are add equivalent changes t=
70 o
71 mailgw.py and handle messages from the alternative authentication sourc=
72 e
73 better.
75 --- cgi_client.py Tue Feb 5 21:56:30 2002
76 +++ cgi_client.py-altauth Tue Feb 5 21:56:30 2002
77 @@ -27,6 +27,13 @@
78 import roundupdb, htmltemplate, date, hyperdb, password
79 from roundup.i18n import _
81 +try:
82 + from altauth import altauth
83 + import password as password_module
84 + altauth_exists =3D 1
85 +except:
86 + altauth_exists =3D 0
87 +
88 class Unauthorised(ValueError):
89 pass
91 @@ -807,7 +814,24 @@
92 password =3D self.form['__login_password'].value
93 else:
94 password =3D ''
95 + # if using alternate authentication, perform it.
96 + if altauth_exists:
97 + auth =3D altauth(self.user, password)
98 # make sure the user exists
99 + if altauth_exists:
100 + if auth.exists:
101 + try:
102 + uid =3D self.db.user.lookup(self.user)
103 + except KeyError:
104 + username =3D str(self.user)
105 + self.db =3D self.instance.open('admin')
106 + cl =3D self.db.user
107 + props =3D {'username':username, 'realname':auth.re=
108 alname,
109 + 'organisation':auth.org, 'address':auth.e=
110 mail,
111 + 'phone':auth.phone}
112 + uid =3D cl.create(**props)
113 + self.user =3D cl.get(uid, 'username')
114 + self.db.commit()
115 try:
116 uid =3D self.db.user.lookup(self.user)
117 except KeyError:
118 @@ -819,6 +843,20 @@
119 return 0
121 # and that the password is correct
122 + if altauth_exists:
123 + if auth.success:
124 + name =3D str(self.user)
125 + self.db =3D self.instance.open(name)
126 + value =3D password_module.Password(password.strip())
127 + password_dict =3D {'password':value}
128 + user =3D self.db.user
129 + user.set(uid, **password_dict)
130 + self.db.commit()
131 + else:
132 + self.make_user_anonymous()o
133 + action =3D self.form['__destination_url'].value
134 + self.login(message=3D_(auth.message), action=3Daction)=
136 + return 0
137 pw =3D self.db.user.get(uid, 'password')
138 if password !=3D pw:
139 self.make_user_anonymous()
142 example altauth.py:
144 __doc__ =3D """
145 Alternative authentication for roundup
146 """
148 import pipes, os, string
150 class altauth:
151 """
152 Arguments:
153 username : username
154 password : password in plaintext
156 Instance variables:
157 realname : username's real name
158 org : username's organization
159 email : username's email address
160 phone : username's phone number
162 code : return code from alternate authentication
163 message : message from alternate authentication
164 exists : does user exist in alternate autentication source?
165 success : did user enter a valid user / password combo?
166 """
167 def __init__(self, username=3DNone, password=3DNone):
168 # Make sure user and password have values - else java cwauthcmd=
169 hangs.
170 if username is None:
171 username =3D "test"
172 if password is None:
173 password =3D "test"
175 # In Bluepages, your username is your email address, but this m=
176 ight not
177 # be true for other authentication sources.
178 self.email =3D username
180 # Get realname, phone and org from Bluepages
181 cmd =3D "phone ldap emailaddress=3D%s format givenname sn telep=
182 honenumber dept" % self.email
183 s =3D os.popen(cmd).readlines()[0].strip().split()
184 self.realname =3D string.join(s[:-2])
185 self.phone =3D s[-2]
186 self.org =3D s[-1]
188 # Open a pipeline to java cwauth stuff. The most secure option =
189 I could think of
190 # besides JPE (Java Python Extension), which I couldn't get to =
191 work.
192 os.umask(077)
193 t=3Dpipes.Template()
194 t.append('java cwauthcmd', '--')
195 tmpfile =3D os.tmpnam()
196 f=3Dt.open(tmpfile, 'w')
197 f.write(username + " " + password)
198 f.close()
199 self.code =3D int(open(tmpfile).read().strip())
200 os.remove(tmpfile)
202 if self.code =3D=3D 0:
203 self.message =3D "Success. The authentication was successfu=
204 l."
205 self.exists =3D 1
206 self.success =3D 1
207 elif self.code =3D=3D 2:
208 self.message =3D "Not registered. Visit http://w3.ibm.com/p=
209 assword/"
210 self.exists =3D 0
211 self.success =3D 0
212 elif self.code =3D=3D 3:
213 self.message =3D "LDAP Error. There was an error communicat=
214 ing with Bluepages."
215 self.exists =3D 0
216 self.success =3D 0
217 elif self.code =3D=3D 4:
218 self.message =3D "No Record Found. No user was found havin=
219 g that e-mail address."
220 self.exists =3D 0
221 self.success =3D 0
222 elif self.code =3D=3D 5:
223 self.message =3D "Multiple Records Found. More than one ent=
224 ry exists for that e-mail address."
225 self.exists =3D 1
226 self.success =3D 0
227 elif self.code =3D=3D 6:
228 self.message =3D "Incorrect password. Try again or visit ht=
229 tp://w3.ibm.com/password"
230 self.exists =3D 1
231 self.success =3D 0
232 else:
233 self.message =3D "Unknown result code. Contact daniel_clark=
234 @us.ibm.com"
235 self.exists =3D 0
236 self.success =3D 0
239 --
240 Daniel Clark =A7 Sys Admin & Assistant Release Engineer
241 IBM =BB Lotus =BB Messaging Technology Group =A7 http://w3.mtg.lotus.co=
242 m
243 Tieline 693-7353 =A7 External 617-693-7353 =A7 Mobile 617-877-0702
244 AIM as djbclark =A7 Sametime as Daniel Clark/CAM/Lotus
245 =
249 _______________________________________________
250 Roundup-devel mailing list
251 Roundup-devel@lists.sourceforge.net
252 https://lists.sourceforge.net/lists/listinfo/roundup-devel