![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4f552cc)
raw | patch | inline | side by side (parent: 4f552cc)
| author | richard <richard@57a73879-2fb5-44c3-a270-3262357dd7e2> | |
| Tue, 25 Jun 2002 04:08:15 +0000 (04:08 +0000) | ||
| committer | richard <richard@57a73879-2fb5-44c3-a270-3262357dd7e2> | |
| Tue, 25 Jun 2002 04:08:15 +0000 (04:08 +0000) |
more complete solution.
git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/trunk@818 57a73879-2fb5-44c3-a270-3262357dd7e2
git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/trunk@818 57a73879-2fb5-44c3-a270-3262357dd7e2
| patches/20020205.alternate_auth | [new file with mode: 0644] | patch | blob |
diff --git a/patches/20020205.alternate_auth b/patches/20020205.alternate_auth
--- /dev/null
@@ -0,0 +1,254 @@
+From daniel_clark@us.ibm.com Wed Feb 6 04:27:15 2002
+X-Sieve: cmu-sieve 2.0
+Return-Path: <roundup-devel-admin@lists.sourceforge.net>
+Received: (from uucp@localhost)
+ by crown.off.ekorp.com (8.9.3/8.9.3) id RAA12435
+ for rjones@ekit-inc.com; Tue, 5 Feb 2002 17:30:24 GMT
+Received: from usw-sf-fw2.sourceforge.net(216.136.171.252), claiming to be "usw-sf-list1.sourceforge.net"
+ via SMTP by mx3.ekorp.com, id smtpdAAALJaWqy; Tue Feb 5 17:30:22 2002
+Received: from localhost ([127.0.0.1] helo=usw-sf-list1.sourceforge.net)
+ by usw-sf-list1.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian))
+ id 16Y9Q6-0002kj-00; Tue, 05 Feb 2002 09:30:14 -0800
+Received: from lotus2.lotus.com ([129.42.241.42])
+ by usw-sf-list1.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian))
+ id 16Y9Ps-0002ee-00
+ for <roundup-devel@lists.sourceforge.net>; Tue, 05 Feb 2002 09:30:00 -0800
+Received: from internet2.lotus.com (internet2 [172.16.131.236])
+ by lotus2.lotus.com (8.12.1/8.12.1) with ESMTP id g15HUnTQ013140
+ for <roundup-devel@lists.sourceforge.net>; Tue, 5 Feb 2002 12:30:54 -0500 (EST)
+Received: from a3mail.lotus.com (a3mail.lotus.com [9.95.5.66])
+ by internet2.lotus.com (8.12.1/8.12.1) with ESMTP id g15HTHS0005917
+ for <roundup-devel@lists.sourceforge.net>; Tue, 5 Feb 2002 12:29:17 -0500 (EST)
+To: roundup-devel@lists.sourceforge.net
+X-Mailer: Lotus Notes Release 5.0.8 June 18, 2001
+Message-ID: <OF2C7B87C4.DF1574A8-ON85256B56.0060B9A2@lotus.com>
+From: "Daniel Clark/CAM/Lotus" <daniel_clark@us.ibm.com>
+X-MIMETrack: Serialize by Router on A3MAIL/CAM/H/Lotus(Build V5010_01222002 |January 22, 2002) at
+ 02/05/2002 12:25:48 PM
+MIME-Version: 1.0
+Content-type: text/plain;
+ charset=iso-8859-1
+Content-transfer-encoding: quoted-printable
+Subject: [Roundup-devel] Alternative authentication for roundup
+Sender: roundup-devel-admin@lists.sourceforge.net
+Errors-To: roundup-devel-admin@lists.sourceforge.net
+X-BeenThere: roundup-devel@lists.sourceforge.net
+X-Mailman-Version: 2.0.5
+Precedence: bulk
+List-Help: <mailto:roundup-devel-request@lists.sourceforge.net?subject=help>
+List-Post: <mailto:roundup-devel@lists.sourceforge.net>
+List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/roundup-devel>,
+ <mailto:roundup-devel-request@lists.sourceforge.net?subject=subscribe>
+List-Id: <roundup-devel.lists.sourceforge.net>
+List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/roundup-devel>,
+ <mailto:roundup-devel-request@lists.sourceforge.net?subject=unsubscribe>
+List-Archive: <http://www.geocrawler.com/redir-sf.php3?list=roundup-devel>
+X-Original-Date: Tue, 5 Feb 2002 12:27:15 -0500
+Date: Tue, 5 Feb 2002 12:27:15 -0500
+Status: R
+X-Status: N
+
+I'm trying to get roundup to work with an alternative method of
+authentication (due to a corporate requirement of using a common intran=
+et
+password). I've created an "altauth" module to abstract the details of =
+the
+authentication. Since the hyperdb usernames and passwords seem to be
+referenced in a lot of places in the code, I am just creating hyperdb
+entries for the users if they exist and enter their correct passwords
+against the alternate authentication source. For the most part this eff=
+ects
+the login_action function in cgi_client.py. I've completed some changes=
+
+that make this work for the web interface, but as I am new to roundup a=
+nd
+relatively new to python I thought I'd post the changes for review. If
+others would find this functionality useful I would be happy if these
+changes (probably reworked) could make it into future releases.
+
+The main things I think I still need to do are add equivalent changes t=
+o
+mailgw.py and handle messages from the alternative authentication sourc=
+e
+better.
+
+--- cgi_client.py Tue Feb 5 21:56:30 2002
++++ cgi_client.py-altauth Tue Feb 5 21:56:30 2002
+@@ -27,6 +27,13 @@
+ import roundupdb, htmltemplate, date, hyperdb, password
+ from roundup.i18n import _
+
++try:
++ from altauth import altauth
++ import password as password_module
++ altauth_exists =3D 1
++except:
++ altauth_exists =3D 0
++
+ class Unauthorised(ValueError):
+ pass
+
+@@ -807,7 +814,24 @@
+ password =3D self.form['__login_password'].value
+ else:
+ password =3D ''
++ # if using alternate authentication, perform it.
++ if altauth_exists:
++ auth =3D altauth(self.user, password)
+ # make sure the user exists
++ if altauth_exists:
++ if auth.exists:
++ try:
++ uid =3D self.db.user.lookup(self.user)
++ except KeyError:
++ username =3D str(self.user)
++ self.db =3D self.instance.open('admin')
++ cl =3D self.db.user
++ props =3D {'username':username, 'realname':auth.re=
+alname,
++ 'organisation':auth.org, 'address':auth.e=
+mail,
++ 'phone':auth.phone}
++ uid =3D cl.create(**props)
++ self.user =3D cl.get(uid, 'username')
++ self.db.commit()
+ try:
+ uid =3D self.db.user.lookup(self.user)
+ except KeyError:
+@@ -819,6 +843,20 @@
+ return 0
+
+ # and that the password is correct
++ if altauth_exists:
++ if auth.success:
++ name =3D str(self.user)
++ self.db =3D self.instance.open(name)
++ value =3D password_module.Password(password.strip())
++ password_dict =3D {'password':value}
++ user =3D self.db.user
++ user.set(uid, **password_dict)
++ self.db.commit()
++ else:
++ self.make_user_anonymous()o
++ action =3D self.form['__destination_url'].value
++ self.login(message=3D_(auth.message), action=3Daction)=
+
++ return 0
+ pw =3D self.db.user.get(uid, 'password')
+ if password !=3D pw:
+ self.make_user_anonymous()
+
+
+example altauth.py:
+
+__doc__ =3D """
+Alternative authentication for roundup
+"""
+
+import pipes, os, string
+
+class altauth:
+ """
+ Arguments:
+ username : username
+ password : password in plaintext
+
+ Instance variables:
+ realname : username's real name
+ org : username's organization
+ email : username's email address
+ phone : username's phone number
+
+ code : return code from alternate authentication
+ message : message from alternate authentication
+ exists : does user exist in alternate autentication source?
+ success : did user enter a valid user / password combo?
+ """
+ def __init__(self, username=3DNone, password=3DNone):
+ # Make sure user and password have values - else java cwauthcmd=
+ hangs.
+ if username is None:
+ username =3D "test"
+ if password is None:
+ password =3D "test"
+
+ # In Bluepages, your username is your email address, but this m=
+ight not
+ # be true for other authentication sources.
+ self.email =3D username
+
+ # Get realname, phone and org from Bluepages
+ cmd =3D "phone ldap emailaddress=3D%s format givenname sn telep=
+honenumber dept" % self.email
+ s =3D os.popen(cmd).readlines()[0].strip().split()
+ self.realname =3D string.join(s[:-2])
+ self.phone =3D s[-2]
+ self.org =3D s[-1]
+
+ # Open a pipeline to java cwauth stuff. The most secure option =
+I could think of
+ # besides JPE (Java Python Extension), which I couldn't get to =
+work.
+ os.umask(077)
+ t=3Dpipes.Template()
+ t.append('java cwauthcmd', '--')
+ tmpfile =3D os.tmpnam()
+ f=3Dt.open(tmpfile, 'w')
+ f.write(username + " " + password)
+ f.close()
+ self.code =3D int(open(tmpfile).read().strip())
+ os.remove(tmpfile)
+
+ if self.code =3D=3D 0:
+ self.message =3D "Success. The authentication was successfu=
+l."
+ self.exists =3D 1
+ self.success =3D 1
+ elif self.code =3D=3D 2:
+ self.message =3D "Not registered. Visit http://w3.ibm.com/p=
+assword/"
+ self.exists =3D 0
+ self.success =3D 0
+ elif self.code =3D=3D 3:
+ self.message =3D "LDAP Error. There was an error communicat=
+ing with Bluepages."
+ self.exists =3D 0
+ self.success =3D 0
+ elif self.code =3D=3D 4:
+ self.message =3D "No Record Found. No user was found havin=
+g that e-mail address."
+ self.exists =3D 0
+ self.success =3D 0
+ elif self.code =3D=3D 5:
+ self.message =3D "Multiple Records Found. More than one ent=
+ry exists for that e-mail address."
+ self.exists =3D 1
+ self.success =3D 0
+ elif self.code =3D=3D 6:
+ self.message =3D "Incorrect password. Try again or visit ht=
+tp://w3.ibm.com/password"
+ self.exists =3D 1
+ self.success =3D 0
+ else:
+ self.message =3D "Unknown result code. Contact daniel_clark=
+@us.ibm.com"
+ self.exists =3D 0
+ self.success =3D 0
+
+
+--
+Daniel Clark =A7 Sys Admin & Assistant Release Engineer
+IBM =BB Lotus =BB Messaging Technology Group =A7 http://w3.mtg.lotus.co=
+m
+Tieline 693-7353 =A7 External 617-693-7353 =A7 Mobile 617-877-0702
+AIM as djbclark =A7 Sametime as Daniel Clark/CAM/Lotus
+=
+
+
+
+_______________________________________________
+Roundup-devel mailing list
+Roundup-devel@lists.sourceforge.net
+https://lists.sourceforge.net/lists/listinfo/roundup-devel
+
+