From 2cce76f46440c04df7deae594fd7f17682965f4d Mon Sep 17 00:00:00 2001 From: richard Date: Thu, 26 Sep 2002 23:59:08 +0000 Subject: [PATCH] added hook for external password validation, and some more docco git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/trunk@1273 57a73879-2fb5-44c3-a270-3262357dd7e2 --- CHANGES.txt | 3 +- doc/customizing.txt | 49 ++++++++++++++++++++++++----- roundup/cgi/client.py | 28 ++++++++++++----- roundup/templates/classic/dbinit.py | 7 ++++- roundup/templates/minimal/dbinit.py | 7 ++++- 5 files changed, 75 insertions(+), 19 deletions(-) diff --git a/CHANGES.txt b/CHANGES.txt index b83149e..d70de86 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -44,7 +44,8 @@ are given with the most recent entry first. - added "crypt" password encoding and ability to set password with already encrypted password through roundup-admin - fixed the mailgw so that anonymous users may still access it - +- add hook to allow external password verification, overridable in the + tracker interfaces module 2002-09-13 0.5.0 beta2 - all backends now have a .close() method, and it's used everywhere diff --git a/doc/customizing.txt b/doc/customizing.txt index bb85c1c..d15973f 100644 --- a/doc/customizing.txt +++ b/doc/customizing.txt @@ -2,7 +2,7 @@ Customising Roundup =================== -:Version: $Revision: 1.48 $ +:Version: $Revision: 1.49 $ .. This document borrows from the ZopeBook section on ZPT. The original is at: http://www.zope.org/Documentation/Books/ZopeBook/current/ZPT.stx @@ -185,11 +185,6 @@ Note: if you modify the schema, you'll most likely need to edit the your changes. A tracker schema defines what data is stored in the tracker's database. -The schemas shipped with Roundup turn it into a typical software bug tracker -or help desk. - -XXX make sure we ship the help desk - Schemas are defined using Python code in the ``dbinit.py`` module of your tracker. The "classic" schema looks like this:: @@ -434,7 +429,9 @@ case though, so be careful to use the right one. Use the roundup-admin interface's create, set and retire methods to add, alter or remove items from the classes in question. -XXX example + +See "`adding a new field to the classic schema`_" for an example that requires +database content changes. Web Interface @@ -1532,7 +1529,11 @@ Adding a field to the database This is the easiest part of the change. The category would just be a plain string, nothing fancy. To change what is in the database you need to add -some lines to the ``open()`` function in ``dbinit.py``:: +some lines to the ``open()`` function in ``dbinit.py`` under the comment:: + + # add any additional database schema configuration here + +add:: category = Class(db, "category", name=String()) category.setkey("name") @@ -1558,6 +1559,38 @@ adding something with a more one to one relationship use Link() instead. That is all you need to do to change the schema. The rest of the effort is fiddling around so you can actually use the new category. +Populating the new category class +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +If you haven't initialised the database with the roundup-admin "initialise" +command, then you can add the following to the tracker ``dbinit.py`` in the +``init()`` function under the comment:: + + # add any additional database create steps here - but only if you + # haven't initialised the database with the admin "initialise" command + +add:: + + category = db.getclass('category') + category.create(name="scipy", order="1") + category.create(name="chaco", order="2") + category.create(name="weave", order="3") + +If the database is initalised, the you need to use the roundup-admin tool:: + + % roundup-admin -i + Roundup ready for input. + Type "help" for help. + roundup> create category name=scipy order=1 + 1 + roundup> create category name=chaco order=1 + 2 + roundup> create category name=weave order=1 + 3 + roundup> exit... + There are unsaved changes. Commit them (y/N)? y + + Setting up security on the new objects ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/roundup/cgi/client.py b/roundup/cgi/client.py index 6e47427..1c5ecd1 100644 --- a/roundup/cgi/client.py +++ b/roundup/cgi/client.py @@ -1,4 +1,4 @@ -# $Id: client.py,v 1.46 2002-09-26 03:45:09 richard Exp $ +# $Id: client.py,v 1.47 2002-09-26 23:59:08 richard Exp $ __doc__ = """ WWW request handler (also used in the stand-alone server). @@ -424,7 +424,10 @@ class Client: if self.debug: self.headers_sent = headers - def set_cookie(self, user, password): + def set_cookie(self, user): + ''' Set up a session cookie for the user and store away the user's + login info against the session. + ''' # TODO generate a much, much stronger session key ;) self.session = binascii.b2a_base64(repr(random.random())).strip() @@ -498,9 +501,7 @@ class Client: self.error_message.append(_('No such user "%(name)s"')%locals()) return - # and that the password is correct - pw = self.db.user.get(self.userid, 'password') - if password != pw: + if not self.verifyPassword(self.userid, password): self.make_user_anonymous() self.error_message.append(_('Incorrect password')) return @@ -511,7 +512,12 @@ class Client: raise Unauthorised, _("You do not have permission to login") # set the session cookie - self.set_cookie(self.user, password) + self.set_cookie(self.user) + + def verifyPassword(self, userid, password): + ''' Verify the password that the user has supplied + ''' + return password == self.db.user.get(self.userid, 'password') def loginPermission(self): ''' Determine whether the user has permission to log in. @@ -577,8 +583,14 @@ class Client: self.user = cl.get(self.userid, 'username') # re-open the database for real, using the user self.opendb(self.user) - password = self.db.user.get(self.userid, 'password') - self.set_cookie(self.user, password) + + # update the user's session + if self.session: + self.db.sessions.set(self.session, user=self.user, + last_use=time.time()) + else: + # new session cookie + self.set_cookie(self.user) # nice message message = _('You are now registered, welcome!') diff --git a/roundup/templates/classic/dbinit.py b/roundup/templates/classic/dbinit.py index 778766f..311999c 100644 --- a/roundup/templates/classic/dbinit.py +++ b/roundup/templates/classic/dbinit.py @@ -15,7 +15,7 @@ # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE, # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. # -# $Id: dbinit.py,v 1.29 2002-09-13 03:31:18 richard Exp $ +# $Id: dbinit.py,v 1.30 2002-09-26 23:59:08 richard Exp $ import os @@ -55,6 +55,8 @@ def open(name=None): klass=String(), name=String(), url=String()) query.setkey("name") + + # add any additional database schema configuration here # Note: roles is a comma-separated string of Role names user = Class(db, "user", @@ -187,6 +189,9 @@ def init(adminpw): address=config.ADMIN_EMAIL, roles='Admin') user.create(username="anonymous", roles='Anonymous') + # add any additional database create steps here - but only if you + # haven't initialised the database with the admin "initialise" command + db.commit() # vim: set filetype=python ts=4 sw=4 et si diff --git a/roundup/templates/minimal/dbinit.py b/roundup/templates/minimal/dbinit.py index 36c8d40..5d3e1a0 100644 --- a/roundup/templates/minimal/dbinit.py +++ b/roundup/templates/minimal/dbinit.py @@ -15,7 +15,7 @@ # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE, # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. # -# $Id: dbinit.py,v 1.1 2002-09-26 04:15:07 richard Exp $ +# $Id: dbinit.py,v 1.2 2002-09-26 23:59:08 richard Exp $ import os @@ -43,6 +43,8 @@ def open(name=None): address=String(), alternate_addresses=String(), roles=String()) user.setkey("username") + # add any additional database schema configuration here + # # SECURITY SETTINGS # @@ -100,6 +102,9 @@ def init(adminpw): address=config.ADMIN_EMAIL, roles='Admin') user.create(username="anonymous", roles='Anonymous') + # add any additional database create steps here - but only if you + # haven't initialised the database with the admin "initialise" command + db.commit() # vim: set filetype=python ts=4 sw=4 et si -- 2.30.2