yannweb
/
lodel2_mirror
mirror of https://github.com/yweber/lodel2.git
Watch 1
Star 0
Fork 0
Code Releases 0 Activity
No Description
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1703 Commits
27 Branches
Tree: 3931d286a7
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '3931d286a7'
${ noResults }
lodel2_mirror/lodel/auth/client.py

client.py 10KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281 
  1. #-*- Coding: utf-8 -*-

  2. 

  3. import copy

  4. import sys

  5. import warnings

  6. import inspect

  7. 

  8. from lodel.settings import Settings

  9. from lodel import logger

  10. from lodel.plugin.hooks import LodelHook

  11. from lodel.plugin import SessionHandlerPlugin as SessionHandler

  12. from .exceptions import *

  13. from ..leapi.query import LeGetQuery

  14. 

  15. ##@brief Client metaclass designed to implements container accessor on 

  16. #Client Class

  17. #

  18. #@todo Maybe we can delete this metaclass....

  19. class ClientMetaclass(type):

  20.     

  21.     def __init__(self, name, bases, attrs):

  22.         return super(ClientMetaclass, self).__init__(name, bases, attrs)

  23. 

  24.     def __getitem__(self, key):

  25.         return self.datas()[key]

  26. 

  27.     def __delitem__(self, key):

  28.         del(self.datas()[key])

  29. 

  30.     def __setitem__(self, key, value):

  31.         if self.get_session_token() is None:

  32.             self.set_session_token(SessionHandler.start())

  33.         datas = self.datas()

  34.         datas[key] = value

  35. 

  36.     def __str__(self):

  37.         return str(self._instance)

  38. 

  39. ##@brief Abstract singleton class designed to handle client informations

  40. #

  41. # This class is designed to handle client authentication and sessions

  42. class Client(object, metaclass = ClientMetaclass):

  43.     

  44.     ##@brief Singleton instance

  45.     _instance = None

  46.     ##@brief List of dict that stores field ref for login and password

  47.     #

  48.     # Storage specs : 

  49.     #

  50.     # A list of dict, with keys 'login' and 'password', items are tuple.

  51.     #- login tuple contains (LeObjectChild, FieldName, link_field) with:

  52.     # - LeObjectChild the dynclass containing the login

  53.     # - Fieldname the fieldname of LeObjectChild containing the login

  54.     # - link_field None if both login and password are in the same

  55.     # LeObjectChild. Else contains the field that make the link between

  56.     # login LeObject and password LeObject

  57.     #- password typle contains (LeObjectChild, FieldName)

  58.     _infos_fields = None

  59.     

  60.     ##@brief Constant that stores the session key that stores authentication

  61.     #informations

  62.     _AUTH_DATANAME = '__auth_user_infos'

  63.     

  64. 

  65.     ##@brief Constructor

  66.     #@param session_token mixed : Session token provided by client to interface

  67.     def __init__(self,session_token = None):

  68.         logger.debug(session_token)

  69.         if self.__class__ == Client:

  70.             raise NotImplementedError("Abstract class")

  71.         logger.debug("New instance of Client child class %s" %

  72.             self.__class__.__name__)

  73.         if Client._instance is not None:

  74.             old = Client._instance

  75.             Client._instance = None

  76.             del(old)

  77.             logger.debug("Replacing old Client instance by a new one")

  78.         else:

  79.             #first instanciation, fetching settings

  80.             self.fetch_settings()

  81.         ##@brief Stores infos for authenticated users (None == anonymous)

  82.         self.__user = None

  83.         ##@brief Stores the session handler

  84.         Client._instance = self

  85.         ##@brief Stores LodelSession instance

  86.         

  87.         self.__datas = dict()

  88.         if session_token is not None:

  89.             self.__datas = SessionHandler.restore(session_token)

  90.         self.__session_token = session_token

  91.         

  92.         logger.debug("New client : %s" % self)

  93.     

  94.     def __del__(self):

  95.         del(self.__session_token)

  96.         del(self.__datas)

  97. 

  98.     @classmethod

  99.     def datas(cls):

  100.         return cls._instance.__datas

  101.     

  102.     @classmethod

  103.     def user(cls):

  104.         if '__auth_user_infos' in cls._instance.__datas:

  105.             return cls._instance.__datas['__auth_user_infos']

  106.         else:

  107.             return None

  108.     @classmethod

  109.     def get_session_token(cls):

  110.         return cls._instance.__session_token

  111.     

  112.     @classmethod

  113.     def set_session_token(cls, value):

  114.         cls._instance.__session_token = value

  115.     

  116.     ##@brief Try to authenticate a user with a login and a password

  117.     #@param login str : provided login

  118.     #@param password str : provided password (hash)

  119.     #@warning brokes composed UID

  120.     #@note implemets multiple login/password sources (useless ?)

  121.     #@todo composed UID broken method

  122.     #@todo allow to provide an authentication source

  123.     @classmethod

  124.     def authenticate(self, login = None, password = None):

  125.         #Authenticate

  126.         for infos in self._infos_fields:

  127.             logger.debug(self._infos_fields)

  128.             login_cls = infos['login'][0]

  129.             pass_cls = infos['password'][0]

  130.             qfilter = "{passfname} = {passhash}"

  131.             uid_fname = login_cls.uid_fieldname()[0] #COMPOSED UID BROKEN

  132.             if login_cls == pass_cls:

  133.                 #Same EmClass for login & pass

  134.                 qfilter = qfilter.format(

  135.                     passfname = infos['password'][1],

  136.                     passhash = password)

  137.             else:

  138.                 #Different EmClass, building a relational filter

  139.                 passfname = "%s.%s" % (infos['login'][2], infos['password'][1])

  140.                 qfilter = qfilter.format(

  141.                     passfname = passfname,

  142.                     passhash = password)

  143.             getq = LeGetQuery(infos['login'][0], qfilter,

  144.                 field_list = [uid_fname], limit = 1)

  145.             req = getq.execute()

  146.             if len(req) == 1:

  147.                 self.__set_authenticated(infos['login'][0],req[0][uid_fname])

  148.                 break

  149.         if self.is_anonymous():

  150.             self.authentication_failure() #Security logging

  151.     

  152.     ##@brief Attempt to restore a session given a session token

  153.     #@param token mixed : a session token

  154.     #@return Session datas (a dict)

  155.     #@throw ClientAuthenticationFailure if token is not valid or not

  156.     #existing

  157.     @classmethod

  158.     def restore_session(cls, token):

  159.         cls._assert_instance()

  160.         if cls._instance.__session_token is not None:

  161.             raise ClientAuthenticationError("Trying to restore a session, but \

  162. a session is allready started !!!")

  163.         cls._instance.__datas = SessionHandler.restore(token)

  164.         cls._instance.__session_token = token

  165.         return copy.copy(cls._instance.datas)

  166.     

  167.     ##@brief Return the current session token or None

  168.     #@return A session token or None

  169.     @classmethod

  170.     def session_token(cls):

  171.         cls._assert_instance()

  172.         return cls._instance.__session_token

  173. 

  174.    

  175.     ##@brief Delete current session

  176.     @classmethod

  177.     def destroy(cls):

  178.         cls._assert_instance()

  179.         SessionHandler.destroy(cls._instance.__session_token)

  180.         cls._instance.__session_token = None

  181.         cls._instance.__datas = dict()

  182.     

  183.     ##@brief Delete current client and save its session

  184.     @classmethod

  185.     def clean(cls):

  186.         if cls._instance.__session_token is not None:

  187.             SessionHandler.save(cls._instance.__session_token, cls._instance.__datas)

  188.         if Client._instance is not None:

  189.             del(Client._instance)

  190.         Client._instance = None

  191.     

  192.     ##@brief Test wether a client is anonymous or logged in

  193.     #@return True if client is anonymous

  194.     @classmethod

  195.     def is_anonymous(cls):

  196.         return Client._instance.user() is None

  197.         

  198.     ##@brief Method to call on authentication failure

  199.     #@throw ClientAuthenticationFailure

  200.     #@throw LodelFatalError if no Client child instance found

  201.     @classmethod

  202.     def authentication_failure(cls):

  203.         cls._generic_error(ClientAuthenticationFailure)

  204.     

  205.     ##@brief Method to call on authentication error

  206.     #@throw ClientAuthenticationError

  207.     #@throw LodelFatalError if no Client child instance found

  208.     @classmethod

  209.     def authentication_error(cls, msg = "Unknow error"):

  210.         cls._generic_error(ClientAuthenticationError, msg)

  211. 

  212.     ##@brief Method to call on permission denied error

  213.     #@throw ClientPermissionDenied

  214.     #@throw LodelFatalError if no Client child instance found

  215.     @classmethod

  216.     def permission_denied_error(cls, msg = ""):

  217.         cls._generic_error(ClientPermissionDenied, msg)

  218.     

  219.     ##@brief Generic error method

  220.     #@see Client::authentication_failure() Client::authentication_error()

  221.     #Client::permission_denied_error()

  222.     #@throw LodelFatalError if no Client child instance found

  223.     @classmethod

  224.     def _generic_error(cls, expt, msg = ""):

  225.         cls._assert_instance()

  226.         raise expt(Client._instance, msg)

  227.     

  228.     ##@brief Assert that an instance of Client child class exists

  229.     #@throw LodelFataError if no instance of Client child class found

  230.     @classmethod

  231.     def _assert_instance(cls):

  232.         if Client._instance is None:

  233.             raise LodelFatalError("No client instance found. Abording.")

  234. 

  235.     ##@brief Class method that fetches conf

  236.     #

  237.     #This method populates Client._infos_fields . This attribute stores

  238.     #informations on login and password location (LeApi object & field)

  239.     @classmethod

  240.     def fetch_settings(cls):

  241.         from lodel import dyncode

  242.         if cls._infos_fields is None:

  243.             cls._infos_fields = list()

  244.         else:

  245.             #Allready fetched

  246.             return

  247.         infos = (

  248.             Settings.auth.login_classfield,

  249.             Settings.auth.pass_classfield)

  250.         res_infos = []

  251.         for clsname, fieldname in infos:

  252.             dcls = dyncode.lowername2class(infos[0][0])

  253.             res_infos.append((dcls, infos[1][1]))

  254. 

  255.         link_field = None

  256.         if res_infos[0][0] != res_infos[1][0]:

  257.             # login and password are in two separated EmClass

  258.             # determining the field that links login EmClass to password

  259.             # EmClass

  260.             for fname, fdh in res_infos[0][0].fields(True).items():

  261.                 if fdh.is_reference() and res_infos[1][0] in fdh.linked_classes():

  262.                     link_field = fname

  263.             if link_field is None:

  264.                 #Unable to find link between login & password EmClasses

  265.                 raise AuthenticationError("Unable to find a link between \

  266. login EmClass '%s' and password EmClass '%s'. Abording..." % (

  267.                     res_infos[0][0], res_infos[1][0]))

  268.         res_infos[0] = (res_infos[0][0], res_infos[0][1], link_field)

  269.         cls._infos_fields.append(

  270.             {'login':res_infos[0], 'password':res_infos[1]})

  271. 

  272.     ##@brief Set a user as authenticated and start a new session

  273.     #@param leo LeObject child class : the LeObject the user is stored in

  274.     #@param uid str : uniq id (in leo)

  275.     #@return None

  276.     @classmethod

  277.     def __set_authenticated(cls, leo, uid):

  278.         cls._instance.__user = {'classname': leo.__name__, 'uid': uid, 'leoclass': leo}

  279.         #Store auth infos in session

  280.         cls._instance.__datas[cls._instance.__class__._AUTH_DATANAME] = copy.copy(cls._instance.__user)