[Zope-CVS] CVS: Products/PluggableAuthService/plugins - ZODBGroupManager.py:1.3.4.1 ZODBRoleManager.py:1.3.4.2 ZODBUserManager.py:1.4.2.1

Lennart Regebro regebro at nuxeo.com
Tue Aug 31 10:42:14 EDT 2004


Update of /cvs-repository/Products/PluggableAuthService/plugins
In directory cvs.zope.org:/tmp/cvs-serv26731/plugins

Modified Files:
      Tag: regebro-implement_challenge-branch
	ZODBGroupManager.py ZODBRoleManager.py ZODBUserManager.py 
Log Message:
Merge from HEAD + new challenge implementation.


=== Products/PluggableAuthService/plugins/ZODBGroupManager.py 1.3 => 1.3.4.1 ===
--- Products/PluggableAuthService/plugins/ZODBGroupManager.py:1.3	Thu Aug 12 11:15:54 2004
+++ Products/PluggableAuthService/plugins/ZODBGroupManager.py	Tue Aug 31 10:41:43 2004
@@ -113,11 +113,11 @@
 
                 info = {}
                 info.update( self._groups[ group_id ] )
-                
+
                 info[ 'pluginid' ] = plugin_id
                 info[ 'properties_url' ] = '%s?%s' % ( e_url, p_qs )
                 info[ 'members_url' ] = '%s?%s' % ( e_url, m_qs )
-                
+
                 if not group_filter or group_filter( info ):
                     group_info.append( info )
 
@@ -229,7 +229,7 @@
                 if ( group_id not in self._principal_groups.get( id, () )
                  and group_id != id ):
                     result.append( ( id, title ) )
-        
+
         return result
 
     security.declareProtected( ManageGroups, 'listAssignedPrincipals' )
@@ -245,9 +245,13 @@
 
                 parent = aq_parent( self )
                 info = parent.searchPrincipals( id=k, exact_match=True )
-                assert( len( info ) == 1 )
-                result.append( ( k, info[0].get( 'title', k ) ) )
-        
+                assert( len( info ) in ( 0, 1 ) )
+                if len( info ) == 0:
+                    title = '<%s: not found>' % k
+                else:
+                    title = info[0].get( 'title', k )
+                result.append( ( k, title ) )
+
         return result
 
     security.declareProtected( ManageGroups, 'addPrincipalToGroup' )
@@ -371,7 +375,7 @@
             message = 'no+groups+selected'
 
         else:
-        
+
             for group_id in group_ids:
                 self.removeGroup( group_id )
 
@@ -420,7 +424,7 @@
         """ Remove one or more principals from a group via the ZMI.
         """
         removed = []
-        
+
         for principal_id in principal_ids:
             if self.removePrincipalFromGroup( principal_id, group_id ):
                 removed.append( principal_id )


=== Products/PluggableAuthService/plugins/ZODBRoleManager.py 1.3.4.1 => 1.3.4.2 ===
--- Products/PluggableAuthService/plugins/ZODBRoleManager.py:1.3.4.1	Mon Aug 30 13:11:35 2004
+++ Products/PluggableAuthService/plugins/ZODBRoleManager.py	Tue Aug 31 10:41:43 2004
@@ -79,7 +79,8 @@
             role_holder = aq_parent( aq_inner( container ) )
             for role in getattr( role_holder, '__ac_roles__', () ):
                 try:
-                    self.addRole( role )
+                    if role not in ('Anonymous', 'Authenticated'):
+                        self.addRole( role )
                 except KeyError:
                     pass
 
@@ -129,14 +130,14 @@
                 e_url = '%s/manage_roles' % self.getId()
                 p_qs = 'role_id=%s' % role_id
                 m_qs = 'role_id=%s&assign=1' % role_id
-                
+
                 info = {}
                 info.update( self._roles[ role_id ] )
-                
+
                 info[ 'pluginid' ] = plugin_id
                 info[ 'properties_url'  ] = '%s?%s' % (e_url, p_qs)
                 info[ 'members_url'  ] = '%s?%s' % (e_url, m_qs)
-                
+
                 if not role_filter or role_filter( info ):
                     role_info.append( info )
 
@@ -240,7 +241,7 @@
                 if ( role_id not in self._principal_roles.get( id, () )
                  and role_id != id ):
                     result.append( ( id, title ) )
-        
+
         return result
 
     security.declareProtected( ManageUsers, 'listAssignedPrincipals' )
@@ -252,18 +253,17 @@
 
         for k, v in self._principal_roles.items():
             if role_id in v:
-                # should be one and only one mapping to 'k'
+                # should be at most one and only one mapping to 'k'
 
                 parent = aq_parent( self )
                 info = parent.searchPrincipals( id=k, exact_match=True )
-                # This assertion used to be == 1. However, if a user
-                # is deleted, this would break the whole plugin.
-                # So that can't be right. Now checking that is is
-                # instead less than two.
-                assert( len( info ) < 2 )
-                if info:
-                    result.append( ( k, info[0].get( 'title', k ) ) )
-        
+                assert( len( info ) in ( 0, 1 ) )
+                if len( info ) == 0:
+                    title = '<%s: not found>' % k
+                else:
+                    title = info[0].get( 'title', k )
+                result.append( ( k, title ) )
+
         return result
 
     security.declareProtected( ManageUsers, 'assignRoleToPrincipal' )
@@ -378,7 +378,7 @@
             message = 'no+roles+selected'
 
         else:
-        
+
             for role_id in role_ids:
                 self.removeRole( role_id )
 
@@ -423,7 +423,7 @@
         """ Remove a role from one or more principals via the ZMI.
         """
         removed = []
-        
+
         for principal_id in principal_ids:
             if self.removeRoleFromPrincipal( role_id, principal_id ):
                 removed.append( principal_id )


=== Products/PluggableAuthService/plugins/ZODBUserManager.py 1.4 => 1.4.2.1 ===
--- Products/PluggableAuthService/plugins/ZODBUserManager.py:1.4	Mon Aug 30 09:22:41 2004
+++ Products/PluggableAuthService/plugins/ZODBUserManager.py	Tue Aug 31 10:41:43 2004
@@ -18,7 +18,7 @@
 """
 import sha
 
-from AccessControl import ClassSecurityInfo
+from AccessControl import ClassSecurityInfo, AuthEncoding
 from AccessControl.SecurityManagement import getSecurityManager
 from App.class_init import default__class_init__ as InitializeClass
 from BTrees.OOBTree import OOBTree
@@ -91,9 +91,15 @@
             return (None, None)
 
         userid = self._login_to_userid.get( login, login )
+        reference = self._user_passwords[ userid ]
+        if AuthEncoding.is_encrypted( reference ):
+            if AuthEncoding.pw_validate( reference, password ):
+                return userid, login
+
+        # Support previous naive behavior
         digested = sha.sha( password ).hexdigest()
-        
-        if self._user_passwords.get( userid ) == digested:
+
+        if reference == digested:
             return userid, login
 
         return (None, None)
@@ -225,7 +231,7 @@
         if self._login_to_userid.get( login_name ) is not None:
             raise KeyError, 'Duplicate login name: %s' % login_name
 
-        self._user_passwords[ user_id ] = sha.sha( password ).hexdigest()
+        self._user_passwords[ user_id ] = AuthEncoding.pw_encrypt( password )
         self._login_to_userid[ login_name ] = user_id
         self._userid_to_login[ user_id ] = login_name
 
@@ -255,7 +261,7 @@
             self._userid_to_login[ user_id ] = login_name
 
         if password:
-            digested = sha.sha( password ).hexdigest()
+            digested = AuthEncoding.pw_encrypt( password )
             self._user_passwords[ user_id ] = digested
 
     #



More information about the Zope-CVS mailing list