[Grok-dev] grok 1.2 and session based auth.

Shrek Zhou zgwmike at gmail.com
Wed Nov 3 21:30:18 EDT 2010 

Hi, Jerrfey,
I did that before I sent the mail. and I noticed that,
in .buildout/eggs/zope.app.publication-3.12.0-py2.6.egg/zope/app/publication/zopepublication.py(89),
the following func is called, which just get IAuthentication Utility from
global site manager.

def beforeTraversal(self, request):
        notify(StartRequestEvent(request))
        # Try to authenticate against the root authentication utility.
        auth = zope.component.getGlobalSiteManager().getUtility(
            zope.authentication.interfaces.IAuthentication)
        principal = auth.authenticate(request)
        if principal is None:
            principal = auth.unauthenticatedPrincipal()
            if principal is None:
                # Get the fallback unauthenticated principal
                principal = zope.component.getUtility(
                    IFallbackUnauthenticatedPrincipal)

        request.setPrincipal(principal)
        newInteraction(request)
        transaction.begin()
ps:

*And code snippet of app.py*
class Bada(grok.Application, grok.Container):
    grok.implements(IBada)
    grok.local_utility(auth.UserAuthenticatorPlugin,
                       provides=IAuthenticatorPlugin,
                       name='users')
    grok.local_utility(PluggableAuthentication,provides=IAuthentication,
                       setup=auth.setup_authentication,
                       )
*And code snippet of auth.py*
def setup_authentication(pau):
    pau.credentialsPlugins=['credentials']
    pau.authenticatorPlugins=['users']

class Account(grok.Model):
    def __init__(self,name,password,real_name,role):
        self.name=name
        self.real_name=real_name
        self.role=role
        self.setPassword(password)
    def setPassword(self,password):
        passwordManager=getUtility(IPasswordManager,'SHA1')
        self.password=passwordManager.encodePassword(password)
    def checkPassword(self,password):
        passwordManager=getUtility(IPasswordManager,'SHA1')
        return passwordManager.checkPassword(self.password,password)
class UserFolder(grok.Container):
    pass
class
MySessionCredentialsPlugin(grok.GlobalUtility,SessionCredentialsPlugin):
    grok.provides(ICredentialsPlugin)
    grok.name("credentials")

    loginpagename="login"
    loginfield='login'
    passwordfield='password'

class PrincipalInfo(object):
    grok.implements(IPrincipalInfo)
    def __init__(self,id,title,description):
        self.id=id
        self.title=title
        self.description=description
        self.credentialsPlugin=None
        self.authenticatorPlugin=None
class UserAuthenticatorPlugin(grok.LocalUtility):
    grok.implements(IAuthenticatorPlugin)
    grok.name('users')

    def __init__(self):
        self.user_folder=UserFolder()
    def authenticateCredentials(self,credentials):
        if not isinstance(credentials,dict):
            return None
        if not ('login' in credentials and 'password' in credentials):
            return None
        account=self.getAccount(credentials['login'])
        if account is None:
            return None
        if not account.checkPassword(credentials['password']):
            return None
        return PrincipalInfo(id=account.name,
                             title=account.real_name,
                             description=account.real_name
                             )
    def principalInfo(self,id):
        account=self.getAccount(id)
        if account is None:
            return None
        return PrincialInfo(id=account.name,
                            title=account.real_name,
                            description=account.real_name
                            )
    def getAccount(self,login):
        return login in self.user_folder and self.user_folder[login] or None
    def addUser(self,username,password,real_name,role,**kwargw):
        import pdb;pdb.set_trace()
        if username not in self.user_folder:
            user=Account(username,password,real_name,role)
            self.user_folder[username]=user
            role_manager=IPrincipalRoleManager(grok.getSite())
            permission_manager=IPrincipalPermissionManager(grok.getSite())
            #TODO: do role or permission assigning here.
            permission_manager.grantPermissionToPrincipal('zope.View',
user.name)

class ILoginForm(Interface):
    login=schema.BytesLine(title=_(u'Username'),required=True)
    camefrom=schema.BytesLine(title=u'',required=False)
    password=schema.Password(title=_(u'Password'),required=True)

class Login(megrok.layout.Form):
    grok.context(Interface)
    grok.require('zope.Public')
    label='Login'
    prefix=''
    form_fields=grok.Fields(ILoginForm)

    def setUpWidgets(self,ignore_request=False):
        super(Login,self).setUpWidgets(ignore_request)
        self.widgets['camefrom'].type='hidden'
        self.widgets['login'].cssClass='title'
        self.widgets['password'].cssClass='title'

    @grok.action('Login')
    def handle_login(self,**data):
        import pdb;pdb.set_trace()

 self.redirect(self.request.form.get('camefrom',self.url(grok.getSite())))

class IAddUserForm(Interface):
    login=schema.BytesLine(title=_(u"Username"),required=True)
    password=schema.Password(title=_(u'Password'),required=True)
    confirm_password=schema.Password(title=_(u"Confirm password"),
                                     required=True)
    real_name=schema.TextLine(title=_(u'Real name'),required=True)
    role=schema.Choice(title=_(u'User role'),
                       values=[_(u'Bada Member'),_(u'Bada Master Account')],
                       required=True)

class AddUserForm(megrok.layout.Form):
    grok.context(Interface)
    grok.require('zope.Public')
    label=_('Register')
    form_fields=grok.Fields(IAddUserForm)
    @grok.action(_(u'Register'))
    def handle_add(self,**data):
        users=getUtility(IAuthenticatorPlugin,'users')

 users.addUser(data['login'],data['password'],data['real_name'],data['role'])
        self.redirect(self.url(grok.getSite()))

On Thu, Nov 4, 2010 at 1:49 AM, Jeffrey D Peterson <bgpete at gmail.com> wrote:

>  There is a bug, it’s been documented.
>
>
>
> You need to include zope.pluggableauth in your setup.py in install_requires
> and rerun buildout.  This will work around the bug.
>
>
>
> Hopefully that’s the issue, otherwise, we’ll have to look closer.
>
>
>
> --
>
> Jeffrey Peterson
>
> bgpete3 at gmail.com
>
>
>
> *From:* grok-dev-bounces at zope.org [mailto:grok-dev-bounces at zope.org] *On
> Behalf Of *Shrek Zhou
> *Sent:* Wednesday, November 03, 2010 12:01 PM
> *To:* grok-dev at zope.org
> *Subject:* [Grok-dev] grok 1.2 and session based auth.
>
>
>
> hi, grokkers,
>
>
>
> *My problem:*
>
> I can not use PluggableAuthenticationPlugin from zope.pluggableauth to do a
> session based auth.
>
>
>
> *Steps I took:*
>
> 1. added the following lines to my gork.Application:
>
>
>
>     grok.local_utility(auth.UserAuthenticatorPlugin,
>
>                        provides=IAuthenticatorPlugin,
>
>                        name='users')
>
>     grok.local_utility(PluggableAuthentication,provides=IAuthentication,
>
>                        setup=auth.setup_authentication,
>
>                        )
>
>
>
> 2. created corresponding authenticatorPlugin and credentialsPlugin, and add
> them to pau through setup_authentication.
>
>
>
> *Results*:
>
> The authentication utility is not called at all. only princialRegistry(from
> zope.principalregistry which is a globalsite utility that implements
> IAuthentication.) works.
>
>
>
> Expected:
>
> The local authentication utility should work and substitute the global one.
>
>
>
> *How can I fix the above problem??*
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/grok-dev/attachments/20101104/4f5316f3/attachment-0001.html

More information about the Grok-dev mailing list