AW: [Zope3-Users] efficiency of PAU authentication

nixon ni nxnth at yahoo.com.cn
Tue May 6 20:46:13 EDT 2008 

I write some code to realize session-cache RDB authentication.
RDBPluggableAuthentication is a new PAU, which works well after my testing.

class RDBPluggableAuthentication(PluggableAuthentication):
	"""new session-cache PluggableAuthentication"""
	
	def authenticate(self, request):
		authenticatorPlugins = [p for n, p in self.getAuthenticatorPlugins()]
		for name, credplugin in self.getCredentialsPlugins():
			credentials = credplugin.extractCredentials(request)
			for authplugin in authenticatorPlugins:
				if authplugin is None:
				    continue
				authplugin._v_sessdata = ISession(request)['mn.authcache'] #in order to
get sessionData
				return authplugin.authenticateCredentials(credentials)
		return None
	def getPrincipal(self, id):
		if not id.startswith(self.prefix):
			next = queryNextUtility(self, IAuthentication)
			if next is None:
				raise PrincipalLookupError(id)
			return next.getPrincipal(id)
		raise PrincipalLookupError(id) #ok for groups checking, not sure for other
invokers

class RDBAuthenticator(SQLexec):
	"""select login, pwd, name, role from tuser where login=<dtml-sqlvar login
type="string">;"""
	implements(IAuthenticatorPlugin)
	
	def __init__(self, prefix = ''):
		self.prefix = prefix
		self._v_sessdata = None
	
	def authenticateCredentials(self, credentials):
		if not (credentials and 'login' in credentials and 'password' in
credentials):
			return
		login, password = credentials['login'], credentials['password']
		prin_cache = self._v_sessdata and self._v_sessdata.get('principal', None)
		if prin_cache and prin_cache.id[len(self.prefix):] == login and
getattr(prin_cache, 'pwd', None) == password:
			return prin_cache
		result = self.execute(self.__doc__, login=login)
		if not result:
			return
		usr = result[0]
		if password != usr.pwd.strip():
			return
		prin = RDBPrincipal(self.prefix + login, usr.name, usr.name)
		prin.pwd = password
		prin.groups.extend(usr.role.split(','))
		self._v_sessdata['principal'] = prin
		return prin
			
	def principalInfo(self, id):
		pass #no invoking from getPrincipal
		
class RDBPrincipal(Persistent, Principal):
	groups = PersistentList()

-- 
View this message in context: http://www.nabble.com/efficiency-of-PAU-authentication-tp16972305p17093684.html
Sent from the Zope3 - users mailing list archive at Nabble.com.

More information about the Zope3-users mailing list