[CalendarServer-changes] [2106]
CalendarServer/branches/release/CalendarServer-1.2-dev/twistedcaldav
/directory
source_changes at macosforge.org
source_changes at macosforge.org
Fri Jan 11 13:19:39 PST 2008
Revision: 2106
http://trac.macosforge.org/projects/calendarserver/changeset/2106
Author: wsanchez at apple.com
Date: 2008-01-11 13:19:38 -0800 (Fri, 11 Jan 2008)
Log Message:
-----------
Pull up auth caching: r2079 r2102 r2105
Modified Paths:
--------------
CalendarServer/branches/release/CalendarServer-1.2-dev/twistedcaldav/directory/appleopendirectory.py
CalendarServer/branches/release/CalendarServer-1.2-dev/twistedcaldav/directory/test/util.py
Modified: CalendarServer/branches/release/CalendarServer-1.2-dev/twistedcaldav/directory/appleopendirectory.py
===================================================================
--- CalendarServer/branches/release/CalendarServer-1.2-dev/twistedcaldav/directory/appleopendirectory.py 2008-01-11 21:17:40 UTC (rev 2105)
+++ CalendarServer/branches/release/CalendarServer-1.2-dev/twistedcaldav/directory/appleopendirectory.py 2008-01-11 21:19:38 UTC (rev 2106)
@@ -764,12 +764,25 @@
def verifyCredentials(self, credentials):
if isinstance(credentials, UsernamePassword):
+ # Check cached password
try:
- return opendirectory.authenticateUserBasic(self.service.directory, self._nodename, self.shortName, credentials.password)
+ if credentials.password == self.password:
+ return True
+ except AttributeError:
+ pass
+
+ # Check with directory services
+ try:
+ if opendirectory.authenticateUserBasic(self.service.directory, self._nodename, self.shortName, credentials.password):
+ # Cache the password to avoid future DS queries
+ self.password = credentials.password
+ return True
except opendirectory.ODError, e:
logging.err("Open Directory (node=%s) error while performing basic authentication for user %s: %s"
- % (self.service.realmName, self.shortName, e), system="OpenDirectoryService")
- return False
+ % (self.service.realmName, self.shortName, e), system="OpenDirectoryService")
+
+ return False
+
elif isinstance(credentials, DigestedCredentials):
try:
# We need a special format for the "challenge" and "response" strings passed into open directory, as it is
@@ -788,14 +801,28 @@
% (self.service.realmName, self.shortName, e, credentials.fields), system="OpenDirectoryService")
return False
- return opendirectory.authenticateUserDigest(
+ if self.digestcache[credentials.fields["uri"]] == response:
+ return True
+ except (AttributeError, KeyError):
+ pass
+
+ try:
+ if opendirectory.authenticateUserDigest(
self.service.directory,
self._nodename,
self.shortName,
challenge,
response,
credentials.method
- )
+ ):
+ try:
+ cache = self.digestcache
+ except AttributeError:
+ cache = self.digestcache = {}
+
+ cache[credentials.fields["uri"]] = response
+
+ return True
except opendirectory.ODError, e:
logging.err("Open Directory (node=%s) error while performing digest authentication for user %s: %s"
% (self.service.realmName, self.shortName, e), system="OpenDirectoryService")
Modified: CalendarServer/branches/release/CalendarServer-1.2-dev/twistedcaldav/directory/test/util.py
===================================================================
--- CalendarServer/branches/release/CalendarServer-1.2-dev/twistedcaldav/directory/test/util.py 2008-01-11 21:17:40 UTC (rev 2105)
+++ CalendarServer/branches/release/CalendarServer-1.2-dev/twistedcaldav/directory/test/util.py 2008-01-11 21:19:38 UTC (rev 2106)
@@ -297,39 +297,48 @@
service = self.service()
for user in self.users:
- userRecord = service.recordWithShortName(DirectoryService.recordType_users, user)
+ for good in (True, True, False, False, True):
+ userRecord = service.recordWithShortName(DirectoryService.recordType_users, user)
- # I'm glad this is so simple...
- response = calcResponse(
- calcHA1(
+ # I'm glad this is so simple...
+ response = calcResponse(
+ calcHA1(
+ "md5",
+ user,
+ service.realmName,
+ self.users[user]["password"],
+ "booger",
+ "phlegm",
+ ),
"md5",
- user,
- service.realmName,
- self.users[user]["password"],
"booger",
+ None,
"phlegm",
- ),
- "md5",
- "booger",
- None,
- "phlegm",
- "auth",
- "GET",
- "/",
- None,
- )
+ "auth",
+ "GET",
+ "/",
+ None,
+ )
- credentials = DigestedCredentials(
- user,
- "GET",
- service.realmName,
- {
- "response": response,
- "uri": "/",
- "nonce": "booger",
- "cnonce": "phlegm",
- "nc": None,
- },
- )
+ if good:
+ noise = ""
+ else:
+ noise = "blah"
- self.failUnless(userRecord.verifyCredentials(credentials))
+ credentials = DigestedCredentials(
+ user,
+ "GET",
+ service.realmName,
+ {
+ "response": response,
+ "uri": "/",
+ "nonce": "booger" + noise,
+ "cnonce": "phlegm",
+ "nc": None,
+ },
+ )
+
+ if good:
+ self.failUnless(userRecord.verifyCredentials(credentials))
+ else:
+ self.failIf(userRecord.verifyCredentials(credentials))
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20080111/751c34f0/attachment-0001.html
More information about the calendarserver-changes
mailing list