[CalendarServer-changes] [3103] CalendarServer/branches/users/sagen/wikiauth-3100/twistedcaldav
source_changes at macosforge.org
source_changes at macosforge.org
Thu Oct 2 15:45:32 PDT 2008
Revision: 3103
http://trac.macosforge.org/projects/calendarserver/changeset/3103
Author: sagen at apple.com
Date: 2008-10-02 15:45:31 -0700 (Thu, 02 Oct 2008)
Log Message:
-----------
Checkpoint: user authentication using wiki sessionID cookie works
Modified Paths:
--------------
CalendarServer/branches/users/sagen/wikiauth-3100/twistedcaldav/config.py
CalendarServer/branches/users/sagen/wikiauth-3100/twistedcaldav/root.py
Modified: CalendarServer/branches/users/sagen/wikiauth-3100/twistedcaldav/config.py
===================================================================
--- CalendarServer/branches/users/sagen/wikiauth-3100/twistedcaldav/config.py 2008-10-02 18:31:03 UTC (rev 3102)
+++ CalendarServer/branches/users/sagen/wikiauth-3100/twistedcaldav/config.py 2008-10-02 22:45:31 UTC (rev 3103)
@@ -120,6 +120,12 @@
"Enabled": False,
"ServicePrincipal": ""
},
+ "Wiki": {
+ "Enabled": True,
+ "Cookie": "sessionID",
+ "URL": "http://sswiki.apple.com/RPC2",
+ "method": "userForSession",
+ },
},
#
Modified: CalendarServer/branches/users/sagen/wikiauth-3100/twistedcaldav/root.py
===================================================================
--- CalendarServer/branches/users/sagen/wikiauth-3100/twistedcaldav/root.py 2008-10-02 18:31:03 UTC (rev 3102)
+++ CalendarServer/branches/users/sagen/wikiauth-3100/twistedcaldav/root.py 2008-10-02 22:45:31 UTC (rev 3103)
@@ -27,6 +27,7 @@
from twisted.web2.dav import davxml
from twisted.web2.http import HTTPError, StatusResponse
from twisted.web2.auth.wrapper import UnauthorizedResponse
+from twisted.web.xmlrpc import Proxy
from twistedcaldav.extensions import DAVFile, CachingXattrPropertyStore
from twistedcaldav.config import config
@@ -169,6 +170,45 @@
for filter in self.contentFilters:
request.addResponseFilter(filter[0], atEnd=filter[1])
+
+ # Examine cookies for wiki auth token
+
+ def _validSessionID(username):
+ directory = request.site.resource.getDirectory()
+ record = directory.recordWithShortName("users", username)
+ if record is None:
+ raise HTTPError(StatusResponse(
+ responsecode.FORBIDDEN,
+ "The username (%s) corresponding to your sessionID was not found by calendar server." % (username,)
+ ))
+ request.authnUser = request.authzUser = davxml.Principal(
+ davxml.HRef.fromString("/principals/__uids__/%s/" % (record.guid,)))
+
+ def _invalidSessionID(error):
+ raise HTTPError(StatusResponse(
+ responsecode.FORBIDDEN,
+ "Your sessionID was rejected by the authenticating wiki server."
+ ))
+
+ wikiConfig = config.Authentication["Wiki"]
+ cookies = request.headers.getHeader('cookie')
+ if wikiConfig["Enabled"] and cookies is not None:
+ for cookie in cookies:
+ if cookie.name == wikiConfig["Cookie"]:
+ token = cookie.value
+ break
+ else:
+ token = None
+
+ if token is not None:
+ proxy = Proxy(wikiConfig["URL"])
+ d = proxy.callRemote(wikiConfig["method"], token).addCallbacks(
+ _validSessionID, _invalidSessionID)
+ d.addCallback(lambda _: super(RootResource, self
+ ).locateChild(request, segments))
+ return d
+
+
if self.useSacls and not hasattr(request, "checkedSACL") and not hasattr(request, "checkingSACL"):
d = self.checkSacl(request)
d.addCallback(lambda _: super(RootResource, self
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20081002/78adf8e4/attachment.html
More information about the calendarserver-changes
mailing list