[CalendarServer-changes] [4325] CalendarServer/trunk

source_changes at macosforge.org source_changes at macosforge.org
Thu Jun 4 10:42:14 PDT 2009


Revision: 4325
          http://trac.macosforge.org/projects/calendarserver/changeset/4325
Author:   sagen at apple.com
Date:     2009-06-04 10:42:13 -0700 (Thu, 04 Jun 2009)
Log Message:
-----------
Rather than use a second instance of AuthenticationWrapper around /inbox (which breaks Depth:1 PROPFINDs of /, make the AuthenticationWrapper implementation more flexible, allowing per-resource-path configuration of credential factories.

Modified Paths:
--------------
    CalendarServer/trunk/calendarserver/tap/caldav.py
    CalendarServer/trunk/twistedcaldav/resource.py

Modified: CalendarServer/trunk/calendarserver/tap/caldav.py
===================================================================
--- CalendarServer/trunk/calendarserver/tap/caldav.py	2009-06-04 16:56:16 UTC (rev 4324)
+++ CalendarServer/trunk/calendarserver/tap/caldav.py	2009-06-04 17:42:13 UTC (rev 4325)
@@ -65,7 +65,7 @@
 from twistedcaldav.accesslog import AMPCommonAccessLoggingObserver
 from twistedcaldav.config import config, defaultConfig, defaultConfigFile
 from twistedcaldav.config import ConfigurationError
-from twistedcaldav.resource import CalDAVResource
+from twistedcaldav.resource import CalDAVResource, AuthenticationWrapper
 from twistedcaldav.directory.digest import QopDigestCredentialFactory
 from twistedcaldav.directory.principal import DirectoryPrincipalProvisioningResource
 from twistedcaldav.directory.aggregate import AggregateDirectoryService
@@ -626,16 +626,9 @@
             self.log_info("Setting up iMIP inbox resource: %r"
                           % (self.imipResourceClass,))
 
-            # This resource uses the digestCredentialFactory no matter
-            # what the overall server authentication settings are.
-            root.putChild("inbox",
-                auth.AuthenticationWrapper(
-                    self.imipResourceClass(root),
-                    portal,
-                    (digestCredentialFactory,),
-                    (auth.IPrincipal,),
-                )
-            )
+            # The authenticationWrapper below will be configured to always
+            # allow digest auth on /inbox
+            root.putChild("inbox", self.imipResourceClass(root))
 
         #
         # WebCal
@@ -672,11 +665,14 @@
 
         self.log_info("Configuring authentication wrapper")
 
-        authWrapper = auth.AuthenticationWrapper(
+        authWrapper = AuthenticationWrapper(
             root,
             portal,
             credentialFactories,
             (auth.IPrincipal,),
+            overrides = {
+                "/inbox" : (digestCredentialFactory,),
+            }
         )
 
         logWrapper = DirectoryLogWrapperResource(

Modified: CalendarServer/trunk/twistedcaldav/resource.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/resource.py	2009-06-04 16:56:16 UTC (rev 4324)
+++ CalendarServer/trunk/twistedcaldav/resource.py	2009-06-04 17:42:13 UTC (rev 4325)
@@ -38,6 +38,7 @@
 from twisted.internet.defer import inlineCallbacks, returnValue
 from twisted.web2 import responsecode
 from twisted.web2.dav import davxml
+from twisted.web2.dav.auth import AuthenticationWrapper as SuperAuthenticationWrapper
 from twisted.web2.dav.davxml import dav_namespace
 from twisted.web2.dav.idav import IDAVPrincipalCollectionResource
 from twisted.web2.dav.resource import AccessDeniedError, DAVPrincipalCollectionResource
@@ -1006,6 +1007,34 @@
         return None
 
 
+class AuthenticationWrapper(SuperAuthenticationWrapper):
+
+    """ AuthenticationWrapper implementation which allows overriding
+        credentialFactories on a per-resource-path basis """
+
+    def __init__(self, resource, portal, credentialFactories, loginInterfaces,
+        overrides=None):
+
+        super(AuthenticationWrapper, self).__init__(resource, portal,
+            credentialFactories, loginInterfaces)
+
+        self.overrides = {}
+        if overrides:
+            for path, factories in overrides.iteritems():
+                self.overrides[path] = dict([(factory.scheme, factory)
+                    for factory in factories])
+
+    def hook(self, req):
+        """ Uses the default credentialFactories unless the request is for
+            one of the overridden paths """
+
+        super(AuthenticationWrapper, self).hook(req)
+
+        factories = self.overrides.get(req.path.rstrip("/"),
+            self.credentialFactories)
+        req.credentialFactories = factories
+
+
 ##
 # Utilities
 ##
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20090604/45388107/attachment.html>


More information about the calendarserver-changes mailing list