[CalendarServer-changes] [4802] CalendarServer/branches/release/CalendarServer-2.4-dev

source_changes at macosforge.org source_changes at macosforge.org
Mon Nov 23 21:29:12 PST 2009


Revision: 4802
          http://trac.macosforge.org/projects/calendarserver/changeset/4802
Author:   glyph at apple.com
Date:     2009-11-23 21:29:09 -0800 (Mon, 23 Nov 2009)
Log Message:
-----------
Pulled up r4797 and r4799 from trunk.

Revision Links:
--------------
    http://trac.macosforge.org/projects/calendarserver/changeset/4797
    http://trac.macosforge.org/projects/calendarserver/changeset/4799

Modified Paths:
--------------
    CalendarServer/branches/release/CalendarServer-2.4-dev/calendarserver/provision/root.py

Property Changed:
----------------
    CalendarServer/branches/release/CalendarServer-2.4-dev/


Property changes on: CalendarServer/branches/release/CalendarServer-2.4-dev
___________________________________________________________________
Modified: svn:mergeinfo
   - /CalendarServer/branches/users/sagen/resource-delegates-4038:4040-4067
/CalendarServer/branches/users/sagen/resource-delegates-4066:4068-4075
/CalendarServer/trunk:4439-4440,4448,4450,4464,4473-4475,4602,4711-4712,4716-4717,4722,4739-4742,4748-4752,4758,4760,4762,4773,4782,4784,4787,4789
   + /CalendarServer/branches/users/sagen/resource-delegates-4038:4040-4067
/CalendarServer/branches/users/sagen/resource-delegates-4066:4068-4075
/CalendarServer/trunk:4439-4440,4448,4450,4464,4473-4475,4602,4711-4712,4716-4717,4722,4739-4742,4748-4752,4758,4760,4762,4773,4782,4784,4787,4789,4797,4799

Modified: CalendarServer/branches/release/CalendarServer-2.4-dev/calendarserver/provision/root.py
===================================================================
--- CalendarServer/branches/release/CalendarServer-2.4-dev/calendarserver/provision/root.py	2009-11-24 05:13:25 UTC (rev 4801)
+++ CalendarServer/branches/release/CalendarServer-2.4-dev/calendarserver/provision/root.py	2009-11-24 05:29:09 UTC (rev 4802)
@@ -162,7 +162,10 @@
         for filter in self.contentFilters:
             request.addResponseFilter(filter[0], atEnd=filter[1])
 
-        # Examine cookies for wiki auth token
+        # Examine cookies for wiki auth token; if there, ask the paired wiki
+        # server for the corresponding record name.  If that maps to a
+        # principal, assign that to authnuser.
+
         wikiConfig = config.Authentication.Wiki
         cookies = request.headers.getHeader("cookie")
         if wikiConfig["Enabled"] and cookies is not None:
@@ -178,62 +181,53 @@
                 proxy = Proxy(wikiConfig["URL"])
                 try:
                     username = (yield proxy.callRemote(wikiConfig["UserMethod"], token))
+                except Exception, e:
+                    log.error("Failed to look up wiki token (%s)" % (e,))
+                    username = None
+
+                if username is not None:
                     log.debug("Wiki lookup returned user: %s" % (username,))
+                    principal = None
                     directory = request.site.resource.getDirectory()
                     record = directory.recordWithShortName("users", username)
-                    if record is None:
-                        raise HTTPError(StatusResponse(
-                            responsecode.FORBIDDEN,
-                            "The username (%s) corresponding to your sessionID was not found by calendar server." % (username,)
-                        ))
-                    for collection in self.principalCollections():
-                        principal = collection.principalForRecord(record)
-                        if principal is not None:
-                            break
-                    else:
-                        # Can't find principal
-                        raise HTTPError(StatusResponse(
-                            responsecode.FORBIDDEN,
-                            "The principal corresponding to your username (%s) was not found by calendar server." % (username,)
-                        ))
+                    log.debug("Wiki user record for user %s : %s" % (username, record))
+                    if record:
+                        # Note: record will be None if it's a /Local/Default user
+                        for collection in self.principalCollections():
+                            principal = collection.principalForRecord(record)
+                            if principal is not None:
+                                break
 
-                    request.authzUser = request.authnUser = davxml.Principal(
-                        davxml.HRef.fromString("/principals/__uids__/%s/" % (record.guid,))
-                    )
+                    if principal:
+                        log.debug("Found wiki principal and setting authnuser and authzuser")
+                        request.authzUser = request.authnUser = davxml.Principal(
+                            davxml.HRef.fromString("/principals/__uids__/%s/" % (record.guid,))
+                        )
 
-                    if not isinstance(principal, DirectoryCalendarPrincipalResource):
-                        # Not enabled for calendaring, so use the wiki principal as authzUser if the resource is within
-                        # a wiki.  Examining the request path to determine this:
-                        path = request.prepath
-                        if len(path) > 2 and path[0] in ("principals", "calendars"):
-                            wikiName = None
-                            if path[1] == "wikis":
-                                wikiName = path[2]
-                            elif path[1] == "__uids__" and path[2].startswith("wiki-"):
-                                wikiName = path[2][5:]
-                            if wikiName:
-                                log.debug("Using %s wiki as authzUser instead of %s" % (wikiName, username))
-                                request.authzUser = davxml.Principal(
-                                    davxml.HRef.fromString("/principals/wikis/%s/" % (wikiName,))
-                                )
+        # We don't want the /inbox resource to pay attention to SACLs because
+        # we just want it to use the hard-coded ACL for the imip reply user.
+        # The /timezones resource is used by the wiki web calendar, so open
+        # up that resource.
+        if segments[0] in ("inbox", "timezones"):
+            request.checkedSACL = True
 
-                    child = (yield super(RootResource, self).locateChild(request, segments))
-                    returnValue(child)
+        elif (len(segments) > 2 and (segments[1] == "wikis" or
+            (segments[1] == "__uids__" and segments[2].startswith("wiki-")))):
 
-                # FIXME: should catch something more specific than Exception
-                except Exception, e:
-                    log.warn("Wiki lookup returned ERROR: %s" % (e,))
-                    raise HTTPError(StatusResponse(
-                        responsecode.FORBIDDEN,
-                        "Your sessionID was rejected by the authenticating wiki server."
-                    ))
-
-
-        # We don't want the /inbox resource to pay attention to SACLs because
-        # we just want it to use the hard-coded ACL for the imip reply user
-        if segments[0] == "inbox":
+            # This is a wiki-related resource. SACLs are not checked.
             request.checkedSACL = True
 
+            # The authzuser value is set to that of the wiki principal.
+            wikiName = None
+            if segments[1] == "wikis":
+                wikiName = segments[2]
+            else:
+                wikiName = segments[2][5:]
+            if wikiName:
+                request.authzUser = davxml.Principal(
+                    davxml.HRef.fromString("/principals/wikis/%s/" % (wikiName,))
+                )
+
         elif self.useSacls and not hasattr(request, "checkedSACL") and not hasattr(request, "checkingSACL"):
             yield self.checkSacl(request)
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20091123/60be07cb/attachment-0001.html>


More information about the calendarserver-changes mailing list