[CalendarServer-changes] [12223] twext/trunk/twext/who
source_changes at macosforge.org
source_changes at macosforge.org
Wed Mar 12 11:15:56 PDT 2014
Revision: 12223
http://trac.calendarserver.org//changeset/12223
Author: wsanchez at apple.com
Date: 2014-01-02 18:23:19 -0800 (Thu, 02 Jan 2014)
Log Message:
-----------
Work on OD digest
Modified Paths:
--------------
twext/trunk/twext/who/checker.py
twext/trunk/twext/who/opendirectory/__init__.py
twext/trunk/twext/who/opendirectory/_service.py
twext/trunk/twext/who/test/auth_resource.rpy
Modified: twext/trunk/twext/who/checker.py
===================================================================
--- twext/trunk/twext/who/checker.py 2014-01-03 01:55:45 UTC (rev 12222)
+++ twext/trunk/twext/who/checker.py 2014-01-03 02:23:19 UTC (rev 12223)
@@ -135,75 +135,3 @@
returnValue(record)
raise UnauthorizedLogin("Incorrect password")
-
-
-
-
-
-# class Yuck(object):
-# def requestAvatarId(self, credentials):
-# odRecord = self._getUserRecord(credentials.username)
-
-# if odRecord is None:
-# return fail(UnauthorizedLogin("No such user"))
-
-# if isinstance(credentials, DigestedCredentials):
-# try:
-# credentials.fields.setdefault("algorithm", "md5")
-# challenge = (
-# 'Digest realm="{realm}", nonce="{nonce}", '
-# 'algorithm={algorithm}'
-# .format(**credentials.fields)
-# )
-# response = credentials.fields["response"]
-
-# except KeyError as e:
-# self.log.error(
-# "Error authenticating against OpenDirectory: "
-# "missing digest response field {field!r} in "
-# "{credentials.fields!r}",
-# field=e.args[0], credentials=credentials
-# )
-# return fail(UnauthorizedLogin("Invalid digest challenge"))
-
-# result, m1, m2, error = odRecord.verifyExtendedWithAuthenticationType_authenticationItems_continueItems_context_error_(
-# u"dsAuthMethodStandard:dsAuthNodeDIGEST-MD5",
-# [
-# credentials.username,
-# challenge,
-# response,
-# credentials.method,
-# ],
-# None, None, None
-# )
-
-# if error:
-# return fail(UnauthorizedLogin(error))
-
-# if result:
-# return succeed(DirectoryRecord(self, odRecord))
-
-# else:
-# return fail(UnauthorizedLogin(
-# "Unknown credentials type: {0}".format(type(credentials))
-# ))
-
-# return fail(UnauthorizedLogin("Unknown authorization failure"))
-
-
-
-
-
-
-
-# from twisted.web.guard import DigestCredentialFactory
-
-# class CustomDigestCredentialFactory(DigestCredentialFactory):
-# """
-# DigestCredentialFactory without qop, to interop with OD.
-# """
-
-# def getChallenge(self, address):
-# result = DigestCredentialFactory.getChallenge(self, address)
-# del result["qop"]
-# return result
Modified: twext/trunk/twext/who/opendirectory/__init__.py
===================================================================
--- twext/trunk/twext/who/opendirectory/__init__.py 2014-01-03 01:55:45 UTC (rev 12222)
+++ twext/trunk/twext/who/opendirectory/__init__.py 2014-01-03 02:23:19 UTC (rev 12223)
@@ -25,6 +25,7 @@
"OpenDirectoryDataError",
"DirectoryService",
"DirectoryRecord",
+ "NoQOPDigestCredentialFactory",
]
@@ -32,4 +33,5 @@
OpenDirectoryError, OpenDirectoryConnectionError, OpenDirectoryQueryError,
OpenDirectoryDataError,
DirectoryService,
+ NoQOPDigestCredentialFactory,
)
Modified: twext/trunk/twext/who/opendirectory/_service.py
===================================================================
--- twext/trunk/twext/who/opendirectory/_service.py 2014-01-03 01:55:45 UTC (rev 12222)
+++ twext/trunk/twext/who/opendirectory/_service.py 2014-01-03 02:23:19 UTC (rev 12223)
@@ -25,6 +25,7 @@
from twisted.python.constants import Names, NamedConstant
from twisted.internet.defer import succeed, fail
+from twisted.web.guard import DigestCredentialFactory
from twext.python.log import Logger
@@ -584,13 +585,39 @@
)
)
+ print("username = {0!r}".format(username))
+ print("realm = {0!r}".format(realm))
+ print("uri = {0!r}".format(uri))
+ print("nonce = {0!r}".format(nonce))
+ print("cnonce = {0!r}".format(cnonce))
+ print("algorithm = {0!r}".format(algorithm))
+ print("nc = {0!r}".format(nc))
+ print("qop = {0!r}".format(qop))
+ print("response = {0!r}".format(response))
+ print("method = {0!r}".format(method))
+ print("challenge = {0!r}".format(challenge))
+
result, m1, m2, error = self._odRecord.verifyExtendedWithAuthenticationType_authenticationItems_continueItems_context_error_(
- ODAuthMethod.digestMD5.value
+ ODAuthMethod.digestMD5.value,
[username, challenge, response, method],
None, None, None
)
+ print(result, m1, m2, error)
+
if error:
return False
return result
+
+
+
+class NoQOPDigestCredentialFactory(DigestCredentialFactory):
+ """
+ DigestCredentialFactory without qop, to interop with OD.
+ """
+
+ def getChallenge(self, address):
+ result = DigestCredentialFactory.getChallenge(self, address)
+ del result["qop"]
+ return result
Modified: twext/trunk/twext/who/test/auth_resource.rpy
===================================================================
--- twext/trunk/twext/who/test/auth_resource.rpy 2014-01-03 01:55:45 UTC (rev 12222)
+++ twext/trunk/twext/who/test/auth_resource.rpy 2014-01-03 02:23:19 UTC (rev 12223)
@@ -20,13 +20,15 @@
from twisted.web.resource import IResource
from twisted.web.guard import (
HTTPAuthSessionWrapper,
- # BasicCredentialFactory,
- DigestCredentialFactory,
+ BasicCredentialFactory,
+ # DigestCredentialFactory,
)
from twisted.web.static import Data
-from twext.who.test.test_xml import xmlService as DirectoryService
-# from twext.who.checker import UsernamePasswordCredentialChecker
+# from twext.who.test.test_xml import xmlService as DirectoryService
+from twext.who.opendirectory import DirectoryService
+from twext.who.opendirectory import NoQOPDigestCredentialFactory as DigestCredentialFactory
+from twext.who.checker import UsernamePasswordCredentialChecker
from twext.who.checker import HTTPDigestCredentialChecker
@@ -42,7 +44,8 @@
-directory = DirectoryService("/tmp/auth.xml")
+# directory = DirectoryService("/tmp/auth.xml")
+directory = DirectoryService()
checkers = [
HTTPDigestCredentialChecker(directory),
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20140312/52878de9/attachment.html>
More information about the calendarserver-changes
mailing list