[CalendarServer-changes] [12223] twext/trunk/twext/who

source_changes at macosforge.org source_changes at macosforge.org
Wed Mar 12 11:15:56 PDT 2014 

Revision: 12223
          http://trac.calendarserver.org//changeset/12223
Author:   wsanchez at apple.com
Date:     2014-01-02 18:23:19 -0800 (Thu, 02 Jan 2014)
Log Message:
-----------
Work on OD digest

Modified Paths:
--------------
    twext/trunk/twext/who/checker.py
    twext/trunk/twext/who/opendirectory/__init__.py
    twext/trunk/twext/who/opendirectory/_service.py
    twext/trunk/twext/who/test/auth_resource.rpy

Modified: twext/trunk/twext/who/checker.py
===================================================================
--- twext/trunk/twext/who/checker.py	2014-01-03 01:55:45 UTC (rev 12222)
+++ twext/trunk/twext/who/checker.py	2014-01-03 02:23:19 UTC (rev 12223)
@@ -135,75 +135,3 @@
             returnValue(record)
 
         raise UnauthorizedLogin("Incorrect password")
-
-
-
-
-
-# class Yuck(object):
-#     def requestAvatarId(self, credentials):
-#         odRecord = self._getUserRecord(credentials.username)
-
-#         if odRecord is None:
-#             return fail(UnauthorizedLogin("No such user"))
-
-#         if isinstance(credentials, DigestedCredentials):
-#             try:
-#                 credentials.fields.setdefault("algorithm", "md5")
-#                 challenge = (
-#                     'Digest realm="{realm}", nonce="{nonce}", '
-#                     'algorithm={algorithm}'
-#                     .format(**credentials.fields)
-#                 )
-#                 response = credentials.fields["response"]
-
-#             except KeyError as e:
-#                 self.log.error(
-#                     "Error authenticating against OpenDirectory: "
-#                     "missing digest response field {field!r} in "
-#                     "{credentials.fields!r}",
-#                     field=e.args[0], credentials=credentials
-#                 )
-#                 return fail(UnauthorizedLogin("Invalid digest challenge"))
-
-#             result, m1, m2, error = odRecord.verifyExtendedWithAuthenticationType_authenticationItems_continueItems_context_error_(
-#                 u"dsAuthMethodStandard:dsAuthNodeDIGEST-MD5",
-#                 [
-#                     credentials.username,
-#                     challenge,
-#                     response,
-#                     credentials.method,
-#                 ],
-#                 None, None, None
-#             )
-
-#             if error:
-#                 return fail(UnauthorizedLogin(error))
-
-#             if result:
-#                 return succeed(DirectoryRecord(self, odRecord))
-
-#         else:
-#             return fail(UnauthorizedLogin(
-#                 "Unknown credentials type: {0}".format(type(credentials))
-#             ))
-
-#         return fail(UnauthorizedLogin("Unknown authorization failure"))
-
-
-
-
-
-
-
-# from twisted.web.guard import DigestCredentialFactory
-
-# class CustomDigestCredentialFactory(DigestCredentialFactory):
-#     """
-#     DigestCredentialFactory without qop, to interop with OD.
-#     """
-
-#     def getChallenge(self, address):
-#         result = DigestCredentialFactory.getChallenge(self, address)
-#         del result["qop"]
-#         return result

Modified: twext/trunk/twext/who/opendirectory/__init__.py
===================================================================
--- twext/trunk/twext/who/opendirectory/__init__.py	2014-01-03 01:55:45 UTC (rev 12222)
+++ twext/trunk/twext/who/opendirectory/__init__.py	2014-01-03 02:23:19 UTC (rev 12223)
@@ -25,6 +25,7 @@
     "OpenDirectoryDataError",
     "DirectoryService",
     "DirectoryRecord",
+    "NoQOPDigestCredentialFactory",
 ]
 
 
@@ -32,4 +33,5 @@
     OpenDirectoryError, OpenDirectoryConnectionError, OpenDirectoryQueryError,
     OpenDirectoryDataError,
     DirectoryService,
+    NoQOPDigestCredentialFactory,
 )

Modified: twext/trunk/twext/who/opendirectory/_service.py
===================================================================
--- twext/trunk/twext/who/opendirectory/_service.py	2014-01-03 01:55:45 UTC (rev 12222)
+++ twext/trunk/twext/who/opendirectory/_service.py	2014-01-03 02:23:19 UTC (rev 12223)
@@ -25,6 +25,7 @@
 
 from twisted.python.constants import Names, NamedConstant
 from twisted.internet.defer import succeed, fail
+from twisted.web.guard import DigestCredentialFactory
 
 from twext.python.log import Logger
 
@@ -584,13 +585,39 @@
             )
         )
 
+        print("username = {0!r}".format(username))
+        print("realm = {0!r}".format(realm))
+        print("uri = {0!r}".format(uri))
+        print("nonce = {0!r}".format(nonce))
+        print("cnonce = {0!r}".format(cnonce))
+        print("algorithm = {0!r}".format(algorithm))
+        print("nc = {0!r}".format(nc))
+        print("qop = {0!r}".format(qop))
+        print("response = {0!r}".format(response))
+        print("method = {0!r}".format(method))
+        print("challenge = {0!r}".format(challenge))
+
         result, m1, m2, error = self._odRecord.verifyExtendedWithAuthenticationType_authenticationItems_continueItems_context_error_(
-            ODAuthMethod.digestMD5.value
+            ODAuthMethod.digestMD5.value,
             [username, challenge, response, method],
             None, None, None
         )
 
+        print(result, m1, m2, error)
+
         if error:
             return False
 
         return result
+
+
+
+class NoQOPDigestCredentialFactory(DigestCredentialFactory):
+    """
+    DigestCredentialFactory without qop, to interop with OD.
+    """
+
+    def getChallenge(self, address):
+        result = DigestCredentialFactory.getChallenge(self, address)
+        del result["qop"]
+        return result

Modified: twext/trunk/twext/who/test/auth_resource.rpy
===================================================================
--- twext/trunk/twext/who/test/auth_resource.rpy	2014-01-03 01:55:45 UTC (rev 12222)
+++ twext/trunk/twext/who/test/auth_resource.rpy	2014-01-03 02:23:19 UTC (rev 12223)
@@ -20,13 +20,15 @@
 from twisted.web.resource import IResource
 from twisted.web.guard import (
     HTTPAuthSessionWrapper,
-    # BasicCredentialFactory,
-    DigestCredentialFactory,
+    BasicCredentialFactory,
+    # DigestCredentialFactory,
 )
 from twisted.web.static import Data
 
-from twext.who.test.test_xml import xmlService as DirectoryService
-# from twext.who.checker import UsernamePasswordCredentialChecker
+# from twext.who.test.test_xml import xmlService as DirectoryService
+from twext.who.opendirectory import DirectoryService
+from twext.who.opendirectory import NoQOPDigestCredentialFactory as DigestCredentialFactory
+from twext.who.checker import UsernamePasswordCredentialChecker
 from twext.who.checker import HTTPDigestCredentialChecker
 
 
@@ -42,7 +44,8 @@
 
 
 
-directory = DirectoryService("/tmp/auth.xml")
+# directory = DirectoryService("/tmp/auth.xml")
+directory = DirectoryService()
 
 checkers = [
     HTTPDigestCredentialChecker(directory),
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20140312/52878de9/attachment.html>

More information about the calendarserver-changes mailing list