[CalendarServer-changes] [12141] twext/trunk/twext/who/opendirectory/service.py
source_changes at macosforge.org
source_changes at macosforge.org
Wed Mar 12 11:19:58 PDT 2014
Revision: 12141
http://trac.calendarserver.org//changeset/12141
Author: wsanchez at apple.com
Date: 2013-12-18 19:09:42 -0800 (Wed, 18 Dec 2013)
Log Message:
-----------
Cleanup auth
Modified Paths:
--------------
twext/trunk/twext/who/opendirectory/service.py
Modified: twext/trunk/twext/who/opendirectory/service.py
===================================================================
--- twext/trunk/twext/who/opendirectory/service.py 2013-12-19 02:27:55 UTC (rev 12140)
+++ twext/trunk/twext/who/opendirectory/service.py 2013-12-19 03:09:42 UTC (rev 12141)
@@ -622,50 +622,64 @@
record = self._getUserRecord(credentials.username)
- if record is not None:
+ if record is None:
+ return fail(UnauthorizedLogin("No such user"))
- if IUsernamePassword.providedBy(credentials):
- result, error = record.verifyPassword_error_(
- credentials.password, None
- )
- if not error and result:
- return succeed(self._adaptODRecord(record))
+ if IUsernamePassword.providedBy(credentials):
+ result, error = record.verifyPassword_error_(
+ credentials.password, None
+ )
- elif isinstance(credentials, DigestedCredentials):
- try:
- credentials.fields.setdefault("algorithm", "md5")
- challenge = (
- 'Digest realm="{realm}", nonce="{nonce}", '
- 'algorithm={algorithm}'
- .format(**credentials.fields)
- )
- response = credentials.fields["response"]
- except KeyError as e:
- self.log.error(
- "Error authenticating against OpenDirectory: "
- "missing digest response field {field!r} in "
- "{credentials.fields!r}",
- field=e.args[0], credentials=credentials
- )
- return fail(UnauthorizedLogin())
+ if error:
+ return fail(UnauthorizedLogin(error))
- result, m1, m2, error = record.verifyExtendedWithAuthenticationType_authenticationItems_continueItems_context_error_(
- "dsAuthMethodStandard:dsAuthNodeDIGEST-MD5",
- [
- credentials.username,
- challenge,
- response,
- credentials.method,
- ],
- None, None, None
+ if result:
+ return succeed(self._adaptODRecord(record))
+
+ elif isinstance(credentials, DigestedCredentials):
+ try:
+ credentials.fields.setdefault("algorithm", "md5")
+ challenge = (
+ 'Digest realm="{realm}", nonce="{nonce}", '
+ 'algorithm={algorithm}'
+ .format(**credentials.fields)
)
+ response = credentials.fields["response"]
- if not error and result:
- return succeed(self._adaptODRecord(record))
+ except KeyError as e:
+ self.log.error(
+ "Error authenticating against OpenDirectory: "
+ "missing digest response field {field!r} in "
+ "{credentials.fields!r}",
+ field=e.args[0], credentials=credentials
+ )
+ return fail(UnauthorizedLogin("Invalid digest challenge"))
- return fail(UnauthorizedLogin())
+ result, m1, m2, error = record.verifyExtendedWithAuthenticationType_authenticationItems_continueItems_context_error_(
+ "dsAuthMethodStandard:dsAuthNodeDIGEST-MD5",
+ [
+ credentials.username,
+ challenge,
+ response,
+ credentials.method,
+ ],
+ None, None, None
+ )
+ if error:
+ return fail(UnauthorizedLogin(error))
+ if result:
+ return succeed(self._adaptODRecord(record))
+
+ else:
+ return fail(UnauthorizedLogin(
+ "Unknown credentials type: {0}".format(type(credentials))
+ ))
+
+ return fail(UnauthorizedLogin("Unknown authorization failure"))
+
+
class CustomDigestCredentialFactory(DigestCredentialFactory):
"""
DigestCredentialFactory without qop, to interop with OD.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20140312/e56eea00/attachment.html>
More information about the calendarserver-changes
mailing list