<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[12219] twext/trunk/twext/who</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.calendarserver.org//changeset/12219">12219</a></dd>
<dt>Author</dt> <dd>wsanchez@apple.com</dd>
<dt>Date</dt> <dd>2014-01-02 16:20:23 -0800 (Thu, 02 Jan 2014)</dd>
</dl>
<h3>Log Message</h3>
<pre>Go go gadget cred.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#twexttrunktwextwhodirectorypy">twext/trunk/twext/who/directory.py</a></li>
<li><a href="#twexttrunktwextwhoidirectorypy">twext/trunk/twext/who/idirectory.py</a></li>
<li><a href="#twexttrunktwextwhoopendirectory_servicepy">twext/trunk/twext/who/opendirectory/_service.py</a></li>
<li><a href="#twexttrunktwextwhoxmlpy">twext/trunk/twext/who/xml.py</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#twexttrunktwextwhocheckerpy">twext/trunk/twext/who/checker.py</a></li>
<li><a href="#twexttrunktwextwhotestauth_resourcerpy">twext/trunk/twext/who/test/auth_resource.rpy</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="twexttrunktwextwhocheckerpy"></a>
<div class="addfile"><h4>Added: twext/trunk/twext/who/checker.py (0 => 12219)</h4>
<pre class="diff"><span>
<span class="info">--- twext/trunk/twext/who/checker.py (rev 0)
+++ twext/trunk/twext/who/checker.py 2014-01-03 00:20:23 UTC (rev 12219)
</span><span class="lines">@@ -0,0 +1,209 @@
</span><ins>+# -*- test-case-name: twext.who.test.test_checker -*-
+##
+# Copyright (c) 2013 Apple Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##
+
+"""
+L{twisted.cred}-style credential checker.
+"""
+
+from zope.interface import implementer, classImplements, Attribute
+
+from twisted.internet.defer import inlineCallbacks, returnValue
+from twisted.cred.error import UnauthorizedLogin
+from twisted.cred.checkers import ICredentialsChecker
+from twisted.cred.credentials import (
+ ICredentials, IUsernamePassword, IUsernameHashedPassword,
+ DigestedCredentials,
+)
+
+from .idirectory import (
+ IDirectoryService, RecordType,
+ IPlaintextPasswordVerifier, IHTTPDigestVerifier,
+)
+
+
+
+@implementer(ICredentialsChecker)
+class BaseCredentialChecker(object):
+ # credentialInterfaces = (IUsernamePassword, IUsernameHashedPassword)
+
+ def __init__(self, service):
+ """
+ @param service: The directory service to use to obtain directory
+ records and validate credentials against.
+ @type service: L{IDirectoryService}
+ """
+ if not IDirectoryService.providedBy(service):
+ raise TypeError("Not an IDirectoryService: {0!r}".format(service))
+
+ self.service = service
+
+
+
+class UsernamePasswordCredentialChecker(BaseCredentialChecker):
+ credentialInterfaces = (IUsernamePassword, IUsernameHashedPassword)
+
+
+ @inlineCallbacks
+ def requestAvatarId(self, credentials):
+ if not IUsernamePassword.providedBy(credentials):
+ raise TypeError(
+ "Not an IUsernamePassword: {0!r}".format(credentials)
+ )
+
+ record = yield self.service.recordWithShortName(
+ RecordType.user, credentials.username
+ )
+
+ if record is None:
+ raise UnauthorizedLogin("No such user")
+
+ if not IPlaintextPasswordVerifier.providedBy(record):
+ raise UnauthorizedLogin(
+ "Not an IPlaintextPasswordVerifier: {0!r}".format(record)
+ )
+
+ if record.verifyPlaintextPassword(credentials.password):
+ returnValue(record)
+
+ raise UnauthorizedLogin("Incorrect password")
+
+
+
+class IHTTPDigest(ICredentials):
+ """
+ HTTP digest credentials.
+ """
+ username = Attribute("User (short) name")
+ method = Attribute("...")
+ fields = Attribute("...") # Attributes would be better.
+
+
+
+classImplements(DigestedCredentials, (IHTTPDigest,))
+
+
+
+class HTTPDigestCredentialChecker(BaseCredentialChecker):
+ credentialInterfaces = (IHTTPDigest,)
+
+
+ @inlineCallbacks
+ def requestAvatarId(self, credentials):
+ if not IHTTPDigest.providedBy(credentials):
+ raise TypeError(
+ "Not an IHTTPDigest: {0!r}".format(credentials)
+ )
+
+ record = yield self.service.recordWithShortName(
+ RecordType.user, credentials.username
+ )
+
+ if record is None:
+ raise UnauthorizedLogin("No such user")
+
+ if not IHTTPDigestVerifier.providedBy(record):
+ raise UnauthorizedLogin(
+ "Not an IHTTPDigestVerifier: {0!r}".format(record)
+ )
+
+ if record.verifyHTTPDigest(
+ credentials.username,
+ credentials.fields.get("realm"),
+ credentials.fields.get("uri"),
+ credentials.fields.get("nonce"),
+ credentials.fields.get("cnonce"),
+ credentials.fields.get("algorithm", "md5"),
+ credentials.fields.get("nc"),
+ credentials.fields.get("qop", "auth"),
+ credentials.fields.get("response"),
+ credentials.method,
+ ):
+ returnValue(record)
+
+ raise UnauthorizedLogin("Incorrect password")
+
+
+
+
+
+# class Yuck(object):
+# def requestAvatarId(self, credentials):
+# odRecord = self._getUserRecord(credentials.username)
+
+# if odRecord is None:
+# return fail(UnauthorizedLogin("No such user"))
+
+# if isinstance(credentials, DigestedCredentials):
+# try:
+# credentials.fields.setdefault("algorithm", "md5")
+# challenge = (
+# 'Digest realm="{realm}", nonce="{nonce}", '
+# 'algorithm={algorithm}'
+# .format(**credentials.fields)
+# )
+# response = credentials.fields["response"]
+
+# except KeyError as e:
+# self.log.error(
+# "Error authenticating against OpenDirectory: "
+# "missing digest response field {field!r} in "
+# "{credentials.fields!r}",
+# field=e.args[0], credentials=credentials
+# )
+# return fail(UnauthorizedLogin("Invalid digest challenge"))
+
+# result, m1, m2, error = odRecord.verifyExtendedWithAuthenticationType_authenticationItems_continueItems_context_error_(
+# u"dsAuthMethodStandard:dsAuthNodeDIGEST-MD5",
+# [
+# credentials.username,
+# challenge,
+# response,
+# credentials.method,
+# ],
+# None, None, None
+# )
+
+# if error:
+# return fail(UnauthorizedLogin(error))
+
+# if result:
+# return succeed(DirectoryRecord(self, odRecord))
+
+# else:
+# return fail(UnauthorizedLogin(
+# "Unknown credentials type: {0}".format(type(credentials))
+# ))
+
+# return fail(UnauthorizedLogin("Unknown authorization failure"))
+
+
+
+
+
+
+
+# from twisted.web.guard import DigestCredentialFactory
+
+# class CustomDigestCredentialFactory(DigestCredentialFactory):
+# """
+# DigestCredentialFactory without qop, to interop with OD.
+# """
+
+# def getChallenge(self, address):
+# result = DigestCredentialFactory.getChallenge(self, address)
+# del result["qop"]
+# return result
</ins></span></pre></div>
<a id="twexttrunktwextwhodirectorypy"></a>
<div class="modfile"><h4>Modified: twext/trunk/twext/who/directory.py (12218 => 12219)</h4>
<pre class="diff"><span>
<span class="info">--- twext/trunk/twext/who/directory.py 2014-01-02 22:02:37 UTC (rev 12218)
+++ twext/trunk/twext/who/directory.py 2014-01-03 00:20:23 UTC (rev 12219)
</span><span class="lines">@@ -24,15 +24,17 @@
</span><span class="cx"> "DirectoryRecord",
</span><span class="cx"> ]
</span><span class="cx">
</span><del>-from zope.interface import implementer
</del><ins>+from zope.interface import implementer, directlyProvides
</ins><span class="cx">
</span><span class="cx"> from twisted.internet.defer import inlineCallbacks, returnValue
</span><span class="cx"> from twisted.internet.defer import succeed, fail
</span><ins>+from twisted.cred.credentials import DigestedCredentials
</ins><span class="cx">
</span><span class="cx"> from .idirectory import (
</span><span class="cx"> QueryNotSupportedError, NotAllowedError,
</span><span class="cx"> FieldName, RecordType,
</span><span class="cx"> IDirectoryService, IDirectoryRecord,
</span><ins>+ IPlaintextPasswordVerifier, IHTTPDigestVerifier,
</ins><span class="cx"> )
</span><span class="cx"> from .expression import CompoundExpression, Operand, MatchExpression
</span><span class="cx"> from .util import uniqueResult, describe, ConstantsContainer
</span><span class="lines">@@ -374,7 +376,12 @@
</span><span class="cx"> self.service = service
</span><span class="cx"> self.fields = normalizedFields
</span><span class="cx">
</span><ins>+ if self.service.fieldName.password in self.fields:
+ directlyProvides(
+ self, IPlaintextPasswordVerifier, IHTTPDigestVerifier
+ )
</ins><span class="cx">
</span><ins>+
</ins><span class="cx"> def __repr__(self):
</span><span class="cx"> return (
</span><span class="cx"> "<{self.__class__.__name__} ({recordType}){shortName}>".format(
</span><span class="lines">@@ -455,3 +462,35 @@
</span><span class="cx">
</span><span class="cx"> def groups(self):
</span><span class="cx"> return fail(NotImplementedError("Subclasses must implement groups()"))
</span><ins>+
+
+ #
+ # Verifiers for twext.who.checker stuff.
+ #
+
+ def verifyPlaintextPassword(self, password):
+ if self.password == password:
+ return True
+ else:
+ return False
+
+
+ def verifyHTTPDigest(
+ self, username, realm, uri, nonce, cnonce,
+ algorithm, nc, qop, response, method,
+ ):
+ helperCreds = DigestedCredentials(
+ username, method, realm,
+ dict(
+ realm=realm,
+ uri=uri,
+ nonce=nonce,
+ cnonce=cnonce,
+ algorithm=algorithm,
+ nc=nc,
+ qop=qop,
+ response=response
+ )
+ )
+
+ return helperCreds.checkPassword(self.password)
</ins></span></pre></div>
<a id="twexttrunktwextwhoidirectorypy"></a>
<div class="modfile"><h4>Modified: twext/trunk/twext/who/idirectory.py (12218 => 12219)</h4>
<pre class="diff"><span>
<span class="info">--- twext/trunk/twext/who/idirectory.py 2014-01-02 22:02:37 UTC (rev 12218)
+++ twext/trunk/twext/who/idirectory.py 2014-01-03 00:20:23 UTC (rev 12219)
</span><span class="lines">@@ -72,6 +72,7 @@
</span><span class="cx"> """
</span><span class="cx"> Unknown record type.
</span><span class="cx"> """
</span><ins>+
</ins><span class="cx"> def __init__(self, token):
</span><span class="cx"> DirectoryServiceError.__init__(self, token)
</span><span class="cx"> self.token = token
</span><span class="lines">@@ -117,6 +118,7 @@
</span><span class="cx"> Represents a non-person not covered by another record type (eg. a
</span><span class="cx"> projector).
</span><span class="cx"> """
</span><ins>+
</ins><span class="cx"> user = NamedConstant()
</span><span class="cx"> user.description = u"user"
</span><span class="cx">
</span><span class="lines">@@ -150,9 +152,11 @@
</span><span class="cx"> @cvar emailAddresses: The email addresses for a directory record.
</span><span class="cx"> The associated values must be L{unicodes}.
</span><span class="cx">
</span><del>- @cvar password: The clear text password for a directory record.
</del><ins>+ @cvar password: The clear text password (oh no!) for a directory record.
</ins><span class="cx"> The associated value must be a L{unicode} or C{None}.
</span><ins>+ The correct value is C{None}.
</ins><span class="cx"> """
</span><ins>+
</ins><span class="cx"> uid = NamedConstant()
</span><span class="cx"> uid.description = u"UID"
</span><span class="cx">
</span><span class="lines">@@ -406,6 +410,7 @@
</span><span class="cx"> C{record.recordType} is equivalent to
</span><span class="cx"> C{record.fields[FieldName.recordType]}.
</span><span class="cx"> """
</span><ins>+
</ins><span class="cx"> service = Attribute("The L{IDirectoryService} this record exists in.")
</span><span class="cx"> fields = Attribute("A mapping with L{NamedConstant} keys.")
</span><span class="cx">
</span><span class="lines">@@ -429,3 +434,39 @@
</span><span class="cx"> @return: a deferred iterable of L{IDirectoryRecord}s which are
</span><span class="cx"> groups that this record is a member of.
</span><span class="cx"> """
</span><ins>+
+
+
+class IPlaintextPasswordVerifier(Interface):
+ """
+ Provides a way to verify a plaintext password as provided by a client.
+ """
+
+ def verifyPlaintextPassword(password):
+ """
+ Verifies that a given plaintext password authenticates the record.
+
+ @param password: A plaintext password.
+ @type password: L{unicode}
+
+ @return: L{True} if the password matches, L{False} otherwise.
+ @rtype: L{BOOL}
+ """
+
+
+
+class IHTTPDigestVerifier(Interface):
+ """
+ Provides a way to verify HTTP digest credentials as provided by a client.
+ """
+
+ def verifyHTTPDigest(username, realm, nonce, algorithm, response, method):
+ """
+ Verifies that a given plaintext password authenticates the record.
+
+ @param password: A plaintext password.
+ @type password: L{unicode}
+
+ @return: L{True} if the password matches, L{False} otherwise.
+ @rtype: L{BOOL}
+ """
</ins></span></pre></div>
<a id="twexttrunktwextwhoopendirectory_servicepy"></a>
<div class="modfile"><h4>Modified: twext/trunk/twext/who/opendirectory/_service.py (12218 => 12219)</h4>
<pre class="diff"><span>
<span class="info">--- twext/trunk/twext/who/opendirectory/_service.py 2014-01-02 22:02:37 UTC (rev 12218)
+++ twext/trunk/twext/who/opendirectory/_service.py 2014-01-03 00:20:23 UTC (rev 12219)
</span><span class="lines">@@ -21,16 +21,8 @@
</span><span class="cx"> OpenDirectory directory service implementation.
</span><span class="cx"> """
</span><span class="cx">
</span><del>-from zope.interface import implements
-
</del><span class="cx"> from twisted.python.constants import Names, NamedConstant
</span><span class="cx"> from twisted.internet.defer import succeed, fail
</span><del>-from twisted.cred.checkers import ICredentialsChecker
-from twisted.cred.credentials import (
- IUsernamePassword, IUsernameHashedPassword, DigestedCredentials,
-)
-from twisted.cred.error import UnauthorizedLogin
-# from twisted.web.guard import DigestCredentialFactory
</del><span class="cx">
</span><span class="cx"> from twext.python.log import Logger
</span><span class="cx">
</span><span class="lines">@@ -115,10 +107,6 @@
</span><span class="cx"> """
</span><span class="cx"> OpenDirectory directory service.
</span><span class="cx"> """
</span><del>-
- implements(ICredentialsChecker)
- credentialInterfaces = (IUsernamePassword, IUsernameHashedPassword)
-
</del><span class="cx"> log = Logger()
</span><span class="cx">
</span><span class="cx"> recordType = ConstantsContainer((
</span><span class="lines">@@ -414,9 +402,9 @@
</span><span class="cx"> "Error while executing OpenDirectory query: {error}",
</span><span class="cx"> error=error
</span><span class="cx"> )
</span><del>- raise OpenDirectoryQueryError(
</del><ins>+ return fail(OpenDirectoryQueryError(
</ins><span class="cx"> "Unable to execute OpenDirectory query", error
</span><del>- )
</del><ins>+ ))
</ins><span class="cx">
</span><span class="cx"> return succeed(DirectoryRecord(self, odr) for odr in odRecords)
</span><span class="cx">
</span><span class="lines">@@ -476,93 +464,7 @@
</span><span class="cx"> return record
</span><span class="cx">
</span><span class="cx">
</span><del>- def requestAvatarId(self, credentials):
- """
- Authenticate the credentials against OpenDirectory and return the
- corresponding directory record.
</del><span class="cx">
</span><del>- @param: credentials: The credentials to authenticate.
- @type: credentials: L{ICredentials}
-
- @return: The directory record for the given credentials.
- @rtype: deferred L{DirectoryRecord}
-
- @raises: L{UnauthorizedLogin} if the credentials are not valid.
- """
-
- odRecord = self._getUserRecord(credentials.username)
-
- if odRecord is None:
- return fail(UnauthorizedLogin("No such user"))
-
- if IUsernamePassword.providedBy(credentials):
- result, error = odRecord.verifyPassword_error_(
- credentials.password, None
- )
-
- if error:
- return fail(UnauthorizedLogin(error))
-
- if result:
- return succeed(DirectoryRecord(self, odRecord))
-
- elif isinstance(credentials, DigestedCredentials):
- try:
- credentials.fields.setdefault("algorithm", "md5")
- challenge = (
- 'Digest realm="{realm}", nonce="{nonce}", '
- 'algorithm={algorithm}'
- .format(**credentials.fields)
- )
- response = credentials.fields["response"]
-
- except KeyError as e:
- self.log.error(
- "Error authenticating against OpenDirectory: "
- "missing digest response field {field!r} in "
- "{credentials.fields!r}",
- field=e.args[0], credentials=credentials
- )
- return fail(UnauthorizedLogin("Invalid digest challenge"))
-
- result, m1, m2, error = odRecord.verifyExtendedWithAuthenticationType_authenticationItems_continueItems_context_error_(
- u"dsAuthMethodStandard:dsAuthNodeDIGEST-MD5",
- [
- credentials.username,
- challenge,
- response,
- credentials.method,
- ],
- None, None, None
- )
-
- if error:
- return fail(UnauthorizedLogin(error))
-
- if result:
- return succeed(DirectoryRecord(self, odRecord))
-
- else:
- return fail(UnauthorizedLogin(
- "Unknown credentials type: {0}".format(type(credentials))
- ))
-
- return fail(UnauthorizedLogin("Unknown authorization failure"))
-
-
-
-# class CustomDigestCredentialFactory(DigestCredentialFactory):
-# """
-# DigestCredentialFactory without qop, to interop with OD.
-# """
-
-# def getChallenge(self, address):
-# result = DigestCredentialFactory.getChallenge(self, address)
-# del result["qop"]
-# return result
-
-
-
</del><span class="cx"> class DirectoryRecord(BaseDirectoryRecord):
</span><span class="cx"> """
</span><span class="cx"> OpenDirectory directory record.
</span></span></pre></div>
<a id="twexttrunktwextwhotestauth_resourcerpy"></a>
<div class="addfile"><h4>Added: twext/trunk/twext/who/test/auth_resource.rpy (0 => 12219)</h4>
<pre class="diff"><span>
<span class="info">--- twext/trunk/twext/who/test/auth_resource.rpy (rev 0)
+++ twext/trunk/twext/who/test/auth_resource.rpy 2014-01-03 00:20:23 UTC (rev 12219)
</span><span class="lines">@@ -0,0 +1,61 @@
</span><ins>+##
+# Copyright (c) 2013 Apple Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##
+
+cache()
+
+from twisted.cred.portal import Portal
+from twisted.web.resource import IResource
+from twisted.web.guard import (
+ HTTPAuthSessionWrapper,
+ # BasicCredentialFactory,
+ DigestCredentialFactory,
+)
+from twisted.web.static import Data
+
+from twext.who.test.test_xml import xmlService as DirectoryService
+# from twext.who.checker import UsernamePasswordCredentialChecker
+from twext.who.checker import HTTPDigestCredentialChecker
+
+
+
+class Realm(object):
+ def requestAvatar(self, avatarId, mind, *interfaces):
+ resource = Data(
+ "Hello, {0!r}!".format(avatarId),
+ "text/plain"
+ )
+
+ return IResource, resource, lambda: None
+
+
+
+directory = DirectoryService("/tmp/auth.xml")
+
+checkers = [
+ HTTPDigestCredentialChecker(directory),
+ # UsernamePasswordCredentialChecker(directory),
+]
+
+realm = Realm()
+
+portal = Portal(realm, checkers)
+
+factories = [
+ DigestCredentialFactory("md5", "Digest Realm"),
+ # BasicCredentialFactory("Basic Realm"),
+]
+
+resource = HTTPAuthSessionWrapper(portal, factories)
</ins></span></pre></div>
<a id="twexttrunktwextwhoxmlpy"></a>
<div class="modfile"><h4>Modified: twext/trunk/twext/who/xml.py (12218 => 12219)</h4>
<pre class="diff"><span>
<span class="info">--- twext/trunk/twext/who/xml.py 2014-01-02 22:02:37 UTC (rev 12218)
+++ twext/trunk/twext/who/xml.py 2014-01-03 00:20:23 UTC (rev 12219)
</span><span class="lines">@@ -15,6 +15,7 @@
</span><span class="cx"> # limitations under the License.
</span><span class="cx"> ##
</span><span class="cx">
</span><ins>+from __future__ import print_function
</ins><span class="cx"> from __future__ import absolute_import
</span><span class="cx">
</span><span class="cx"> """
</span><span class="lines">@@ -35,6 +36,8 @@
</span><span class="cx"> tostring as etreeToString, Element as XMLElement,
</span><span class="cx"> )
</span><span class="cx">
</span><ins>+from zope.interface import implementer
+
</ins><span class="cx"> from twisted.python.constants import Values, ValueConstant
</span><span class="cx"> from twisted.internet.defer import fail
</span><span class="cx">
</span><span class="lines">@@ -42,10 +45,12 @@
</span><span class="cx"> DirectoryServiceError,
</span><span class="cx"> NoSuchRecordError, UnknownRecordTypeError,
</span><span class="cx"> RecordType, FieldName as BaseFieldName,
</span><ins>+ IPlaintextPasswordVerifier, IHTTPDigestVerifier,
</ins><span class="cx"> )
</span><span class="cx"> from .index import (
</span><span class="cx"> DirectoryService as BaseDirectoryService,
</span><del>- DirectoryRecord, FieldName as IndexFieldName,
</del><ins>+ DirectoryRecord,
+ FieldName as IndexFieldName,
</ins><span class="cx"> )
</span><span class="cx"> from .util import ConstantsContainer
</span><span class="cx">
</span></span></pre>
</div>
</div>
</body>
</html>