PAS._verifyUser should use exact_match to the enumerator Otherwise a user with login 'foobar' might get returned by _verifyUser for a query for login='foo' because the enumerator happened to return 'foobar' first in the results.
Merge z3-events branch
Merged r69484:70143 from shh-authentication-caching branch. Features Added - Implemented authentication caching in _extractUserIds. - Ported standard user folder tests from the AccessControl test suite. Bugs Fixed - ZODBUserManager: Already encrypted passwords were encrypted again in addUser and updateUserPassword. (http://www.zope.org/Collectors/Zope/1926) - Made sure the emergency user via HTTP basic auth always wins, no matter how borken the plugin landscape.
Created a "Configured PAS" entry in the ZMI add list. o Allows creating a PAS using base and extension GenericSetup profiles registered for IPluggableAuthService. o This entry should eventually replace the "stock" PAS entry, assuming that we make GenericSetup a "hard" dependency. Added an "empty" GenericSetup profile. o creates a PAS containing only a plugin registry and a setup tool. Repaired the "simple" GenericSetup profile to be useful, rather than catastrophic, to apply. o This profile now creates and registers a set of ZODB-based user / group / role plugins, along with a basic auth helper.
- Convert from using zLOG to using the Python logging module. (http://www.zope.org/Members/urbanape/PluggableAuthService/Collector/14)
Added suppport for exporting / importing a PAS and its content via the GenericSetup file export framework (if present).
Merge changes from sidnei-challenge-protocol-chooser: - Added two new interfaces, IChallengeProtocolChooser and IRequestTypeSniffer. Those are used to select the 'authorization protocol' or 'challenger protocol' to be used for challenging according to the incoming request type. - Fixed a couple more places where Zope 2-style __implements__ where being used to standardize on using classImplements. - Fixed fallback implementations of providedBy and implementedBy to always return a tuple. - Make sure challenge doesn't break if existing instances of the PluginRegistry don't yet have IChallengeProtocolChooser as a registered interface. (Would be nice to have some sort of migration for the PluginRegistry between PAS releases) - Don't assume that just because zope.interface can be imported that Five is present.
applied Mark Hammond's patch
merging zbir_fixing_ids_branch to the head
We need to have a sane default, otherwise we get a cranky UnboundLocalError
- Make 'getUserById' pass the 'login' to '_findUser', so that the returned user object can answer 'getUserName' sanely.
- Merge 'zc-pas_fix_logout-branch', and release version 1.0.4.
- Add a publicly callable "logout" method on the PluggableAuthService instance that will call resetCredentials on all activated ICredentialsRest plugins, thus effecting a logout.
- Enabled the usage of the CookieAuthHelper login screen functionality without actually using the CookieAuthHelper to maintain the credentials store in its own auth cookie by ensuring that only active updateCredentials plugins are informed about a successful login so they can store the credentials.
- Make over-noisy exception logging quieter.
- merge the jens-implement_caching_branch . For some details please see doc/caching.stx.
Don't complain in the case that we don't have the user record for a user id (this is common in the case that a user from a user folder "lower" in the tree is browsing a part of the tree in which a PAS is contained).
Give group and user plugins the opportunity to provide their own titles.
- reunite the ZMI stuff in one place (first noticed by Willi Langenberger)
Merging pre-1_0_3-zbir-challenge-branch to the head.
- Remove spurious return.
- Single-line triple-quoted strings are evil.
Override _unauthorized, to get rid of the default WWW-Authenticate headers.
Yet another attempt of ChallengeImplementation, that should cover all know usecases.
Improvements in the challenge implementation, including removing infinite recurses in HTTPBasicAuth and Cokkie plugins.
Implementing challenge plugin support via __before_traverse_hook_
our marker object '_noroles' can't be tested for equality across the Python-C bridge, so we have to exclude it here so that each implementation (Python or C) can use its appropriate default.
- _extractUserIds *must* mangle the id that is returned via authentication with the id of the authenticating plugin, since a single credentials extractor can attempt authentication against any number of authenticating mechanisms. - Implement the registration for what will be our hook-point for the IChallengePlugin plugins.
Removed this challenge implementation, in expectation of the before traverse implementation discussed on #zope-dev.
The user id in extract user now calls _verifyUser to get the ID mangled by the enumeration plugin, instead of mangling it with the authentication ID, thereby allowing the authentication and enumeration plugins to be different plugins.
Implemented the challenge call, so challende plugins now gets called. Only raise "Redirect", url supported as challenge, but anything else requires a rewrite of BasicRequest...
- fix the missing arrows bug - fix the broken assumption in searchPrincipals (that a plugin can do user enumeration or group enumeration, but not both) - PAS adds the 'Authenticated' Role, not any IRolesPlugin plugin.
Adding the error logs exposed another bug: All authenticateCredentials() returned a single None when they could not authenticate, although all calls expected a tuple.
Merge from branch: Added warning logs for swallowed exceptions.
Sorry for the noise - switching to ZPL 2.1
PluggableAuthService.py - Use the emergency user's user name (the special users in AccessControl.User don't have user ids). tests/test_PluggableAuthService.py - Test that PAS._findUser() will return the emergency user when presented with the emergency user's username.
Added ZPL to all modules
This form allows you to request diffs between any two revisions of this file. For each of the two "sides" of the diff, enter a numeric revision.
|zope.org Infrastructure||ViewVC Help|
|Powered by ViewVC 1.0.3|