-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauth
124 lines (109 loc) · 4.29 KB
/
auth
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
<?xml version="1.0" encoding="UTF-8"?>
<rdf:RDF
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#"
xmlns:rdfe="http://redfoot.net/3.0/rdf#"
xmlns:code="http://redfoot.net/3.0/code#"
>
<rdfe:RDFXMLDocument rdf:about="">
</rdfe:RDFXMLDocument>
<rdfe:Namespace rdf:about="#">
<rdfs:label>Auth</rdfs:label>
<rdfs:comment>The Redfoot auth namespace.</rdfs:comment>
</rdfe:Namespace>
<code:Module rdf:ID="module">
<rdfs:label>Auth</rdfs:label>
<rdfs:comment></rdfs:comment>
<code:python rdf:datatype="http://www.w3.org/2001/XMLSchema#string">
<![CDATA[
_logger = redfoot.getLogger(__uri__)
import md5, sha
KERNEL = redfoot.namespace("http://redfoot.net/3.0/kernel#")
USER = redfoot.namespace("http://redfoot.net/3.0/user#")
SESSION = redfoot.namespace("http://redfoot.net/3.0/session#")
SERVER = redfoot.namespace("http://redfoot.net/3.0/server#")
user_mod = redfoot.module(URIRef("http://redfoot.net/3.0/user#module"))
def authenticate(request, username=None, password=None):
"Returns uid if authentication succeeds or None otherwise"
message = ""
session_id = request.session_id or request.create_session()
if username is None:
username = request.user
if password is None:
password = request.password
if "@" not in username and "/" not in username:
user = URIRef("/users/%s#" % username, base=request.host)
elif username.startswith("http") or ("." in username and not "@" in username):
if not username.startswith("http"):
user = "http://%s" % username
else:
user = username
from rdflib.Graph import Graph
FOAF = redfoot.namespace("http://xmlns.com/foaf/0.1/")
if not "#" in user:
user = "%s#" % user
user = URIRef(user)
g = Graph()
if not user.startswith(request.host): # more checks localhost, server IP, etc.
try:
g.load(user)
except Exception, e:
message = "%s while trying to load from %s " % (str(e), user)
cid = redfoot.context_id(user, context_id="#user")
c = redfoot.get_context(cid, creator=__uri__)
c.add((user, RDF.type, USER.User))
c.remove((user, USER.hexdigest, None))
for hexdigest in g.objects(user, USER.hexdigest):
c.add((user, USER.hexdigest, hexdigest))
label = g.label(user) or g.value(user, FOAF.name)
if label:
c.remove((user, RDFS.label, None))
c.add((user, RDFS.label, label))
elif "@" in username and not username.startswith("mailto:"):
user = URIRef("mailto:%s" % username)
else:
raise Exception("Username '%s' has unexpected format" % username)
if user_mod.authenticate(user, password):
if session_id:
c = redfoot.get_context(redfoot.context_id(session_id), creator=__uri__)
redfoot.remove((session_id, SESSION.authenticated, None))
c.add((session_id, SESSION.authenticated, Literal("True")))
redfoot.remove((session_id, SESSION.uid, None))
c.add((session_id, SESSION.uid, user))
redfoot.remove((session_id, SESSION.message, None))
return user
else:
if session_id:
c = redfoot.get_context(redfoot.context_id(session_id), creator=__uri__)
redfoot.remove((session_id, SESSION.authenticated, None))
redfoot.remove((session_id, SESSION.uid, None))
c.add((session_id, SESSION.authenticated, Literal("False")))
redfoot.remove((session_id, SESSION.message, None))
msg = message or "invalid email or password"
c.add((session_id, SESSION.message, Literal(msg)))
return None
def allow(request, uri=None):
if uri is None:
uri = request.uri
if (uri, SERVER.allow, None) in redfoot or (request.host, SERVER.allow, None) in redfoot:
if (uri, SERVER.allow, Literal("True")) in redfoot:
return True
session_id = request.session_id
if session_id:
uid = redfoot.value(session_id, SESSION.uid)
if uid is None:
return False
if (uid, RDF.type, KERNEL.Admin) in redfoot:
return True
for allow in redfoot.objects(uri, SERVER.allow):
if allow==uid:
return True
elif (uid, RDF.type, allow) in redfoot:
return True
return False
else:
return True
]]>
</code:python>
</code:Module>
</rdf:RDF>