1
2
3
4
5
6
7
8
9
10
11
12
13
14 '''
15 This module contains monkey patches we needed to make to PAS when we switched
16 from native ZODB-managed authentication to pluggable authentication.
17
18 This module needs to be imported by ZenUtils/__init__.py.
19
20 Related tickets:
21 http://dev.zenoss.org/trac/ticket/379
22 http://dev.zenoss.org/trac/ticket/402
23 http://dev.zenoss.org/trac/ticket/443
24 http://dev.zenoss.org/trac/ticket/1042
25 http://dev.zenoss.org/trac/ticket/4225
26 '''
27
28 from AccessControl import getSecurityManager
29 from Products.ZenMessaging import actions
30 from Products.ZenMessaging.actions.constants import ActionTargetType
31
32
33
34 from Products.PluggableAuthService import PluggableAuthService
35 from Products.ZenUtils.Security import _createInitialUser
36 pas = PluggableAuthService.PluggableAuthService
37 if not hasattr(pas, '_createInitialUser'):
38 pas._createInitialUser = _createInitialUser
39
40
41 from Products.PluggableAuthService.plugins import CookieAuthHelper
42 import urlparse
43 from cgi import parse_qs
44
46 """We don't want CookieAuthHelper setting the login attribute, we we'll
47 override manage_afterAdd().
48
49 For now, the only thing that manage_afterAdd does is set the login_form
50 attribute, but we will need to check this after every upgrade of the PAS.
51 """
52 pass
53
54 CookieAuthHelper.CookieAuthHelper.manage_afterAdd = manage_afterAdd
55
57 """
58 Set a cookie and redirect to the url that we tried to
59 authenticate against originally.
60
61 FIXME - I don't think we need this any more now that the EULA is gone -EAD
62 """
63 import urllib
64
65 request = self.REQUEST
66 response = request['RESPONSE']
67
68 login = request.get('__ac_name', '')
69 password = request.get('__ac_password', '')
70 submitted = request.get('submitted', '')
71
72 pas_instance = self._getPAS()
73
74 if pas_instance is not None:
75 pas_instance.updateCredentials(request, response, login, password)
76
77
78 if actions.sendUserAction:
79
80
81 username = getSecurityManager().getUser().getUserName()
82 actions.sendUserAction(
83 ActionTargetType.Login,
84 'Succeed' if username == login else 'Fail',
85 username=login)
86
87 came_from = request.form.get('came_from') or ''
88 if came_from:
89 parts = urlparse.urlsplit(came_from)
90 querydict = parse_qs(parts[3])
91 querydict.pop('terms', None)
92 if 'submitted' not in querydict.keys():
93 querydict['submitted'] = submitted
94 newqs = urllib.urlencode(querydict, doseq=True)
95 parts = parts[:3] + (newqs,) + parts[4:]
96 came_from = urlparse.urlunsplit(parts)
97 else:
98 submittedQs = 'submitted=%s' % submitted
99 came_from = '/zport/dmd?%s' % submittedQs
100 if not self.dmd.acceptedTerms:
101 url = "%s/zenoss_terms/?came_from=%s" % (
102 self.absolute_url(), urllib.quote(came_from))
103 else:
104 url = came_from
105
106 if self.dmd.uuid is None:
107 from uuid import uuid1
108 self.dmd.uuid = str(uuid1())
109 return response.redirect(url)
110
111 CookieAuthHelper.CookieAuthHelper.login = login
112
113
115 """ Check to see if the user has accepted the Zenoss terms.
116 """
117 request = self.REQUEST
118 response = request['RESPONSE']
119
120 acceptStatus = request.form.get('terms') or ''
121 url = request.form.get('came_from') or self.absolute_url()
122
123 if acceptStatus != 'Accept':
124 self.resetCredentials(request, response)
125 if '?' in url:
126 url += '&'
127 else:
128 url += '?'
129 url += 'terms=Decline'
130 else:
131 self.dmd.acceptedTerms = True
132 from uuid import uuid1
133 self.dmd.uuid = str(uuid1())
134 return response.redirect(url)
135
136 CookieAuthHelper.CookieAuthHelper.termsCheck = termsCheck
137