Mercurial > libervia-backend
comparison src/stdui/ui_profile_manager.py @ 1032:b262ae6d53af
stdui: add ui_profile_manager to interact with frontends when profile authentication is needed
| author | souliane <souliane@mailoo.org> |
|---|---|
| date | Wed, 07 May 2014 16:03:38 +0200 |
| parents | |
| children | 066308706dc6 |
comparison
equal
deleted
inserted
replaced
| 1031:e90125d07072 | 1032:b262ae6d53af |
|---|---|
| 1 #!/usr/bin/python | |
| 2 # -*- coding: utf-8 -*- | |
| 3 | |
| 4 # SAT standard user interface for managing contacts | |
| 5 # Copyright (C) 2009, 2010, 2011, 2012, 2013, 2014 Jérôme Poisson (goffi@goffi.org) | |
| 6 # Copyright (C) 2013, 2014 Adrien Cossa (souliane@mailoo.org) | |
| 7 | |
| 8 # This program is free software: you can redistribute it and/or modify | |
| 9 # it under the terms of the GNU Affero General Public License as published by | |
| 10 # the Free Software Foundation, either version 3 of the License, or | |
| 11 # (at your option) any later version. | |
| 12 | |
| 13 # This program is distributed in the hope that it will be useful, | |
| 14 # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 15 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 16 # GNU Affero General Public License for more details. | |
| 17 | |
| 18 # You should have received a copy of the GNU Affero General Public License | |
| 19 # along with this program. If not, see <http://www.gnu.org/licenses/>. | |
| 20 | |
| 21 from sat.core.i18n import _, D_ | |
| 22 from sat.core.constants import Const as C | |
| 23 from sat.tools import xml_tools | |
| 24 from sat.memory.crypto import PasswordHasher | |
| 25 from twisted.internet import defer | |
| 26 | |
| 27 | |
| 28 class ProfileManager(object): | |
| 29 """Manage profiles.""" | |
| 30 | |
| 31 def __init__(self, host): | |
| 32 self.host = host | |
| 33 self.profile_ciphers = {} | |
| 34 host.registerCallback(self._authenticateProfile, force_id=C.AUTHENTICATE_PROFILE_ID, with_data=True) | |
| 35 | |
| 36 def _authenticateProfile(self, data, profile): | |
| 37 """Get the data/dialog for connecting a profile | |
| 38 | |
| 39 @param data (dict) | |
| 40 @param profile: %(doc_profile)s | |
| 41 @return: deferred dict | |
| 42 """ | |
| 43 def gotProfileCipher(profile_cipher): | |
| 44 if self.host.memory.auth_sessions.profileGetUnique(profile): | |
| 45 # case 1: profile already authenticated | |
| 46 return {'authenticated_profile': profile, 'caller': data['caller']} | |
| 47 self.profile_ciphers[profile] = profile_cipher | |
| 48 if 'profile_password' in data: | |
| 49 # case 2: password is provided by the caller | |
| 50 return self._verifyPassword(data, profile) | |
| 51 | |
| 52 def check_empty_password(empty_password_result): | |
| 53 if 'authenticated_profile' in empty_password_result: | |
| 54 # case 3: there's no password for this profile | |
| 55 return empty_password_result | |
| 56 | |
| 57 # case 4: prompt the user for a password | |
| 58 def xmlui_cb(data_, profile): | |
| 59 data_['caller'] = data['caller'] | |
| 60 return self._verifyPassword(data_, profile) | |
| 61 | |
| 62 callback_id = self.host.registerCallback(xmlui_cb, with_data=True, one_shot=True) | |
| 63 form_ui = xml_tools.XMLUI("form", title=D_('Profile password for %s') % profile, submit_id=callback_id) | |
| 64 form_ui.addPassword('profile_password', value='') | |
| 65 return {'xmlui': form_ui.toXml()} | |
| 66 | |
| 67 check_empty_data = {'profile_password': '', 'caller': data['caller']} | |
| 68 d = self._verifyPassword(check_empty_data, profile) | |
| 69 return d.addCallback(check_empty_password) | |
| 70 | |
| 71 assert(data['caller']) | |
| 72 d = self.host.memory.asyncGetStringParamA(C.PROFILE_PASS_PATH[1], C.PROFILE_PASS_PATH[0], profile_key=profile) | |
| 73 d.addCallback(gotProfileCipher) | |
| 74 d.addErrback(self.getParamError) | |
| 75 return d | |
| 76 | |
| 77 def getParamError(self): | |
| 78 _dialog = xml_tools.XMLUI('popup', title=D_('Error')) | |
| 79 _dialog.addText(_("Can't get profile parameter.")) | |
| 80 return {'xmlui': _dialog.toXml()} | |
| 81 | |
| 82 @defer.inlineCallbacks | |
| 83 def _verifyPassword(self, data, profile): | |
| 84 """Verify the given password | |
| 85 | |
| 86 @param data (dict) | |
| 87 @param profile: %(doc_profile)s | |
| 88 @return: deferred dict | |
| 89 """ | |
| 90 assert(profile in self.profile_ciphers) | |
| 91 assert(data['caller']) | |
| 92 | |
| 93 try: | |
| 94 profile_password = data[xml_tools.formEscape('profile_password')] | |
| 95 except KeyError: | |
| 96 profile_password = data['profile_password'] # not received from a user input | |
| 97 verified = yield PasswordHasher.verify(profile_password, self.profile_ciphers[profile]) | |
| 98 if not verified: | |
| 99 _dialog = xml_tools.XMLUI('popup', title=D_('Error')) | |
| 100 _dialog.addText(_("The provided profile password doesn't match.")) | |
| 101 defer.returnValue({'xmlui': _dialog.toXml()}) | |
| 102 | |
| 103 yield self.host.memory.newAuthSession(profile_password, profile) | |
| 104 defer.returnValue({'authenticated_profile': profile, 'caller': data['caller']}) |