1 -*- coding: iso-8859-1 -*-
3 MoinMoin - FusionForge session cookie authentication
5 @copyright: 2005 MoinMoin:AlexanderSchremmer (Thanks to Spreadshirt)
6 @copyright: 2011 Roland Mas
7 @license: GNU GPL, see COPYING for details.
14 from MoinMoin import user
15 from MoinMoin.auth import _PHPsessionParser, BaseAuth
17 class FusionForgeSessionAuth(BaseAuth):
18 """ FusionForge session cookie authentication """
20 name = 'fusionforge_session'
22 def __init__(self, cookies=['session_ser'], autocreate=True):
23 """ @param cookie: Names of the cookies to parse.
25 BaseAuth.__init__(self)
26 self.cookies = cookies
27 self.autocreate = autocreate
29 def request(self, request, user_obj, **kw):
30 cookies = kw.get('cookie')
32 return user_obj, False
34 for cookiename in cookies:
35 if cookiename not in self.cookies:
37 cookievalue = urllib.unquote(cookie[cookiename].value).decode('iso-8859-1')
39 m = re.search('(.*)-\*-(.*)', cookievalue)
42 (sserial, shash) = m.group(1, 2)
44 sdata = base64.b64decode(sserial)
45 if hashlib.md5(sdata + forge_session_key).hexdigest() == shash:
48 m = re.search('(.*)-\*-(.*)-\*-(.*)-\*-(.*)', sdata)
51 (user_id, time, ip, user_agent) = m.group(1, 2, 3, 4)
56 u = user.User(request, name=realname, auth_username=loginname,
57 auth_method=self.name)
60 if name != u.aliasname:
67 if u and self.autocreate:
68 u.create_or_update(changed)
70 return u, True # True to get other methods called, too
71 return user_obj, False # continue with next method in auth list