1 # -*- coding: iso-8859-1 -*-
3 MoinMoin - FusionForge session cookie authentication
5 @copyright: 2005 MoinMoin:AlexanderSchremmer (Thanks to Spreadshirt)
6 @copyright: 2011 Roland Mas
7 @license: GNU GPL, see COPYING for details.
16 from MoinMoin import user
17 from MoinMoin.auth import _PHPsessionParser, BaseAuth
19 class FusionForgeLink():
20 def get_config(self, varname, secname='core'):
21 if secname not in self.cachedconfig:
22 self.cachedconfig[secname] = {}
23 if varname not in self.cachedconfig[secname]:
24 self.cachedconfig[secname][varname] = subprocess.Popen(["/usr/share/gforge/bin/forge_get_config", varname, secname], stdout = subprocess.PIPE).communicate()[0].rstrip('\n')
25 return self.cachedconfig[secname][varname]
27 def __init__(self, cookies=['session_ser'], autocreate=True):
28 self.cachedconfig = {}
29 self.database_host = self.get_config('database_host')
30 self.database_name = self.get_config('database_name')
31 self.database_user = self.get_config('database_user')
32 self.database_port = self.get_config('database_port')
33 self.database_password = self.get_config('database_password')
36 def get_connection(self):
37 if (self.database_host != ''):
38 return psycopg2.connect(database=self.database_name,
39 user=self.database_user,
40 port=self.database_port,
41 password=self.database_password,
42 host=self.database_host)
44 return psycopg2.connect(database=self.database_name,
45 user=self.database_user,
46 port=self.database_port,
47 password=self.database_password)
49 def get_projects(self):
50 conn = self.get_connection()
52 cur.execute("SELECT g.unix_group_name from groups g, group_plugin gp, plugins p where g.group_id = gp.group_id and gp.plugin_id = p.plugin_id and p.plugin_name = 'moinmoin'")
55 projects.append(record[0])
59 class FusionForgeSessionAuth(BaseAuth):
60 """ FusionForge session cookie authentication """
62 name = 'fusionforge_session'
63 logout_possible = False
65 def __init__(self, cookies=['session_ser'], autocreate=True):
66 """ @param cookie: Names of the cookies to parse.
68 BaseAuth.__init__(self)
69 self.cookies = cookies
70 self.autocreate = autocreate
72 self.fflink = FusionForgeLink()
73 self.session_key = self.fflink.get_config('session_key')
75 def get_super_users(self):
76 conn = self.fflink.get_connection()
78 cur.execute("SELECT distinct(u.user_name) from users u, pfo_user_role pur, pfo_role pr, pfo_role_setting prs WHERE u.user_id = pur.user_id AND pur.role_id = pr.role_id AND pr.role_id = prs.role_id AND prs.section_name='forge_admin'")
81 admins.append(record[0])
85 def request(self, request, user_obj, **kw):
86 cookies = kw.get('cookie')
87 if cookies is None or cookies == {}:
90 for cookiename in cookies:
91 if cookiename not in self.cookies:
93 cookievalue = urllib.unquote(cookies[cookiename]).decode('iso-8859-1')
95 m = re.search('(.*)-\*-(.*)', cookievalue)
98 (sserial, shash) = m.group(1, 2)
100 sdata = base64.b64decode(sserial)
101 if hashlib.md5(sdata + self.session_key).hexdigest() != shash:
104 m = re.search('(.*)-\*-(.*)-\*-(.*)-\*-(.*)', sdata)
107 (user_id, time, ip, user_agent) = m.group(1, 2, 3, 4)
109 conn = self.fflink.get_connection()
111 cur.execute("SELECT user_name, realname FROM users WHERE user_id=%s", [user_id])
112 (loginname, realname) = cur.fetchone()
116 # MoinMoin doesn't enforce unicity of realnames
117 u = user.User(request, name=loginname, auth_username=loginname,
118 auth_method=self.name)
120 if u and self.autocreate:
121 u.create_or_update(True)