Commits

Adrian Dries committed 4037df0

put things in a sensible order

Comments (0)

Files changed (1)

fenton/ext/crowd.py

     return CrowdUser(p)
 
 
-class CrowdUser(security.User):
-    username = name = groups = tz = None
-
-    def __init__(self, user):
-        self.username = user.username
-        self.name = user.display_name
-        self.mail = user.email_address
-        self.groups = set(user.groupnames)
-        self.password_ttl = user.password_ttl
-        self.password_stamp = user.password_stamp
-        self.touch()
-
-    def __repr__(self):
-        return 'CrowdUser(%s)' % self.username
-
-    def password_change_due(self, grace=None):
-        if not grace:
-            return False
-        return self.password_ttl and self.password_ttl < grace
-
-    @property
-    def password_age(self):
-        if not self.password_stamp:
-            return None
-        now = timestamp.localnow(self.tz)
-        return now - self.password_stamp
-
-    def authenticate(self, request):
-        app = request.app
-        if not app.config.get('crowd_single_signon'):
-            return
-
-        cc = app.crowd_client
-        ua = request.user_agent
-        ra = request.remote_addr
-        token = cc.createPrincipalToken(self.username, ua, ra)
-        response = getattr(request, 'response', None)
-        if response:
-            response.set_cookie(cc.cookie_name, token,
-                                domain=cc.cookie_domain,
-                                path=cc.cookie_path,
-                                secure=cc.cookie_secure,
-                                httponly=True)
-
-
-    def unauthenticate(self, request):
-        cc = request.app.crowd_client
-        token = request.cookies.get(cc.cookie_name)
-        if not token:
-            return
-        cc.invalidatePrincipalToken(token)
-        response = getattr(request, 'response', None)
-        if response:
-            response.delete_cookie(cc.cookie_name, path='/')
-
-    def touch(self):
-        self._authenticated_ttl = int(time.time())
-
-    def verify_authenticated(self, context):
-        if not context.request.app.config.get('crowd_single_signon'):
-            return True
-        now = int(time.time())
-        app = context.app
-        cc = app.crowd_client
-        previous = self._authenticated_ttl
-
-        ttl = int(app.config.get('security.verify.ttl') or 0)
-        if now - previous < ttl:
-            return True
-        token = context.request.cookies.get(cc.cookie_name)
-        if not token:
-            raise security.NotAuthenticated
-        u = context.request.user_agent
-        r = context.request.remote_addr
-        if not cc.isValidPrincipalToken(token, u, r):
-            context.request.user = security.ANONYMOUS
-            raise security.NotAuthenticated
-        self.touch()
-        return True
-
-
-
-
-class ApiError(Exception):
-    pass
-
-class NewClient:
-    default_host = 'localhost:8095'
-    path = '/crowd/rest/usermanagement/1/'
-    def __init__(self, appname, appkey, host=None, debug=False):
-        self.host = host or self.default_host
-        self.auth = ('%s:%s' % (appname, appkey)).encode('base64').replace('\n', '')
-
-    def createPrincipalToken(self, username, user_agent=None, remote_addr=None):
-        pass
-
-    def isValidPrincipalToken(self, token, user_agent=None, remote_addr=None):
-        pass
-
-    def invalidatePrincipalToken(self, token):
-        pass
-
-    def request(self, method, path, data=None):
-
-        import httplib
-        h = httplib.HTTPConnection(self.host)
-        headers = {
-            'Authorization': 'Basic ' + self.auth,
-            'Accept': 'application/json',
-            'Connection': 'close'
-        }
-        if data:
-            headers['Content-Type'] = 'application/json'
-            data = types.json.dumps(data)
-
-        try:
-            h.request(method, self.path + path, data, headers)
-            r = h.getresponse()
-        except socket.error, e:
-            raise URLError(e)
-
-        rsp = r.read()
-        if 200 <= r.status <= 299:
-            return types.json.loads(rsp)
-        raise ApiError(rsp)
-
-
-
-
-
 def qn(ns, tag):
     return '{%s}%s' % (ns, tag)
 
         return etree.Element(name, **attrs)
 
 
+
+
 class SoapError(Exception):
     pass
 
 
+
+
 class SoapService:
 
     ns_soap = 'http://schemas.xmlsoap.org/soap/envelope/'
 
 
 
+class NewClient:
+    default_host = 'localhost:8095'
+    path = '/crowd/rest/usermanagement/1/'
+    def __init__(self, appname, appkey, host=None, debug=False):
+        self.host = host or self.default_host
+        self.auth = ('%s:%s' % (appname, appkey)).encode('base64').replace('\n', '')
+
+    def createPrincipalToken(self, username, user_agent=None, remote_addr=None):
+        pass
+
+    def isValidPrincipalToken(self, token, user_agent=None, remote_addr=None):
+        pass
+
+    def invalidatePrincipalToken(self, token):
+        pass
+
+    def request(self, method, path, data=None):
+
+        import httplib
+        h = httplib.HTTPConnection(self.host)
+        headers = {
+            'Authorization': 'Basic ' + self.auth,
+            'Accept': 'application/json',
+            'Connection': 'close'
+        }
+        if data:
+            headers['Content-Type'] = 'application/json'
+            data = types.json.dumps(data)
+
+        try:
+            h.request(method, self.path + path, data, headers)
+            r = h.getresponse()
+        except socket.error, e:
+            raise URLError(e)
+
+        rsp = r.read()
+        if 200 <= r.status <= 299:
+            return types.json.loads(rsp)
+        raise SoapError(rsp)
+
+
+
+
+class CrowdUser(security.User):
+    username = name = groups = tz = None
+
+    def __init__(self, user):
+        self.username = user.username
+        self.name = user.display_name
+        self.mail = user.email_address
+        self.groups = set(user.groupnames)
+        self.password_ttl = user.password_ttl
+        self.password_stamp = user.password_stamp
+        self.touch()
+
+    def __repr__(self):
+        return 'CrowdUser(%s)' % self.username
+
+    def password_change_due(self, grace=None):
+        if not grace:
+            return False
+        return self.password_ttl and self.password_ttl < grace
+
+    @property
+    def password_age(self):
+        if not self.password_stamp:
+            return None
+        now = timestamp.localnow(self.tz)
+        return now - self.password_stamp
+
+    def authenticate(self, request):
+        app = request.app
+        if not app.config.get('crowd_single_signon'):
+            return
+
+        cc = app.crowd_client
+        ua = request.user_agent
+        ra = request.remote_addr
+        token = cc.createPrincipalToken(self.username, ua, ra)
+        response = getattr(request, 'response', None)
+        if response:
+            response.set_cookie(cc.cookie_name, token,
+                                domain=cc.cookie_domain,
+                                path=cc.cookie_path,
+                                secure=cc.cookie_secure,
+                                httponly=True)
+
+
+    def unauthenticate(self, request):
+        cc = request.app.crowd_client
+        token = request.cookies.get(cc.cookie_name)
+        if not token:
+            return
+        cc.invalidatePrincipalToken(token)
+        response = getattr(request, 'response', None)
+        if response:
+            response.delete_cookie(cc.cookie_name, path='/')
+
+    def touch(self):
+        self._authenticated_ttl = int(time.time())
+
+    def verify_authenticated(self, context):
+        if not context.request.app.config.get('crowd_single_signon'):
+            return True
+        now = int(time.time())
+        app = context.app
+        cc = app.crowd_client
+        previous = self._authenticated_ttl
+
+        ttl = int(app.config.get('security.verify.ttl') or 0)
+        if now - previous < ttl:
+            return True
+        token = context.request.cookies.get(cc.cookie_name)
+        if not token:
+            raise security.NotAuthenticated
+        u = context.request.user_agent
+        r = context.request.remote_addr
+        if not cc.isValidPrincipalToken(token, u, r):
+            context.request.user = security.ANONYMOUS
+            raise security.NotAuthenticated
+        self.touch()
+        return True
+
+
+
+
 @declarative()
 class CrowdObject:
 
 
 
 
-class Membership(CrowdObject):
-    __tablename__ = 'cwd_membership'
-    id = sql.Column(sql.Integer(), primary_key=True)
-    parent_id = sql.Column(sql.Integer())
-    child_id = sql.Column(sql.Integer())
-    membership_type = sql.Column(sql.String(length=32))
-    group_type = sql.Column(sql.String(length=32))
-
-    parent_name = sql.Column(sql.String(length=255), nullable=False)
-    lower_parent_name = sql.Column(sql.String(length=255), nullable=False)
-    child_name = sql.Column(sql.String(length=255), nullable=False)
-    lower_child_name = sql.Column(sql.String(length=255), nullable=False)
-
-    directory_id = sql.Column(sql.Integer(), nullable=False)
-
-    def __init__(self, group, user):
-        self.group = group
-        self.user = user
-        self.parent_name = group.group_name
-        self.lower_parent_name = group.lower_group_name
-        self.child_name = user.user_name
-        self.lower_child_name = user.lower_user_name
-        self.directory_id = CROWD_DIRECTORY_ID
-        self.group_type = 'GROUP'
-        self.membership_type = 'GROUP_USER'
-
-    __table_args__ = (
-        sql.ForeignKeyConstraint(['directory_id', 'lower_parent_name'],
-                                 ['cwd_group.directory_id', 'cwd_group.lower_group_name']),
-        sql.ForeignKeyConstraint(['directory_id', 'lower_child_name'],
-                                 ['cwd_user.directory_id', 'cwd_user.lower_user_name']),
-    )
-
-# end class Membership
-
-
-
-
 class Attribute(CrowdObject):
     __tablename__ = 'cwd_user_attribute'
     id = sql.Column(sql.Integer(), primary_key=True)
 
 
 
+class Membership(CrowdObject):
+    __tablename__ = 'cwd_membership'
+    id = sql.Column(sql.Integer(), primary_key=True)
+    parent_id = sql.Column(sql.Integer())
+    child_id = sql.Column(sql.Integer())
+    membership_type = sql.Column(sql.String(length=32))
+    group_type = sql.Column(sql.String(length=32))
+
+    parent_name = sql.Column(sql.String(length=255), nullable=False)
+    lower_parent_name = sql.Column(sql.String(length=255), nullable=False)
+    child_name = sql.Column(sql.String(length=255), nullable=False)
+    lower_child_name = sql.Column(sql.String(length=255), nullable=False)
+
+    directory_id = sql.Column(sql.Integer(), nullable=False)
+
+    def __init__(self, group, user):
+        self.group = group
+        self.user = user
+        self.parent_name = group.group_name
+        self.lower_parent_name = group.lower_group_name
+        self.child_name = user.user_name
+        self.lower_child_name = user.lower_user_name
+        self.directory_id = CROWD_DIRECTORY_ID
+        self.group_type = 'GROUP'
+        self.membership_type = 'GROUP_USER'
+
+    __table_args__ = (
+        sql.ForeignKeyConstraint(['directory_id', 'lower_parent_name'],
+                                 ['cwd_group.directory_id', 'cwd_group.lower_group_name']),
+        sql.ForeignKeyConstraint(['directory_id', 'lower_child_name'],
+                                 ['cwd_user.directory_id', 'cwd_user.lower_user_name']),
+    )
+
+# end class Membership
+
+
+
+