mirror of
https://github.com/YunoHost-Apps/seafile_ynh.git
synced 2024-09-03 20:26:01 +02:00
94 lines
3.8 KiB
Python
94 lines
3.8 KiB
Python
# (c) 2009-2011 Martin Wendt and contributors; see WsgiDAV http://wsgidav.googlecode.com/
|
|
# Original PyFileServer (c) 2005 Ho Chun Wei.
|
|
# Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php
|
|
"""
|
|
Implementation of a domain controller that uses realm/username/password mappings
|
|
from the configuration file and uses the share path as realm name.
|
|
|
|
userMap is defined a follows::
|
|
|
|
userMap = {'realm1': {
|
|
'John Smith': {'description': '',
|
|
'password': 'YouNeverGuessMe',
|
|
},
|
|
'Dan Brown': {'description': '',
|
|
'password': 'DontGuessMeEither',
|
|
},
|
|
}
|
|
'realm2': {
|
|
...
|
|
}
|
|
}
|
|
|
|
The WsgiDAVDomainController fulfills the requirements of a DomainController as
|
|
used for authentication with http_authenticator.HTTPAuthenticator for the
|
|
WsgiDAV application.
|
|
|
|
Domain Controllers must provide the methods as described in
|
|
domaincontrollerinterface_
|
|
|
|
.. _domaincontrollerinterface : interfaces/domaincontrollerinterface.py
|
|
|
|
|
|
See `Developers info`_ for more information about the WsgiDAV architecture.
|
|
|
|
.. _`Developers info`: http://docs.wsgidav.googlecode.com/hg/html/develop.html
|
|
"""
|
|
import sys
|
|
__docformat__ = "reStructuredText"
|
|
|
|
class WsgiDAVDomainController(object):
|
|
|
|
def __init__(self, userMap):
|
|
self.userMap = userMap
|
|
# self.allowAnonymous = allowAnonymous
|
|
|
|
|
|
def __repr__(self):
|
|
return self.__class__.__name__
|
|
|
|
|
|
def getDomainRealm(self, inputURL, environ):
|
|
"""Resolve a relative url to the appropriate realm name."""
|
|
# we don't get the realm here, its already been resolved in request_resolver
|
|
davProvider = environ["wsgidav.provider"]
|
|
if not davProvider:
|
|
if environ["wsgidav.verbose"] >= 2:
|
|
print >>sys.stdout, "getDomainRealm(%s): '%s'" %(inputURL, None)
|
|
return None
|
|
realm = davProvider.sharePath
|
|
if realm == "":
|
|
realm = "/"
|
|
# if environ["wsgidav.verbose"] >= 2:
|
|
# print >>sys.stdout, "getDomainRealm(%s): '%s'" %(inputURL, realm)
|
|
return realm
|
|
|
|
|
|
def requireAuthentication(self, realmname, environ):
|
|
"""Return True if this realm requires authentication or False if it is
|
|
available for general access."""
|
|
# TODO: Should check for --allow_anonymous?
|
|
# assert realmname in environ["wsgidav.config"]["user_mapping"], "Currently there must be at least on user mapping for this realm"
|
|
return realmname in self.userMap
|
|
|
|
|
|
def isRealmUser(self, realmname, username, environ):
|
|
"""Returns True if this username is valid for the realm, False otherwise."""
|
|
# if environ["wsgidav.verbose"] >= 2:
|
|
# print >>sys.stdout, "isRealmUser('%s', '%s'): %s" %(realmname, username, realmname in self.userMap and username in self.userMap[realmname])
|
|
return realmname in self.userMap and username in self.userMap[realmname]
|
|
|
|
|
|
def getRealmUserPassword(self, realmname, username, environ):
|
|
"""Return the password for the given username for the realm.
|
|
|
|
Used for digest authentication.
|
|
"""
|
|
return self.userMap.get(realmname, {}).get(username, {}).get("password")
|
|
|
|
|
|
def authDomainUser(self, realmname, username, password, environ):
|
|
"""Returns True if this username/password pair is valid for the realm,
|
|
False otherwise. Used for basic authentication."""
|
|
user = self.userMap.get(realmname, {}).get(username)
|
|
return user is not None and password == user.get("password")
|