Bug 31861 – UMC-Server: authentication API should be more generic

Bug 31861 - UMC-Server: authentication API should be more generic


Summary:	UMC-Server: authentication API should be more generic

Status:	RESOLVED DUPLICATE of bug 31943

Product:	UCS
Classification:	Unclassified
Component:	UMC (Generic)
Version:	UCS 3.1
Hardware:	Other Linux

Importance:	P5 enhancement (vote)
Target Milestone:	---
Assigned To:	UMC maintainers
QA Contact:

URL:
Keywords:

Depends on:
Blocks:	31943
	Show dependency tree / graph

Reported:	2013-07-01 14:41 CEST by Jacek Groth
Modified:	2015-07-24 12:04 CEST (History)
CC List:	3 users (show)

See Also:	31943
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
patch (7.17 KB, patch) 2013-07-01 14:41 CEST, Jacek Groth	Details \| Diff
auth.patch (5.58 KB, patch) 2013-07-11 08:55 CEST, Florian Best	Details \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jacek Groth

2013-07-01 14:41:57 CEST

Created attachment 5300 [details]
patch

This patch aims to make auth. in UMC more generic.
Was made vs dev/branches/ucs-3.2

Comment 1 Jacek Groth

2013-07-01 14:44:36 CEST

This is a dependency for UMC connection to SAML

Comment 2 Florian Best

2013-07-05 11:41:14 CEST

Comment on attachment 5300 [details]
patch

Index: univention-management-console/src/univention/management/console/auth.py
===================================================================
--- univention-management-console/src/univention/management/console/auth.py	(Revision 41838)
+++ univention-management-console/src/univention/management/console/auth.py	(Arbeitskopie)
@@ -247,7 +247,7 @@
 		self.signal_new( 'authenticated' )
 		self.__credentials = None
 
-	def _create_modules( self, username, password ):
+	def _create_modules( self, username, password, **kwargs ):
 		global _all_modules
 		self._modules = []
 		for mod in _all_modules:
@@ -256,11 +256,13 @@
 			instance.signal_connect( 'password_changed', self._password_changed )
 			self._modules.append( instance )
 		self._modules.reverse()
-
-	def authenticate( self, username, password, new_password=None ):
-		self._create_modules( username, password )
+	  
+	def authenticate( self, username, password, **kwargs ):
+		if kwargs.get('auth_type') == "saml":
+			AUTH.warn('__starting SAML Authenticate __')
+		self._create_modules( username, password, **kwargs )
 		self._current = self._modules.pop()
-		self.__new_password = new_password
+		self.__new_password = kwargs.get('new_password')
 		self._current.authenticate()
 		self.__credentials = ( username, password )
 
Index: univention-management-console/src/univention/management/console/protocol/session.py
===================================================================
--- univention-management-console/src/univention/management/console/protocol/session.py	(Revision 41838)
+++ univention-management-console/src/univention/management/console/protocol/session.py	(Arbeitskopie)
@@ -99,10 +99,10 @@
 	def _authenticated( self, success ):
 		self.signal_emit( 'authenticated', success, self )
 
-	def authenticate( self, username, password, new_password=None ):
+	def authenticate( self, username, password, **kwargs  ):
 		"""Initiates an authentication process"""
 		self.username = username
-		self.__auth.authenticate( username, password, new_password )
+		self.__auth.authenticate( username, password, **kwargs )
 
 	def credentials( self ):
 		"""Returns the credentials"""
Index: univention-management-console/src/univention/management/console/protocol/server.py
===================================================================
--- univention-management-console/src/univention/management/console/protocol/server.py	(Revision 41838)
+++ univention-management-console/src/univention/management/console/protocol/server.py	(Arbeitskopie)
@@ -213,7 +213,11 @@
 		elif msg.command == 'AUTH':
 			state.authResponse = Response( msg )
 			try:
-				state.authenticate( msg.body[ 'username' ], msg.body[ 'password' ], msg.body.get( 'new_password' ) )
+				state.authenticate(**dict(auth_type=msg.body.get('auth_type'),
+				                          username=msg.body['username'],
+				                          password=msg.body['password'],
+				                          new_password=msg.body.get('new_password'))
+				)
 			except ( TypeError, KeyError ), e:
 				state.authResponse.status = BAD_REQUEST_INVALID_OPTS
 				state.authResponse.message = 'insufficient authentification information'
@@ -500,6 +504,7 @@
 
 	def _connection( self, socket ):
 		'''Signal callback: Invoked on incoming connections.'''
+
 		socket, addr = socket.accept()
 		socket.setblocking( 0 )
 		if addr:
Index: univention-management-console/src/univention/management/console/protocol/client.py
===================================================================
--- univention-management-console/src/univention/management/console/protocol/client.py	(Revision 41838)
+++ univention-management-console/src/univention/management/console/protocol/client.py	(Arbeitskopie)
@@ -340,12 +340,13 @@
 		else:
 			self.signal_emit( 'error', UnknownRequestError() )
 
-	def authenticate( self, username, password, new_password=None ):
+	def authenticate( self, username, password, **kwargs ):
 		"""Authenticate against the UMC server"""
 		authRequest = Request ('AUTH' )
+		
+		authRequest.body.update(kwargs)
 		authRequest.body['username'] = username
 		authRequest.body['password'] = password
-		authRequest.body['new_password'] = new_password
 
 		self.request( authRequest )
 
Index: univention-management-console-frontend/univention-management-console-web-server
===================================================================
--- univention-management-console-frontend/univention-management-console-web-server	(Revision 41838)
+++ univention-management-console-frontend/univention-management-console-web-server	(Arbeitskopie)
@@ -133,7 +133,7 @@
 		self._auth_response = umcp.Response( request )
 		self._auth_response.body['sessionid'] = request.body.get('sessionid','')
 		self._auth_response_queue = response_queue
-		self.client.authenticate( request.body[ 'username' ], request.body[ 'password' ], request.body[ 'new_password' ] )
+		self.client.authenticate( **request.body )
 
 	def _response(self, response):
 		"""Queue response from UMC server."""
@@ -553,14 +553,14 @@
 			body = cherrypy.request.body.read()
 
 		json = self.load_json(body)
-
 		CORE.info('CPRoot/command: request: command=%s' % cherrypy.request.path_info )
 
 		# create new UMCP request
 		req = umcp.Request( 'AUTH' )
-		req.body[ 'username' ] = json[ 'options' ].get('username','')
-		req.body[ 'password' ] = json[ 'options' ].get('password','')
-		req.body[ 'new_password' ] = json[ 'options' ].get('new_password')
+		json.setdefault('password', '')
+		json.setdefault('username', '')
+		json.setdefault('new_password', '')
+		req.body = json
 
 		# create new response queue
 		response_queue = Queue.Queue()

Comment 3 Florian Best

2013-07-11 08:55:12 CEST

Created attachment 5318 [details]
auth.patch

A cleaned up patch. Sorry for comment #2.

Comment 4 Stefan Gohmann

2014-02-18 21:29:14 CET

This issue has been filed against the UCS version "unstable" which does not really exist. Please change the version value.

Comment 5 Florian Best

2015-07-24 12:04:58 CEST

Implementation is done at Bug #31943. The patch is not required.

*** This bug has been marked as a duplicate of bug 31943 ***