From bd5ec748b759e39619363564f029dcb116639d68 Mon Sep 17 00:00:00 2001
From: Patrick Bernard <bernard@nevrax.com>
Date: Tue, 23 May 2006 11:22:00 +0200
Subject: [PATCH] ADDED:RPCAuth files

---
 web/ryzom_com/RPCAuth/CHANGLOG.txt |  10 ++
 web/ryzom_com/RPCAuth/Makefile     |  66 +++++++++
 web/ryzom_com/RPCAuth/README.txt   |   6 +
 web/ryzom_com/RPCAuth/RPCAuth.gif  | Bin 0 -> 553 bytes
 web/ryzom_com/RPCAuth/RPCAuth.py   | 223 +++++++++++++++++++++++++++++
 web/ryzom_com/RPCAuth/__init__.py  |   9 ++
 web/ryzom_com/RPCAuth/refresh.txt  |   0
 web/ryzom_com/RPCAuth/utils.py     | 126 ++++++++++++++++
 web/ryzom_com/RPCAuth/version.txt  |   1 +
 9 files changed, 441 insertions(+)
 create mode 100755 web/ryzom_com/RPCAuth/CHANGLOG.txt
 create mode 100755 web/ryzom_com/RPCAuth/Makefile
 create mode 100755 web/ryzom_com/RPCAuth/README.txt
 create mode 100755 web/ryzom_com/RPCAuth/RPCAuth.gif
 create mode 100755 web/ryzom_com/RPCAuth/RPCAuth.py
 create mode 100755 web/ryzom_com/RPCAuth/__init__.py
 create mode 100755 web/ryzom_com/RPCAuth/refresh.txt
 create mode 100755 web/ryzom_com/RPCAuth/utils.py
 create mode 100755 web/ryzom_com/RPCAuth/version.txt

diff --git a/web/ryzom_com/RPCAuth/CHANGLOG.txt b/web/ryzom_com/RPCAuth/CHANGLOG.txt
new file mode 100755
index 000000000..5ae8bf754
--- /dev/null
+++ b/web/ryzom_com/RPCAuth/CHANGLOG.txt
@@ -0,0 +1,10 @@
+version 0.0.1 Initial release: works for me
+
+version 0.0.2 Changed detection in modifyRequest to check Content-Type
+and Request-Method
+
+version 0.0.3 Added add, list, remove methods so product coders can
+register their functions to avoid prefixing username and passwords.
+Changed modifyRequest to not check Content-Type.
+
+version 0.4 Zope 2.7 support. Work if unicode path is passed in.
\ No newline at end of file
diff --git a/web/ryzom_com/RPCAuth/Makefile b/web/ryzom_com/RPCAuth/Makefile
new file mode 100755
index 000000000..7db9a8862
--- /dev/null
+++ b/web/ryzom_com/RPCAuth/Makefile
@@ -0,0 +1,66 @@
+NAME=RPCAuth
+MAJOR_VERSION=0.1
+MINOR_VERSION=0
+RELEASE_TAG=final
+PACKAGE_NAME=${NAME}-${MAJOR_VERSION}.${MINOR_VERSION}_${RELEASE_TAG}
+
+PYTHON="/usr/bin/python"
+TMPDIR=~/tmp
+
+CURDIR=~/src/collective/RPCAuth
+BASE_DIR=${CURDIR}/..
+SOFTWARE_HOME=~/src/zope/2_7/lib/python
+INSTANCE_HOME=~/src/instance/head
+PACKAGES=RPCAuth
+
+
+RM=rm -f
+RMRF=rm -rf
+FIND=find
+XARGS=xargs
+CD=cd
+LN=ln -sfn
+CP=cp
+TAR=tar
+MKDIR=mkdir -p
+
+.PHONY : clean test reindent reindent_clean sdist
+.PHONY : default
+
+# default:     The default step (invoked when make is called without a target)
+default: clean test
+
+clean :
+	find . \( -name '*~' -o -name '*.py[co]' -o -name '*.bak' \) -exec rm {} \; -print
+
+reindent :
+	~/src/reindent.py -r -v .
+
+test :
+	export INSTANCE_HOME=${INSTANCE_HOME}; export SOFTWARE_HOME=${SOFTWARE_HOME}; \
+	cd ${CURDIR}/tests && ${PYTHON} runalltests.py
+
+
+# sdist:       Create a source distribution file (implies clean).
+#
+sdist: reindent clean sdist_tgz
+
+# sdist_tgz:   Create a tgz archive file as a source distribution.
+#
+sdist_tgz:
+	echo -n "${MAJOR_VERSION}.${MINOR_VERSION}-${RELEASE_TAG}" >\
+          ${CURDIR}/version.txt
+	${MKDIR} ${TMPDIR}/${PACKAGE_NAME}
+	${CD} ${TMPDIR}/${PACKAGE_NAME} && \
+          for package in ${PACKAGES}; do ${LN} ${BASE_DIR}/$$package .; done && \
+          ${CD} ${TMPDIR} && ${TAR} czfh ${BASE_DIR}/${PACKAGE_NAME}.tgz ${PACKAGE_NAME} \
+           --exclude=${PACKAGE_NAME}.tgz\
+           --exclude=CVS \
+           --exclude=.cvsignore \
+           --exclude=makefile \
+           --exclude=Makefile \
+           --exclude=*.pyc \
+           --exclude=TAGS \
+           --exclude=*~ \
+           --exclude=.#*
+	${RMRF} ${TMPDIR}/${PACKAGE_NAME}
diff --git a/web/ryzom_com/RPCAuth/README.txt b/web/ryzom_com/RPCAuth/README.txt
new file mode 100755
index 000000000..5f73e3494
--- /dev/null
+++ b/web/ryzom_com/RPCAuth/README.txt
@@ -0,0 +1,6 @@
+RPCAuth is a rip off of the great CookieCrumbler product.  It is
+designed to allow users of XML-RPC methods to pass their username and
+password as arguments.  It works on the same principle as the
+CookieCrumbler allowing the transparent use of existing UserFolders,
+just add a RPCAuth instance to the folder where your acl_users is
+located.
\ No newline at end of file
diff --git a/web/ryzom_com/RPCAuth/RPCAuth.gif b/web/ryzom_com/RPCAuth/RPCAuth.gif
new file mode 100755
index 0000000000000000000000000000000000000000..b4b103822a9d16dacb46cf90a6a761bff7f6a0fe
GIT binary patch
literal 553
zcmZ?wbhEHb6krfwIL5%RtBm1b6T{)wxGH&u7e^T$?_=0s&)H|jTrJOVZaTxK8;nQV
z84fgg-rDr;+;sJ`(~DNbD9mwXSR2c*A(`REa)xII81_^#TwYpreHp{MOAMzc0<{Nj
zD^Q<e&2V!y!%PQ;av6p`Q-%*$7*6#9&9UEC&G7fF(u-pZzn+QCuxB_mW#LR`hV2Cm
z)9n~qv=|OIFl;Ym`2AdAZ6d=$U&bGgmG+b|td3Pb))Txbone1N*<@S39({%%j|I!5
z8TM6kzC6J&$&z8B1;ed14120QFE3zN-~(j1?y1f?)z6U3&9FF#;pQ6lZH0OlW-|mb
zFsx6uo#)B$|A*!E<qYl&3>`WQ$GR92IT)&B8Pa$d3dI@z(;X=OWMSlDsAte&00K~)
zFtE2Z)HgM^w6?XkFfcN8v@)}>vh_Bzb8vET^R)8v@iz$w3JHsdiZzQ%NJ>f9%gD;f
zD<~={tJJHiscUG~YiaA~HtFfJ8W<WGo0yt4nOj&kSy_wP*w)+GJM=m_-Ewwep6sgc
p=I-G+*~`h>$JcMNe?VZ6RPf~b5aG~}u<!NZ5u1K!i*PVl0|1a(3r_$5

literal 0
HcmV?d00001

diff --git a/web/ryzom_com/RPCAuth/RPCAuth.py b/web/ryzom_com/RPCAuth/RPCAuth.py
new file mode 100755
index 000000000..3f540c1f5
--- /dev/null
+++ b/web/ryzom_com/RPCAuth/RPCAuth.py
@@ -0,0 +1,223 @@
+"""
+RPCAuth is a pretraversal hook that checks for xmlrpc calls and
+tries to extract a username and password from the arguements passed
+"""
+
+import sys
+from base64 import encodestring
+from urllib import quote, unquote
+from os import path
+import string
+from DateTime import DateTime
+from utils import SimpleItemWithProperties
+from AccessControl import ClassSecurityInfo, Permissions
+from ZPublisher import BeforeTraverse
+import Globals
+from zLOG import LOG, ERROR
+from App.Common import package_home
+from ZPublisher.HTTPRequest import HTTPRequest
+
+# Constants.
+ATTEMPT_DISABLED = -1
+ATTEMPT_NONE = 0
+ATTEMPT_LOGIN = 1
+ATTEMPT_CONT = 2
+
+ModifyRPCAuth = 'Change RPC Auth'
+
+
+class RPCAuth(SimpleItemWithProperties):
+    '''
+    Reads xmlrpc args during traversal and simulates the HTTP
+    authentication headers.
+    '''
+    meta_type = 'RPC Auth'
+    security = ClassSecurityInfo()
+    security.declareProtected(ModifyRPCAuth,
+                              'manage_editProperties',
+                              'manage_changeProperties')
+    security.declareProtected(Permissions.view_management_screens,
+                              'manage_propertiesForm')
+
+
+    _properties = ({'id':'uname_arg', 'type': 'string', 'mode':'w',
+                    'label':'User name arguement prefix'},
+                   {'id':'pword_arg', 'type': 'string', 'mode':'w',
+                    'label':'User password arguement prefix'},
+                   {'id':'remove_args','type':'boolean','mode':'w',
+                    'label':'Remove password username arguements'},
+                   )
+
+    def __init__(self):
+        self.remove_args = 1
+        self.uname_arg = 'zid'
+        self.pword_arg = 'zpw'
+        self._authProviders = {'absglob':{},'abs':{},'rel':{}}
+
+
+    security.declareProtected(ModifyRPCAuth,'addAuthProvider')
+    def addAuthProvider(self,objectPaths,function):
+        """takes a list of paths and a function as an arguements"""
+        aps = getattr(self,'_authProviders',{'absglob':{},'abs':{},'rel':{}})
+        for name in list(objectPaths):
+            if name[-1] == '/' and name[0] == '/': # absolute glob
+                aps['absglob'][tuple(string.split(name,'/')[1:-1])] = function
+            if name[0] == '/':  # absolute url
+                aps['abs'][tuple(string.split(name,'/')[1:])] = function
+            if name[0] != '/' and name[-1] != '/' and '/' in name: # relative
+                aps['rel'][tuple(string.split(name,'/'))] = function
+        self._authProviders = aps
+        self._p_changed = 1
+
+    security.declareProtected(ModifyRPCAuth,'listAuthProviders')
+    def listAuthProviders(self):
+        """a list of objects with auth providers"""
+        aps = getattr(self,'_authProviders',{'absglob':{},'abs':{},'rel':{}})
+        return aps['absglob'].keys()+\
+               aps['abs'].keys()+\
+               aps['rel'].keys()
+
+    security.declareProtected(ModifyRPCAuth,'removeAuthProvider')
+    def removeAuthProvider(self,objectPaths):
+        """remove auth providers objectPaths should be a list"""
+        for objectPath in list(objectPaths):
+            if type(objectPath) == type('s'):
+                objectPath = string.split(objectPath,'/')
+                while '' in objectPath: del objectPath[objectPath.index('')]
+                tuple(objectPath)
+            if objectPath in self._authProviders['absglob'].keys():
+                del self._authProviders['absglob'][objectPath]
+            elif objectPath in self._authProviders['abs'].keys():
+                del self._authProviders['abs'][objectPath]
+            elif objectPath in self._authProviders['rel'].keys():
+                del self._authProviders['rel'][objectPath]
+
+
+    def _identify(self,arg_tuple):
+        arg_list = list(arg_tuple)
+        zusername,zpassword = None,None
+        try:
+            for item in arg_tuple: #use the tuple here so we can delete items as we iterate
+                if type(item) == type('') and len(item) > len(self.uname_arg) and item[:len(self.uname_arg)] == self.uname_arg:
+                    zusername = item[len(self.uname_arg):]
+                    del arg_list[arg_list.index(item)]
+                    continue
+                if type(item) == type('') and len(item) > len(self.uname_arg) and item[:len(self.pword_arg)] == self.pword_arg:
+                    zpassword = item[len(self.pword_arg):]
+                    del arg_list[arg_list.index(item)]
+            if zusername and zpassword:
+                arg_tuple = tuple(arg_list)
+                return zusername,zpassword,arg_tuple
+            else:
+                return None,None,None
+        except 'none':
+            return None
+
+    def _registryIdentify(self,targetPath):
+        targetPath = list(targetPath)
+        targetPath.reverse()
+        targetPath = [a.encode('utf-8') for a in targetPath]
+        targetPath = tuple(targetPath)
+        # first check absolute path cuz it's easy
+        if targetPath in self._authProviders['abs'].keys():
+            return self._authProviders['abs'][targetPath]
+        # check relative paths
+        relPath = targetPath[:]
+        while len(relPath) > 1:
+            if relPath in self._authProviders['rel'].keys():
+                return self._authProviders['rel'][relPath]
+            relPath= relPath[1:]
+        # check absolute globs
+        globPath = targetPath[:-1]
+        while len(globPath) > 1:
+            if globPath in self._authProviders['absglob'].keys():
+                return self._authProviders['absglob'][globPath]
+            globPath=globPath[:-1]
+        return None
+
+    security.declarePrivate('modifyRequest')
+    def modifyRequest(self, req, resp):
+        # Returns flags indicating what the user is trying to do.
+
+        if req.__class__ is not HTTPRequest:
+            return ATTEMPT_DISABLED
+
+        if not req._auth:
+                # Attempt to log in.
+            targetPath = tuple(req['TraversalRequestNameStack'])
+            authProvider = self._registryIdentify(targetPath)
+            if authProvider:
+                name,pw,arg_tuple = authProvider(req.args)
+            else:
+                name,pw,arg_tuple = self._identify(req.args)
+            if name and pw:
+                ac = encodestring('%s:%s' % (name, pw))
+                req._auth = 'basic %s' % ac
+                resp._auth = 1
+                if self.remove_args or authProvider: # if we set remove_args or an authProvider is used
+                    req.args = arg_tuple
+                return ATTEMPT_LOGIN
+        return ATTEMPT_NONE
+
+    def __call__(self, container, req):
+        '''The __before_publishing_traverse__ hook.'''
+        resp = self.REQUEST['RESPONSE']
+        attempt = self.modifyRequest(req, resp)
+
+
+    def _cleanupResponse(self):
+        resp = self.REQUEST['RESPONSE']
+        try: del resp.unauthorized
+        except: pass
+        try: del resp._unauthorized
+        except: pass
+        return resp
+
+
+
+    security.declarePrivate('unauthorized')
+    def unauthorized(self):
+        resp.unauthorized()
+
+    def _unauthorized(self):
+        resp._unauthorized()
+
+
+    # Installation and removal of traversal hooks.
+
+    def manage_beforeDelete(self, item, container):
+        if item is self:
+            handle = self.meta_type + '/' + self.getId()
+            BeforeTraverse.unregisterBeforeTraverse(container, handle)
+
+    def manage_afterAdd(self, item, container):
+        if item is self:
+            handle = self.meta_type + '/' + self.getId()
+            container = container.this()
+            nc = BeforeTraverse.NameCaller(self.getId())
+            BeforeTraverse.registerBeforeTraverse(container, nc, handle)
+
+Globals.InitializeClass(RPCAuth)
+
+def manage_addRAForm(self):
+    "this is a form to get the id"
+    return """<html>
+    <head>
+       <title>Setup RPC Auth</title>
+    </head>
+    <body>
+    Please type the id of the RPC Auth:<br>
+        <form name="form" action="manage_addRPCAuth"><br>
+        <input type="text" name="id"><br>
+        <input type="submit" value="add">
+        </form>
+    </body>
+    </html>"""
+
+def manage_addRPCAuth(self, id, REQUEST=None):
+    ' '
+    ob = RPCAuth()
+    ob.id = id
+    self._setObject(id, ob)
+    if REQUEST is not None:
+        return self.manage_main(self, REQUEST)
diff --git a/web/ryzom_com/RPCAuth/__init__.py b/web/ryzom_com/RPCAuth/__init__.py
new file mode 100755
index 000000000..b2de199aa
--- /dev/null
+++ b/web/ryzom_com/RPCAuth/__init__.py
@@ -0,0 +1,9 @@
+import RPCAuth
+
+def initialize(context):
+    context.registerClass(
+        RPCAuth.RPCAuth,
+        constructors=(RPCAuth.manage_addRAForm,
+                      RPCAuth.manage_addRPCAuth),
+        icon = 'RPCAuth.gif'
+        )
diff --git a/web/ryzom_com/RPCAuth/refresh.txt b/web/ryzom_com/RPCAuth/refresh.txt
new file mode 100755
index 000000000..e69de29bb
diff --git a/web/ryzom_com/RPCAuth/utils.py b/web/ryzom_com/RPCAuth/utils.py
new file mode 100755
index 000000000..8df04c1e7
--- /dev/null
+++ b/web/ryzom_com/RPCAuth/utils.py
@@ -0,0 +1,126 @@
+##############################################################################
+#
+# Zope Public License (ZPL) Version 1.0
+# -------------------------------------
+#
+# Copyright (c) Digital Creations.  All rights reserved.
+#
+# This license has been certified as Open Source(tm).
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+# 1. Redistributions in source code must retain the above copyright
+#    notice, this list of conditions, and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions, and the following disclaimer in
+#    the documentation and/or other materials provided with the
+#    distribution.
+#
+# 3. Digital Creations requests that attribution be given to Zope
+#    in any manner possible. Zope includes a "Powered by Zope"
+#    button that is installed by default. While it is not a license
+#    violation to remove this button, it is requested that the
+#    attribution remain. A significant investment has been put
+#    into Zope, and this effort will continue if the Zope community
+#    continues to grow. This is one way to assure that growth.
+#
+# 4. All advertising materials and documentation mentioning
+#    features derived from or use of this software must display
+#    the following acknowledgement:
+#
+#      "This product includes software developed by Digital Creations
+#      for use in the Z Object Publishing Environment
+#      (http://www.zope.org/)."
+#
+#    In the event that the product being advertised includes an
+#    intact Zope distribution (with copyright and license included)
+#    then this clause is waived.
+#
+# 5. Names associated with Zope or Digital Creations must not be used to
+#    endorse or promote products derived from this software without
+#    prior written permission from Digital Creations.
+#
+# 6. Modified redistributions of any form whatsoever must retain
+#    the following acknowledgment:
+#
+#      "This product includes software developed by Digital Creations
+#      for use in the Z Object Publishing Environment
+#      (http://www.zope.org/)."
+#
+#    Intact (re-)distributions of any official Zope release do not
+#    require an external acknowledgement.
+#
+# 7. Modifications are encouraged but must be packaged separately as
+#    patches to official Zope releases.  Distributions that do not
+#    clearly separate the patches from the original work must be clearly
+#    labeled as unofficial distributions.  Modifications which do not
+#    carry the name Zope may be packaged in any form, as long as they
+#    conform to all of the clauses above.
+#
+#
+# Disclaimer
+#
+#   THIS SOFTWARE IS PROVIDED BY DIGITAL CREATIONS ``AS IS'' AND ANY
+#   EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+#   IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+#   PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL DIGITAL CREATIONS OR ITS
+#   CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+#   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+#   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+#   USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+#   ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+#   OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+#   OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+#   SUCH DAMAGE.
+#
+#
+# This software consists of contributions made by Digital Creations and
+# many individuals on behalf of Digital Creations.  Specific
+# attributions are listed in the accompanying credits file.
+#
+##############################################################################
+'''$Id: utils.py,v 1.1 2006/05/23 09:22:00 bernard Exp $
+'''
+
+import Globals
+from AccessControl import ClassSecurityInfo
+from OFS.PropertyManager import PropertyManager
+from OFS.SimpleItem import SimpleItem
+
+
+class SimpleItemWithProperties (PropertyManager, SimpleItem):
+    '''
+    A common base class for objects with configurable
+    properties in a fixed schema.
+    '''
+    manage_options = (
+        PropertyManager.manage_options
+        + SimpleItem.manage_options)
+
+    security = ClassSecurityInfo()
+    security.declarePrivate(
+        'manage_addProperty',
+        'manage_delProperties',
+        'manage_changePropertyTypes',
+        )
+
+    def manage_propertiesForm(self, REQUEST, *args, **kw):
+        'An override that makes the schema fixed.'
+        my_kw = kw.copy()
+        my_kw['property_extensible_schema__'] = 0
+        return apply(PropertyManager.manage_propertiesForm,
+                     (self, self, REQUEST,) + args, my_kw)
+
+    security.declarePublic('propertyLabel')
+    def propertyLabel(self, id):
+        """Return a label for the given property id
+        """
+        for p in self._properties:
+            if p['id'] == id:
+                return p.get('label', id)
+        return id
+
+Globals.InitializeClass(SimpleItemWithProperties)
diff --git a/web/ryzom_com/RPCAuth/version.txt b/web/ryzom_com/RPCAuth/version.txt
new file mode 100755
index 000000000..d3dcea98b
--- /dev/null
+++ b/web/ryzom_com/RPCAuth/version.txt
@@ -0,0 +1 @@
+0.1.0-final
\ No newline at end of file