Implemented PluggableAuthService Interfaces
The PluggableAuthService plugins in this package implement interfaces defined in the PluggableAuthService package.
- interface Products.PluggableAuthService.interfaces.plugins.IAuthenticationPlugin
Map credentials to a user ID.
- authenticateCredentials(credentials)
credentials -> (userid, login)
o ‘credentials’ will be a mapping, as returned by IExtractionPlugin.
- o Return a tuple consisting of user ID (which may be different
from the login name) and login
o If the credentials cannot be authenticated, return None.
- interface Products.PluggableAuthService.interfaces.plugins.IChallengePlugin
Initiate a challenge to the user to provide credentials.
Challenge plugins have an attribute ‘protocol’ representing the protocol the plugin operates under, defaulting to None.
Plugins operating under the same protocol will all be given an attempt to fire. The first plugin of a protocol group that successfully fires establishes the protocol of the overall challenge.
- challenge(request, response)
Assert via the response that credentials will be gathered.
Takes a REQUEST object and a RESPONSE object.
Returns True if it fired, False otherwise.
Two common ways to initiate a challenge:
Add a ‘WWW-Authenticate’ header to the response object.
NOTE: add, since the HTTP spec specifically allows for more than one challenge in a given response.
Cause the response object to redirect to another URL (a login form page, for instance)
- interface Products.PluggableAuthService.interfaces.plugins.ICredentialsResetPlugin
Callback: user has logged out.
- resetCredentials(request, response)
Scribble as appropriate.
- interface Products.PluggableAuthService.interfaces.plugins.IExtractionPlugin
Extracts login name and credentials from a request.
- extractCredentials(request)
request -> {…}
o Return a mapping of any derived credentials.
- o Return an empty mapping to indicate that the plugin found no
appropriate credentials.
- interface Products.PluggableAuthService.interfaces.plugins.IPropertiesPlugin
Return a property set for a user.
- getPropertiesForUser(user, request=None)
user -> empty dict
o User will implement IPropertiedUser.
- o Plugin should return a dictionary or an object providing
IPropertySheet.
- o Plugin may scribble on the user, if needed (but must still
return a mapping, even if empty).
- o May assign properties based on values in the REQUEST object, if
present