/usr/share/pyshared/zope/pluggableauth/interfaces.py is in python-zope.pluggableauth 1.3-0ubuntu1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 | ##############################################################################
#
# Copyright (c) 2004 Zope Foundation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.1 (ZPL). A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""Pluggable Authentication Utility Interfaces
"""
__docformat__ = "reStructuredText"
import zope.interface
from zope.i18nmessageid import MessageFactory
from zope.authentication.interfaces import ILogout
from zope.container.constraints import contains, containers
from zope.container.interfaces import IContainer
_ = MessageFactory('zope')
class IPlugin(zope.interface.Interface):
"""A plugin for a pluggable authentication component."""
class IPluggableAuthentication(ILogout, IContainer):
"""Provides authentication services with the help of various plugins.
IPluggableAuthentication implementations will also implement
zope.authentication.interfaces.IAuthentication. The `authenticate` method
of this interface in an IPluggableAuthentication should annotate the
IPrincipalInfo with the credentials plugin and authentication plugin used.
The `getPrincipal` method should annotate the IPrincipalInfo with the
authentication plugin used.
"""
contains(IPlugin)
credentialsPlugins = zope.schema.List(
title=_('Credentials Plugins'),
description=_("""Used for extracting credentials.
Names may be of ids of non-utility ICredentialsPlugins contained in
the IPluggableAuthentication, or names of registered
ICredentialsPlugins utilities. Contained non-utility ids mask
utility names."""),
value_type=zope.schema.Choice(vocabulary='CredentialsPlugins'),
default=[],
)
authenticatorPlugins = zope.schema.List(
title=_('Authenticator Plugins'),
description=_("""Used for converting credentials to principals.
Names may be of ids of non-utility IAuthenticatorPlugins contained in
the IPluggableAuthentication, or names of registered
IAuthenticatorPlugins utilities. Contained non-utility ids mask
utility names."""),
value_type=zope.schema.Choice(vocabulary='AuthenticatorPlugins'),
default=[],
)
def getCredentialsPlugins():
"""Return iterable of (plugin name, actual credentials plugin) pairs.
Looks up names in credentialsPlugins as contained ids of non-utility
ICredentialsPlugins first, then as registered ICredentialsPlugin
utilities. Names that do not resolve are ignored."""
def getAuthenticatorPlugins():
"""Return iterable of (plugin name, actual authenticator plugin) pairs.
Looks up names in authenticatorPlugins as contained ids of non-utility
IAuthenticatorPlugins first, then as registered IAuthenticatorPlugin
utilities. Names that do not resolve are ignored."""
prefix = zope.schema.TextLine(
title=_('Prefix'),
default=u'',
required=True,
readonly=True,
)
def logout(request):
"""Performs a logout by delegating to its authenticator plugins."""
class ICredentialsPlugin(IPlugin):
"""Handles credentials extraction and challenges per request."""
containers(IPluggableAuthentication)
challengeProtocol = zope.interface.Attribute(
"""A challenge protocol used by the plugin.
If a credentials plugin works with other credentials pluggins, it
and the other cooperating plugins should specify a common (non-None)
protocol. If a plugin returns True from its challenge method, then
other credentials plugins will be called only if they have the same
protocol.
""")
def extractCredentials(request):
"""Ties to extract credentials from a request.
A return value of None indicates that no credentials could be found.
Any other return value is treated as valid credentials.
"""
def challenge(request):
"""Possibly issues a challenge.
This is typically done in a protocol-specific way.
If a challenge was issued, return True, otherwise return False.
"""
def logout(request):
"""Possibly logout.
If a logout was performed, return True, otherwise return False.
"""
class IAuthenticatorPlugin(IPlugin):
"""Authenticates a principal using credentials.
An authenticator may also be responsible for providing information
about and creating principals.
"""
containers(IPluggableAuthentication)
def authenticateCredentials(credentials):
"""Authenticates credentials.
If the credentials can be authenticated, return an object that provides
IPrincipalInfo. If the plugin cannot authenticate the credentials,
returns None.
"""
def principalInfo(id):
"""Returns an IPrincipalInfo object for the specified principal id.
If the plugin cannot find information for the id, returns None.
"""
class IPrincipalInfo(zope.interface.Interface):
"""Minimal information about a principal."""
id = zope.interface.Attribute("The principal id.")
title = zope.interface.Attribute("The principal title.")
description = zope.interface.Attribute("A description of the principal.")
credentialsPlugin = zope.interface.Attribute(
"""Plugin used to generate the credentials for this principal info.
Optional. Should be set in IPluggableAuthentication.authenticate.
""")
authenticatorPlugin = zope.interface.Attribute(
"""Plugin used to authenticate the credentials for this principal info.
Optional. Should be set in IPluggableAuthentication.authenticate and
IPluggableAuthentication.getPrincipal.
""")
class IPrincipalFactory(zope.interface.Interface):
"""A principal factory."""
def __call__(authentication):
"""Creates a principal.
The authentication utility that called the factory is passed
and should be included in the principal-created event.
"""
class IFoundPrincipalFactory(IPrincipalFactory):
"""A found principal factory."""
class IAuthenticatedPrincipalFactory(IPrincipalFactory):
"""An authenticated principal factory."""
class IPrincipalCreated(zope.interface.Interface):
"""A principal has been created."""
principal = zope.interface.Attribute("The principal that was created")
authentication = zope.interface.Attribute(
"The authentication utility that created the principal")
info = zope.interface.Attribute("An object providing IPrincipalInfo.")
class IAuthenticatedPrincipalCreated(IPrincipalCreated):
"""A principal has been created by way of an authentication operation."""
request = zope.interface.Attribute(
"The request the user was authenticated against")
class AuthenticatedPrincipalCreated:
"""
>>> from zope.interface.verify import verifyObject
>>> event = AuthenticatedPrincipalCreated("authentication", "principal",
... "info", "request")
>>> verifyObject(IAuthenticatedPrincipalCreated, event)
True
"""
zope.interface.implements(IAuthenticatedPrincipalCreated)
def __init__(self, authentication, principal, info, request):
self.authentication = authentication
self.principal = principal
self.info = info
self.request = request
class IFoundPrincipalCreated(IPrincipalCreated):
"""A principal has been created by way of a search operation."""
class FoundPrincipalCreated:
"""
>>> from zope.interface.verify import verifyObject
>>> event = FoundPrincipalCreated("authentication", "principal",
... "info")
>>> verifyObject(IFoundPrincipalCreated, event)
True
"""
zope.interface.implements(IFoundPrincipalCreated)
def __init__(self, authentication, principal, info):
self.authentication = authentication
self.principal = principal
self.info = info
class IQueriableAuthenticator(zope.interface.Interface):
"""Indicates the authenticator provides a search UI for principals."""
class IPrincipal(zope.security.interfaces.IGroupClosureAwarePrincipal):
groups = zope.schema.List(
title=_("Groups"),
description=_(
"""ids of groups to which the principal directly belongs.
Plugins may append to this list. Mutating the list only affects
the life of the principal object, and does not persist (so
persistently adding groups to a principal should be done by working
with a plugin that mutates this list every time the principal is
created, like the group folder in this package.)
"""),
value_type=zope.schema.TextLine(),
required=False)
class IQuerySchemaSearch(zope.interface.Interface):
"""An interface for searching using schema-constrained input."""
schema = zope.interface.Attribute("""
The schema that constrains the input provided to the search method.
A mapping of name/value pairs for each field in this schema is used
as the query argument in the search method.
""")
def search(query, start=None, batch_size=None):
"""Returns an iteration of principal IDs matching the query.
query is a mapping of name/value pairs for fields specified by the
schema.
If the start argument is provided, then it should be an
integer and the given number of initial items should be
skipped.
If the batch_size argument is provided, then it should be an
integer and no more than the given number of items should be
returned.
"""
class IGroupAdded(zope.interface.Interface):
"""A group has been added."""
group = zope.interface.Attribute("""The group that was defined""")
class IPrincipalsAddedToGroup(zope.interface.Interface):
group_id = zope.interface.Attribute(
'the id of the group to which the principal was added')
principal_ids = zope.interface.Attribute(
'an iterable of one or more ids of principals added')
class IPrincipalsRemovedFromGroup(zope.interface.Interface):
group_id = zope.interface.Attribute(
'the id of the group from which the principal was removed')
principal_ids = zope.interface.Attribute(
'an iterable of one or more ids of principals removed')
|