students.authentication - Student Authentication Components

Authenticate students.

class waeup.kofa.students.authentication.PasswordChangeCredentialsPlugin[source]

Bases: grokcore.component.components.GlobalUtility, zope.pluggableauth.plugins.session.SessionCredentialsPlugin

A session credentials plugin that handles the case of a user changing his/her own password.

When users change their own password they might find themselves logged out on next request.

To avoid this, we support to use a ‘change password’ page a bit like a regular login page. That means, on each request we lookup the sent data for a login field called ‘student_id’ and a password.

If both exist, this means someone sent new credentials.

We then look for the old credentials stored in the user session. If the new credentials’ login (the student_id) matches the old one’s, we set the new credentials in session _but_ we return the old credentials for the authentication plugins to check as for the current request (and for the last time) the old credentials apply.

No valid credentials are returned by this plugin if one of the follwing circumstances is true

  • the sent request is not a regular IHTTPRequest
  • the credentials to set do not match the old ones
  • no credentials are sent with the request
  • no credentials were set before (i.e. the user has no session with credentials set before)
  • no session exists already
  • password and repeated password do not match

Therefore it is mandatory to put this plugin in the line of all credentials plugins _before_ other plugins, so that the regular credentials plugins can drop in as a ‘fallback’.

This plugin was designed for students to change their passwords, but might be used to allow password resets for other types of accounts as well.

__doc__ = "A session credentials plugin that handles the case of a user\n changing his/her own password.\n\n When users change their own password they might find themselves\n logged out on next request.\n\n To avoid this, we support to use a 'change password' page a bit\n like a regular login page. That means, on each request we lookup\n the sent data for a login field called 'student_id' and a\n password.\n\n If both exist, this means someone sent new credentials.\n\n We then look for the old credentials stored in the user session.\n If the new credentials' login (the student_id) matches the old\n one's, we set the new credentials in session _but_ we return the\n old credentials for the authentication plugins to check as for the\n current request (and for the last time) the old credentials apply.\n\n No valid credentials are returned by this plugin if one of the\n follwing circumstances is true\n\n - the sent request is not a regular IHTTPRequest\n\n - the credentials to set do not match the old ones\n\n - no credentials are sent with the request\n\n - no credentials were set before (i.e. the user has no session\n with credentials set before)\n\n - no session exists already\n\n - password and repeated password do not match\n\n Therefore it is mandatory to put this plugin in the line of all\n credentials plugins _before_ other plugins, so that the regular\n credentials plugins can drop in as a 'fallback'.\n\n This plugin was designed for students to change their passwords,\n but might be used to allow password resets for other types of\n accounts as well.\n "
__module__ = 'waeup.kofa.students.authentication'
extractCredentials(request)[source]
loginfield = 'student_id'
loginpagename = 'login'
passwordfield = 'change_password'
repeatfield = 'change_password_repeat'
class waeup.kofa.students.authentication.StudentAccount(context)[source]

Bases: grokcore.component.components.Adapter

An adapter to turn student objects into accounts on-the-fly.

__doc__ = 'An adapter to turn student objects into accounts on-the-fly.\n '
__implemented__ = <implementedBy waeup.kofa.students.authentication.StudentAccount>
__module__ = 'waeup.kofa.students.authentication'
__provides__

Special descriptor for class __provides__

The descriptor caches the implementedBy info, so that we can get declarations for objects without instance-specific interfaces a bit quicker.

For example:

>>> from zope.interface import Interface
>>> class IFooFactory(Interface):
...     pass
>>> class IFoo(Interface):
...     pass
>>> class C(object):
...     implements(IFoo)
...     classProvides(IFooFactory)
>>> [i.getName() for i in C.__provides__]
['IFooFactory']
>>> [i.getName() for i in C().__provides__]
['IFoo']
_get_roles()[source]
_set_roles(roles)[source]

Set roles for principal denoted by this account.

checkPassword(password)[source]

Check whether the given password matches the one stored by students or the temporary password set by officers. We additionally check if student account has been suspended or if the portal is blocked.

description
email
failed_logins
name
password
phone
public_name = None
roles
setPassword(password)[source]

Set a password (LDAP-compatible) SSHA encoded.

We do not store passwords in plaintext. Encrypted password is stored as unicode string.

suspended()[source]
title
user_type
class waeup.kofa.students.authentication.StudentsAuthenticatorPlugin[source]

Bases: grokcore.component.components.GlobalUtility

__doc__ = None
__implemented__ = <implementedBy waeup.kofa.students.authentication.StudentsAuthenticatorPlugin>
__module__ = 'waeup.kofa.students.authentication'
__provides__

Special descriptor for class __provides__

The descriptor caches the implementedBy info, so that we can get declarations for objects without instance-specific interfaces a bit quicker.

For example:

>>> from zope.interface import Interface
>>> class IFooFactory(Interface):
...     pass
>>> class IFoo(Interface):
...     pass
>>> class C(object):
...     implements(IFoo)
...     classProvides(IFooFactory)
>>> [i.getName() for i in C.__provides__]
['IFooFactory']
>>> [i.getName() for i in C().__provides__]
['IFoo']
authenticateCredentials(credentials)[source]

Authenticate credentials.

credentials is a tuple (login, password).

We look up students to find out whether a respective student exists, then check the password and return the resulting PrincipalInfo or None if no such student can be found.

getAccount(login)[source]

Look up a student identified by login. Returns an account.

Currently, we simply look up the key under which the student is stored in the portal. That means we hit if login name and name under which the student is stored match.

Returns not a student but an account object adapted from any student found.

If no such student exists, None is returned.

principalInfo(id)[source]

Get a principal identified by id.

This one is required by IAuthenticatorPlugin but not needed here (see respective docstring in applicants package).

class waeup.kofa.students.authentication.StudentsAuthenticatorSetup[source]

Bases: grokcore.component.components.GlobalUtility

Register or unregister student authentication for a PAU.

This piece is called when a new site is created.

__doc__ = 'Register or unregister student authentication for a PAU.\n\n This piece is called when a new site is created.\n '
__implemented__ = <implementedBy waeup.kofa.students.authentication.StudentsAuthenticatorSetup>
__module__ = 'waeup.kofa.students.authentication'
__provides__

Special descriptor for class __provides__

The descriptor caches the implementedBy info, so that we can get declarations for objects without instance-specific interfaces a bit quicker.

For example:

>>> from zope.interface import Interface
>>> class IFooFactory(Interface):
...     pass
>>> class IFoo(Interface):
...     pass
>>> class C(object):
...     implements(IFoo)
...     classProvides(IFooFactory)
>>> [i.getName() for i in C.__provides__]
['IFooFactory']
>>> [i.getName() for i in C().__provides__]
['IFoo']
register(pau)[source]
unregister(pau)[source]