U ‡äVcyã@s>dZddlmZddlmZdZe e¡ZGdd„deƒZ dS)aÝ Implementation of a domain controller that uses realm/user_name/password mappings from the configuration file and uses the share path as realm name. user_mapping is defined a follows:: simple_dc: { user_mapping = { "realm1": { "John Smith": { "password": "YouNeverGuessMe", }, "Dan Brown": { "password": "DontGuessMeEither", "roles": ["editor"] } }, "realm2": { ... } }, } The "*" pseudo-share is used to pass a default definition:: user_mapping = { "*": { // every share except for 'realm2' "Dan Brown": { "password": "DontGuessMeEither", "roles": ["editor"] } }, "realm2": { ... } }, A share (even the "*" pseudo-share) can be set to True to allow anonymous access:: user_mapping = { "*": { "Dan Brown": { "password": "DontGuessMeEither", "roles": ["editor"] }, }, "realm2": True }, The SimpleDomainController fulfills the requirements of a DomainController as used for authentication with http_authenticator.HTTPAuthenticator for the WsgiDAV application. Domain Controllers must provide the methods as described in DomainControllerBase_ .. _DomainControllerBase : dc/base_dc.py é)Úutil)ÚBaseDomainControllerÚreStructuredTextcsVeZdZ‡fdd„Zdd„Zddd„Zdd „Zd d „Zd d „Zdd„Z dd„Z ‡Z S)ÚSimpleDomainControllercsvtt|ƒ ||¡| di¡}| d¡|_|jdkr|j |¡}|dkr |j d¡}|dks0|dkr4|S| |¡S)zHReturn the matching user_map entry (falling back to default '*' if any).NÚ*)r r )rÚrealmÚ user_nameÚ realm_entryrrrÚ_get_realm_entry_s   z'SimpleDomainController._get_realm_entrycCs| ||¡}|S)z5Resolve a relative url to the appropriate realm name.)Z_calc_realm_from_path_provider)rÚ path_infoÚenvironrrrrÚget_domain_realmhs z'SimpleDomainController.get_domain_realmcCs*| |¡}|dkr"t d |¡¡|dk S)zUReturn True if this realm requires authentication (grant anonymous access otherwise).NzUMissing configuration simple_dc.user_mapping["{}"] (or "*"): realm is not accessible!T)r"Ú_loggerÚerrorr)rrr$r!rrrÚrequire_authenticationms ÿÿz-SimpleDomainController.require_authenticationcCs:| ||¡}|dk r6|| d¡kr6| dg¡|d<dSdS)z|Returns True if this user_name/password pair is valid for the realm, False otherwise. Used for basic authentication.NÚpasswordÚrolesúwsgidav.auth.rolesTF)r"r )rrr r)r$ÚuserrrrÚbasic_auth_userws  z&SimpleDomainController.basic_auth_usercCsdS)NTrrrrrÚsupports_http_digest_authsz0SimpleDomainController.supports_http_digest_authcCs@| ||¡}|dkrdS| d¡}| dg¡|d<| |||¡S)zComputes digest hash A1 part.NFr)r*r+)r"r Z_compute_http_digest_a1)rrr r$r,r)rrrÚdigest_auth_user…s   z'SimpleDomainController.digest_auth_user)N) rÚ __module__Ú __qualname__r rr"r%r(r-r.r/Ú __classcell__rrrrrJs    rN) Ú__doc__ÚwsgidavrZwsgidav.dc.base_dcrÚ __docformat__Úget_module_loggerrr&rrrrrÚs ;