# HG changeset patch
# User paulb
# Date 1085851694 0
# Node ID 7686e3dfb6a56cd213ff3135e92fe62e28ef2e94
# Parent  3bec83a54f0250224e625917ef46046a35c1f987
[project @ 2004-05-29 17:28:14 by paulb]
Provided support for anonymous entry into applications and parameterised
the cookie name employed.

diff -r 3bec83a54f02 -r 7686e3dfb6a5 examples/Common/LoginRedirect/__init__.py
--- a/examples/Common/LoginRedirect/__init__.py	Sat May 29 17:27:29 2004 +0000
+++ b/examples/Common/LoginRedirect/__init__.py	Sat May 29 17:28:14 2004 +0000
@@ -8,24 +8,36 @@
 
     "A resource redirecting to a login URL."
 
-    def __init__(self, login_url, app_url, resource, authenticator):
+    def __init__(self, login_url, app_url, resource, authenticator, anonymous_parameter_name=None):
 
         """
-        Initialise the resource with a 'login_url', an 'app_url' where the
-        'resource' for the application being protected should be reachable, and
-        an 'authenticator'.
+        Initialise the resource with a 'login_url', an 'app_url' where the 'resource' for
+        the application being protected should be reachable, and an 'authenticator'.
+
+        If the optional 'anonymous_parameter_name' is set, clients providing a parameter
+        of that name in the URL will not be authenticated, but then such clients will not
+        get a user identity associated with them. 
         """
 
         self.login_url = login_url
         self.app_url = app_url
         self.resource = resource
         self.authenticator = authenticator
+        self.anonymous_parameter_name = anonymous_parameter_name
 
     def respond(self, trans):
 
+        # Check for the anonymous parameter, if appropriate.
+
+        fields = trans.get_fields_from_path()
+        if self.anonymous_parameter_name is not None and fields.has_key(self.anonymous_parameter_name):
+            is_anonymous = 1
+        else:
+            is_anonymous = 0
+
         # Check the authentication details with the specified authenticator.
 
-        if self.authenticator.authenticate(trans):
+        if is_anonymous or self.authenticator.authenticate(trans):
             self.resource.respond(trans)
         else:
             # Redirect to the login URL.
@@ -39,14 +51,18 @@
     An authenticator which verifies the credentials provided in a special login cookie.
     """
 
-    def __init__(self, secret_key):
+    def __init__(self, secret_key, cookie_name=None):
 
-        "Initialise the authenticator with a 'secret_key'."
+        "Initialise the authenticator with a 'secret_key' and an optional 'cookie_name'."
 
         self.secret_key = secret_key
+        self.cookie_name = cookie_name or "LoginAuthenticator"
 
     def authenticate(self, trans):
-        cookie = trans.get_cookie("LoginAuthenticator")
+
+        "Authenticate the originator of 'trans', updating the object if successful."
+
+        cookie = trans.get_cookie(self.cookie_name)
         if cookie is None:
             return 0
 
@@ -56,6 +72,13 @@
 
         username, code = cookie.value.split(":")
         print "*", username, code
-        return code == md5.md5(username + self.secret_key).hexdigest()
+        if code == md5.md5(username + self.secret_key).hexdigest():
+
+            # Update the transaction with the user details.
+
+            trans.set_user(username)
+            return 1
+        else:
+            return 0
 
 # vim: tabstop=4 expandtab shiftwidth=4