smtp_server = localhost
error_email_from = philipp.spitzer@winterrodeln.org
-wikidbtype = mysql
-wikidbserver = localhost
-wikidbname = winterrodeln_wiki
-wikidbuser = philipp
-wikidbpassword =
-
[server:main]
use = egg:Paste#http
host = 127.0.0.1
beaker.session.key = wradmin
beaker.session.secret = somesecret
+wikidbtype = mysql
+wikidbserver = localhost
+wikidbname = winterrodeln_wiki
+wikidbuser = philipp
+wikidbpassword =
+
+authkit.setup.method = basic
+authkit.basic.realm = Winterrodeln Admin
+authkit.basic.authenticate.user.type = wradmin.lib.mediawiki:MediaWikiUsers
+authkit.basic.authenticate.user.data =
+
# If you'd like to fine-tune the individual locations of the cache data dirs
# for the Cache data, or the Session saves, un-comment the desired settings
# here:
smtp_server = localhost
error_email_from = paste@localhost
-wikidbtype = mysql
-wikidbserver = localhost
-wikidbname = wiki
-wikidbuser = username
-wikidbpassword =
-
[server:main]
use = egg:Paste#http
host = 0.0.0.0
beaker.session.secret = ${app_instance_secret}
app_instance_uuid = ${app_instance_uuid}
+wikidbtype = mysql
+wikidbserver = localhost
+wikidbname = wiki
+wikidbuser = username
+wikidbpassword =
+
+authkit.setup.method = basic
+authkit.basic.realm = Winterrodeln Admin
+authkit.basic.authenticate.user.type = wradmin.lib.mediawiki:MediaWikiUsers
+authkit.basic.authenticate.user.data =
+
# If you'd like to fine-tune the individual locations of the cache data dirs
# for the Cache data, or the Session saves, un-comment the desired settings
# here:
from wradmin.config.environment import load_environment
+import authkit.authenticate
+from authkit.permissions import ValidAuthKitUser
+
def make_app(global_conf, full_stack=True, static_files=True, **app_conf):
"""Create a Pylons WSGI application and return it
# Handle Python exceptions
app = ErrorHandler(app, global_conf, **config['pylons.errorware'])
+ permission = ValidAuthKitUser()
+ app = authkit.authorize.middleware(app, permission)
+ app = authkit.authenticate.middleware(app, app_conf)
+
# Display error documents for 401, 403, 404 status codes (and
# 500 when debug is disabled)
if asbool(config['debug']):
--- /dev/null
+"MediaWiki communication functions"
+
+from authkit.users import UsersReadOnly, md5
+from wradmin.lib.wrdatabase import get_wiki_connection
+
+class MediaWikiUsers(UsersReadOnly):
+ def __init__(self, data=None, encrypt=None):
+ UsersReadOnly.__init__(self, data, encrypt)
+
+ # Initialize class fields
+ self.usernames = []
+ self.passwords = {}
+ self.roles = {}
+ self.groups = {}
+ self.user_ids = {} # MediaWiki user_id field of the database
+ self.real_names = {} # Real names of the users
+ self.emails = {} # E-Mail addresses of the users
+
+ # Query database
+ con = get_wiki_connection()
+ cu = con.cursor()
+ sql = 'SELECT user_id, user_name, user_real_name, user_password, user_email FROM user'
+ cu.execute(sql)
+ for row in cu:
+ user_id, username, real_name, password, email = row
+ username = username.lower()
+ role = []
+ group = None
+
+ self.usernames.append(username)
+ self.passwords[username] = password
+ self.roles[username] = role
+ self.groups[username] = group
+ self.user_ids[username] = user_id
+ self.real_names[username] = real_name
+ self.emails[username] = email
+
+
+ def user_has_password(self, username, password):
+ """
+ Passwords are case sensitive.
+ Returns ``True`` if the user has the password specified, ``False`` otherwise.
+ Raises an exception if the user doesn't exist.
+
+ See http://www.winterrodeln.org/trac/wiki/MediaWikiAuthorization
+ """
+ pwd = self.user_password(username)
+ # Example: pwd = ':B:d25b2886:41e46c952790b1b442aac4f24f7ea7a8'
+ pwd_parts = pwd.split(':') # password_parts = ['', 'B', 'd25b2886', '41e46c952790b1b442aac4f24f7ea7a8']
+ if len(pwd_parts) == 4 and pwd_parts[1] == 'B':
+ salt, pwd_md5 = tuple(pwd_parts[2:4]) # salt = 'd25b2886'; pwd_md5 = '41e46c952790b1b442aac4f24f7ea7a8'
+ else:
+ raise AuthKitError("Password in the MediaWiki database format has an unexpected format ('%s' instead of e.g. ':B:d25b2886:41e46c952790b1b442aac4f24f7ea7a8')" % pwd)
+ return md5(salt + '-' + md5(password)) == pwd_md5
ToastFreeware / philipp / winterrodeln / wradmin.git / commitdiff