[Cubicweb] disable login for 'admin' account

Sylvain Thénault sylvain.thenault at logilab.fr
Wed Nov 20 09:53:35 CET 2013


On 19 novembre 22:37, Dimitri Papadopoulos Orfanos wrote:
> Le 19/11/2013 22:15, Sylvain Thénault a écrit :
> >nop. Do you mean you want to disable login of any user in the managers group
> >from the web interface?
> 
> Exactly, security guys feel it's safer if managers cannot login from
> a server outside our inner network.

something along the line of the code below should do the trick (untested):

  from cubicweb.web.views import authentication

  class MyLoginPasswordRetriever(authentication.LoginPasswordRetriever):
    def authenticated(self, retriever, req, cnx, login, authinfo):
        """callback when return authentication information have opened a
        repository connection successfully. Take care req has no session
        attached yet, hence req.execute isn't available.
        """
        # for the reason explained in the docstring, using req.user is not an
        # option and cnx.user() probably not a good idea
        cu = cnx.cursor()
        if cu.execute('Any G WHERE U in_group G, G name "managers", U login %(l)s',
                      {'l': login}):
          raise authentication.AuthenticationError()
    
  def registration_callback(vreg):
    vreg.register_and_replace(MyLoginPasswordRetriever, authentication.LoginPasswordRetriever)


-- 
Sylvain Thénault, LOGILAB, Paris (01.45.32.03.12) - Toulouse (05.62.17.16.42)
Formations Python, Debian, Méth. Agiles: http://www.logilab.fr/formations
Développement logiciel sur mesure:       http://www.logilab.fr/services
CubicWeb, the semantic web framework:    http://www.cubicweb.org



More information about the Cubicweb mailing list