1 # Copyright (C) 2014 Ipsilon project Contributors, for license see COPYING
3 from ipsilon.login.common import LoginFormBase, LoginManagerBase, \
5 from ipsilon.util.plugin import PluginObject
6 from ipsilon.util.user import UserSession
7 from ipsilon.util import config as pconfig
8 from string import Template
13 class Form(LoginFormBase):
15 def POST(self, *args, **kwargs):
19 if not user.is_anonymous:
20 return self.lm.auth_successful(self.trans, user.name, 'password')
23 error = cherrypy.request.headers['EXTERNAL_AUTH_ERROR']
25 error = "Unknown error using external authentication"
26 cherrypy.log.error("Error: %s" % error)
27 return self.lm.auth_failed(self.trans)
30 class LoginManager(LoginManagerBase):
32 def __init__(self, *args, **kwargs):
33 super(LoginManager, self).__init__(*args, **kwargs)
37 self.service_name = 'form'
38 self.description = """
39 Form based login Manager. Relies on mod_intercept_form_submit plugin for
40 actual authentication. """
45 'Text used to ask for the username at login time.',
49 'Text used to ask for the password at login time.',
53 'Text used to guide the user at login time.',
54 'Insert your Username and Password and then submit.')
59 return self.get_config_value('help text')
62 def username_text(self):
63 return self.get_config_value('username text')
66 def password_text(self):
67 return self.get_config_value('password text')
69 def get_tree(self, site):
70 self.page = Form(site, self, 'login/form')
75 LoadModule intercept_form_submit_module modules/mod_intercept_form_submit.so
76 LoadModule authnz_pam_module modules/mod_authnz_pam.so
78 <Location /${instance}/login/form>
79 InterceptFormPAMService ${service}
80 InterceptFormLogin login_name
81 InterceptFormPassword login_password
82 # InterceptFormLoginSkip admin
83 # InterceptFormClearRemoteUserForSkipped on
84 InterceptFormPasswordRedact on
89 class Installer(LoginManagerInstaller):
91 def __init__(self, *pargs):
92 super(Installer, self).__init__()
96 def install_args(self, group):
97 group.add_argument('--form', choices=['yes', 'no'], default='no',
98 help='Configure External Form authentication')
99 group.add_argument('--form-service', action='store', default='remote',
100 help='PAM service name to use for authentication')
102 def configure(self, opts, changes):
103 if opts['form'] != 'yes':
106 confopts = {'instance': opts['instance'],
107 'service': opts['form_service']}
109 tmpl = Template(CONF_TEMPLATE)
110 hunk = tmpl.substitute(**confopts)
111 with open(opts['httpd_conf'], 'a') as httpd_conf:
112 httpd_conf.write(hunk)
114 # Add configuration data to database
115 po = PluginObject(*self.pargs)
118 po.wipe_config_values()
120 # Update global config to add login plugin
122 po.save_enabled_state()
124 # for selinux enabled platforms, ignore if it fails just report
126 subprocess.call(['/usr/sbin/setsebool', '-P',
127 'httpd_mod_auth_pam=on'])
128 except Exception: # pylint: disable=broad-except