3 # Copyright (C) 2014 Ipsilon contributors, see COPYING file for license
6 from ipsilon.login.common import LoginPageBase, LoginManagerBase
7 from ipsilon.login.common import FACILITY
8 from ipsilon.util.plugin import PluginObject
11 from fedora.client.fasproxy import FasProxyClient
12 from fedora.client import AuthError
15 class FAS(LoginPageBase):
17 def GET(self, *args, **kwargs):
18 context = self.create_tmpl_context()
19 # pylint: disable=star-args
20 return self._template('login/fas.html', **context)
22 def POST(self, *args, **kwargs):
23 username = kwargs.get("login_name")
24 password = kwargs.get("login_password")
27 if username and password:
30 _, data = self.lm.fpc.login(username, password)
32 cherrypy.log.error("Authentication error [%s]" % str(e))
33 except Exception, e: # pylint: disable=broad-except
34 cherrypy.log.error("Unknown Error [%s]" % str(e))
35 if data and data.user:
36 return self.lm.auth_successful(data.user['username'],
37 userdata={'fas': data.user})
39 error = "Authentication failed"
40 cherrypy.log.error(error)
42 error = "Username or password is missing"
43 cherrypy.log.error("Error: " + error)
45 context = self.create_tmpl_context(
48 error_password=not password,
49 error_username=not username
51 # pylint: disable=star-args
52 return self._template('login/fas.html', **context)
54 def root(self, *args, **kwargs):
55 op = getattr(self, cherrypy.request.method, self.GET)
57 return op(*args, **kwargs)
59 def create_tmpl_context(self, **kwargs):
61 if self.lm.next_login is not None:
62 next_url = self.lm.next_login.path
66 "action": '%s/login/fas' % self.basepath,
67 "service_name": self.lm.service_name,
68 "username_text": self.lm.username_text,
69 "password_text": self.lm.password_text,
70 "description": self.lm.help_text,
73 context.update(kwargs)
77 class LoginManager(LoginManagerBase):
79 def __init__(self, *args, **kwargs):
80 super(LoginManager, self).__init__(*args, **kwargs)
85 self.description = """
86 Form based login Manager that uses the Fedora Authentication Server
90 """ The name of the PAM service used to authenticate. """,
95 """ The text shown to guide the user at login time. """,
97 'Login wth your FAS credentials'
100 """ The text shown to ask for the username in the form. """,
105 """ The text shown to ask for the password in the form. """,
110 """ The FAS Url. """,
112 'https://admin.fedoraproject.org/accounts/'
114 'FAS Proxy client user Agent': [
115 """ The User Agent presented to the FAS Server. """,
119 'FAS Insecure Auth': [
120 """ If 'YES' skips FAS server cert verification. """,
127 def service_name(self):
128 return self.get_config_value('service name')
132 return self.get_config_value('help text')
135 def username_text(self):
136 return self.get_config_value('username text')
139 def password_text(self):
140 return self.get_config_value('password text')
144 return self.get_config_value('FAS url')
147 def user_agent(self):
148 return self.get_config_value('FAS Proxy client user Agent')
152 return self.get_config_value('FAS Insecure Auth')
154 def get_tree(self, site):
155 self.fpc = FasProxyClient(base_url=self.fas_url,
156 useragent=self.user_agent,
157 insecure=(self.insecure == 'YES'))
158 self.page = FAS(site, self)
162 class Installer(object):
168 def install_args(self, group):
169 group.add_argument('--fas', choices=['yes', 'no'], default='no',
170 help='Configure FAS authentication')
172 def configure(self, opts):
173 if opts['fas'] != 'yes':
176 # Add configuration data to database
181 po.wipe_config_values(FACILITY)
183 # Update global config to add login plugin
186 globalconf = po.get_plugin_config(FACILITY)
187 if 'order' in globalconf:
188 order = globalconf['order'].split(',')
192 globalconf['order'] = ','.join(order)
193 po.set_config(globalconf)
194 po.save_plugin_config(FACILITY)