1 # Copyright (C) 2014 Ipsilon project Contributors, for licensee see COPYING
3 from __future__ import absolute_import
5 from ipsilon.providers.common import ProviderBase, ProviderInstaller
6 from ipsilon.providers.openid.store import OpenIDStore
7 from ipsilon.providers.openid.auth import OpenID
8 from ipsilon.providers.openid.extensions.common import LoadExtensions
9 from ipsilon.util.plugin import PluginObject
10 from ipsilon.util import config as pconfig
11 from ipsilon.info.common import InfoMapping
13 from openid.server.server import Server
16 class IdpProvider(ProviderBase):
18 def __init__(self, *pargs):
19 super(IdpProvider, self).__init__('openid', 'openid', *pargs)
20 self.mapping = InfoMapping()
24 self.extensions = LoadExtensions()
25 self.description = """
26 Provides OpenID 2.0 authentication infrastructure. """
32 'Database URL for OpenID temp storage',
35 'default email domain',
36 'Used for users missing the email property.',
40 'The Absolute URL of the OpenID provider',
41 'http://localhost:8080/idp/openid/'),
43 'identity url template',
44 'The templated URL where identities are exposed.',
45 'http://localhost:8080/idp/openid/id/%(username)s'),
48 'List of trusted relying parties.'),
51 'List of untrusted relying parties.'),
54 'Choose the extensions to enable',
55 self.extensions.available().keys()),
57 'default attribute mapping',
58 'Defines how to map attributes before calling extensions',
61 'default allowed attributes',
62 'Defines a list of allowed attributes, applied after mapping',
67 def endpoint_url(self):
68 url = self.get_config_value('endpoint url')
75 def default_email_domain(self):
76 return self.get_config_value('default email domain')
79 def identity_url_template(self):
80 url = self.get_config_value('identity url template')
87 def trusted_roots(self):
88 return self.get_config_value('trusted roots')
91 def untrusted_roots(self):
92 return self.get_config_value('untrusted roots')
95 def enabled_extensions(self):
96 return self.get_config_value('enabled extensions')
99 def default_attribute_mapping(self):
100 return self.get_config_value('default attribute mapping')
103 def default_allowed_attributes(self):
104 return self.get_config_value('default allowed attributes')
106 def get_tree(self, site):
108 self.page = OpenID(site, self)
109 # self.admin = AdminPage(site, self)
114 self.server = Server(
115 OpenIDStore(self.get_config_value('database url')),
116 op_endpoint=self.endpoint_url)
118 # Expose OpenID presence in the root
119 headers = self._root.default_headers
120 headers['X-XRDS-Location'] = self.endpoint_url+'XRDS'
122 html_heads = self._root.html_heads
123 HEAD_LINK = '<link rel="%s" href="%s">'
124 openid_heads = [HEAD_LINK % ('openid2.provider', self.endpoint_url),
125 HEAD_LINK % ('openid.server', self.endpoint_url)]
126 html_heads['openid'] = openid_heads
129 super(IdpProvider, self).on_enable()
131 self.extensions.enable(self._config['enabled extensions'].get_value())
134 class Installer(ProviderInstaller):
136 def __init__(self, *pargs):
137 super(Installer, self).__init__()
141 def install_args(self, group):
142 group.add_argument('--openid', choices=['yes', 'no'], default='yes',
143 help='Configure OpenID Provider')
144 group.add_argument('--openid-dburi',
145 help='OpenID database URI')
146 group.add_argument('--openid-extensions', default='',
147 help='List of OpenID Extensions to enable')
149 def configure(self, opts):
150 if opts['openid'] != 'yes':
154 if opts['secure'].lower() == 'no':
156 url = '%s://%s/%s/openid/' % (
157 proto, opts['hostname'], opts['instance'])
159 # Add configuration data to database
160 po = PluginObject(*self.pargs)
163 po.wipe_config_values()
164 config = {'endpoint url': url,
165 'identity url template': '%sid/%%(username)s' % url,
166 'database url': opts['openid_dburi'] or
167 opts['database_url'] % {
168 'datadir': opts['data_dir'], 'dbname': 'openid'},
169 'enabled extensions': opts['openid_extensions']}
170 po.save_plugin_config(config)
172 # Update global config to add login plugin
174 po.save_enabled_state()