ipsilon/providers/openidp.py

   1 # Copyright (C) 2014  Ipsilon project Contributors, for licensee see COPYING
   2
   3 from __future__ import absolute_import
   4
   5 from ipsilon.providers.common import ProviderBase
   6 from ipsilon.providers.openid.store import OpenIDStore
   7 from ipsilon.providers.openid.auth import OpenID
   8 from ipsilon.providers.openid.extensions.common import LoadExtensions
   9 from ipsilon.util.plugin import PluginObject
  10 from ipsilon.util import config as pconfig
  11 from ipsilon.info.common import InfoMapping
  12
  13 from openid.server.server import Server
  14
  15
  16 class IdpProvider(ProviderBase):
  17
  18     def __init__(self, *pargs):
  19         super(IdpProvider, self).__init__('openid', 'openid', *pargs)
  20         self.mapping = InfoMapping()
  21         self.page = None
  22         self.server = None
  23         self.basepath = None
  24         self.extensions = LoadExtensions()
  25         self.description = """
  26 Provides OpenID 2.0 authentication infrastructure. """
  27
  28         self.new_config(
  29             self.name,
  30             pconfig.String(
  31                 'database url',
  32                 'Database URL for OpenID temp storage',
  33                 'openid.sqlite'),
  34             pconfig.String(
  35                 'default email domain',
  36                 'Used for users missing the email property.',
  37                 'example.com'),
  38             pconfig.String(
  39                 'endpoint url',
  40                 'The Absolute URL of the OpenID provider',
  41                 'http://localhost:8080/idp/openid/'),
  42             pconfig.Template(
  43                 'identity url template',
  44                 'The templated URL where identities are exposed.',
  45                 'http://localhost:8080/idp/openid/id/%(username)s'),
  46             pconfig.List(
  47                 'trusted roots',
  48                 'List of trusted relying parties.'),
  49             pconfig.List(
  50                 'untrusted roots',
  51                 'List of untrusted relying parties.'),
  52             pconfig.Choice(
  53                 'enabled extensions',
  54                 'Choose the extensions to enable',
  55                 self.extensions.available().keys()),
  56         )
  57
  58     @property
  59     def endpoint_url(self):
  60         url = self.get_config_value('endpoint url')
  61         if url.endswith('/'):
  62             return url
  63         else:
  64             return url+'/'
  65
  66     @property
  67     def default_email_domain(self):
  68         return self.get_config_value('default email domain')
  69
  70     @property
  71     def identity_url_template(self):
  72         url = self.get_config_value('identity url template')
  73         if url.endswith('/'):
  74             return url
  75         else:
  76             return url+'/'
  77
  78     @property
  79     def trusted_roots(self):
  80         return self.get_config_value('trusted roots')
  81
  82     @property
  83     def untrusted_roots(self):
  84         return self.get_config_value('untrusted roots')
  85
  86     @property
  87     def enabled_extensions(self):
  88         return self.get_config_value('enabled extensions')
  89
  90     def get_tree(self, site):
  91         self.init_idp()
  92         self.page = OpenID(site, self)
  93         # self.admin = AdminPage(site, self)
  94
  95         return self.page
  96
  97     def init_idp(self):
  98         self.server = Server(
  99             OpenIDStore(self.get_config_value('database url')),
 100             op_endpoint=self.endpoint_url)
 101
 102         # Expose OpenID presence in the root
 103         headers = self._root.default_headers
 104         headers['X-XRDS-Location'] = self.endpoint_url+'XRDS'
 105
 106         html_heads = self._root.html_heads
 107         HEAD_LINK = '<link rel="%s" href="%s">'
 108         openid_heads = [HEAD_LINK % ('openid2.provider', self.endpoint_url),
 109                         HEAD_LINK % ('openid.server', self.endpoint_url)]
 110         html_heads['openid'] = openid_heads
 111
 112     def on_enable(self):
 113         super(IdpProvider, self).on_enable()
 114         self.init_idp()
 115         self.extensions.enable(self._config['enabled extensions'].get_value())
 116
 117
 118 class Installer(object):
 119
 120     def __init__(self, *pargs):
 121         self.name = 'openid'
 122         self.ptype = 'provider'
 123         self.pargs = pargs
 124
 125     def install_args(self, group):
 126         group.add_argument('--openid', choices=['yes', 'no'], default='yes',
 127                            help='Configure OpenID Provider')
 128
 129     def configure(self, opts):
 130         if opts['openid'] != 'yes':
 131             return
 132
 133         proto = 'https'
 134         if opts['secure'].lower() == 'no':
 135             proto = 'http'
 136         url = '%s://%s/%s/openid/' % (
 137             proto, opts['hostname'], opts['instance'])
 138
 139         # Add configuration data to database
 140         po = PluginObject(*self.pargs)
 141         po.name = 'openid'
 142         po.wipe_data()
 143         po.wipe_config_values()
 144         config = {'endpoint url': url,
 145                   'identity_url_template': '%sid/%%(username)s' % url}
 146         po.save_plugin_config(config)
 147
 148         # Update global config to add login plugin
 149         po.is_enabled = True
 150         po.save_enabled_state()