ipsilon/providers/openidp.py

   1 #!/usr/bin/python
   2 #
   3 # Copyright (C) 2014  Ipsilon project Contributors, for licensee see COPYING
   4
   5 from __future__ import absolute_import
   6
   7 from ipsilon.providers.common import ProviderBase
   8 from ipsilon.providers.common import FACILITY
   9 from ipsilon.providers.openid.auth import OpenID
  10 from ipsilon.providers.openid.extensions.common import LoadExtensions
  11 from ipsilon.util.plugin import PluginObject
  12 from ipsilon.info.common import InfoMapping
  13
  14 from openid.server.server import Server
  15 # TODO: Move this to the database
  16 from openid.store.memstore import MemoryStore
  17
  18
  19 class IdpProvider(ProviderBase):
  20
  21     def __init__(self):
  22         super(IdpProvider, self).__init__('openid', 'openid')
  23         self.mapping = InfoMapping()
  24         self.page = None
  25         self.server = None
  26         self.basepath = None
  27         self.extensions = None
  28         self.description = """
  29 Provides OpenID 2.0 authentication infrastructure. """
  30
  31         self._options = {
  32             'default email domain': [
  33                 """Default email domain, for users missing email property.""",
  34                 'string',
  35                 'example.com'
  36             ],
  37             'endpoint url': [
  38                 """The Absolute URL of the OpenID provider""",
  39                 'string',
  40                 'http://localhost:8080/idp/openid/'
  41             ],
  42             'identity url template': [
  43                 """The templated URL where identities are exposed.""",
  44                 'string',
  45                 'http://localhost:8080/idp/openid/id/%(username)s'
  46             ],
  47             'trusted roots': [
  48                 """List of trusted relying parties.""",
  49                 'list',
  50                 []
  51             ],
  52             'untrusted roots': [
  53                 """List of untrusted relying parties.""",
  54                 'list',
  55                 []
  56             ],
  57             'enabled extensions': [
  58                 """List of enabled extensions""",
  59                 'list',
  60                 []
  61             ],
  62         }
  63
  64     @property
  65     def endpoint_url(self):
  66         url = self.get_config_value('endpoint url')
  67         if url.endswith('/'):
  68             return url
  69         else:
  70             return url+'/'
  71
  72     @property
  73     def default_email_domain(self):
  74         return self.get_config_value('default email domain')
  75
  76     @property
  77     def identity_url_template(self):
  78         url = self.get_config_value('identity url template')
  79         if url.endswith('/'):
  80             return url
  81         else:
  82             return url+'/'
  83
  84     @property
  85     def trusted_roots(self):
  86         return self.get_config_value('trusted roots')
  87
  88     @property
  89     def untrusted_roots(self):
  90         return self.get_config_value('untrusted roots')
  91
  92     @property
  93     def enabled_extensions(self):
  94         return self.get_config_value('enabled extensions')
  95
  96     def get_tree(self, site):
  97         self.init_idp()
  98         self.page = OpenID(site, self)
  99         # self.admin = AdminPage(site, self)
 100
 101         # Expose OpenID presence in the root
 102         headers = site[FACILITY]['root'].default_headers
 103         headers['X-XRDS-Location'] = self.endpoint_url+'XRDS'
 104
 105         html_heads = site[FACILITY]['root'].html_heads
 106         HEAD_LINK = '<link rel="%s" href="%s">'
 107         openid_heads = [HEAD_LINK % ('openid2.provider', self.endpoint_url),
 108                         HEAD_LINK % ('openid.server', self.endpoint_url)]
 109         html_heads['openid'] = openid_heads
 110
 111         return self.page
 112
 113     def init_idp(self):
 114         self.server = Server(MemoryStore(), op_endpoint=self.endpoint_url)
 115         loader = LoadExtensions(self.enabled_extensions)
 116         self.extensions = loader.get_extensions()
 117
 118     def on_enable(self):
 119         self.init_idp()
 120
 121
 122 class Installer(object):
 123
 124     def __init__(self):
 125         self.name = 'openid'
 126         self.ptype = 'provider'
 127
 128     def install_args(self, group):
 129         group.add_argument('--openid', choices=['yes', 'no'], default='yes',
 130                            help='Configure OpenID Provider')
 131
 132     def configure(self, opts):
 133         if opts['openid'] != 'yes':
 134             return
 135
 136         proto = 'https'
 137         if opts['secure'].lower() == 'no':
 138             proto = 'http'
 139         url = '%s://%s/%s/openid/' % (
 140             proto, opts['hostname'], opts['instance'])
 141
 142         # Add configuration data to database
 143         po = PluginObject()
 144         po.name = 'openid'
 145         po.wipe_data()
 146
 147         po.wipe_config_values(FACILITY)
 148         config = {'endpoint url': url,
 149                   'identity_url_template': '%sid/%%(username)s' % url,
 150                   'enabled': '1'}
 151         po.save_plugin_config(FACILITY, config)