ipsilon/providers/openidp.py

   1 # Copyright (C) 2014  Ipsilon project Contributors, for licensee see COPYING
   2
   3 from __future__ import absolute_import
   4
   5 from ipsilon.providers.common import ProviderBase
   6 from ipsilon.providers.openid.store import OpenIDStore
   7 from ipsilon.providers.openid.auth import OpenID
   8 from ipsilon.providers.openid.extensions.common import LoadExtensions
   9 from ipsilon.util.plugin import PluginObject
  10 from ipsilon.util import config as pconfig
  11 from ipsilon.info.common import InfoMapping
  12
  13 from openid.server.server import Server
  14
  15
  16 class IdpProvider(ProviderBase):
  17
  18     def __init__(self, *pargs):
  19         super(IdpProvider, self).__init__('openid', 'openid', *pargs)
  20         self.mapping = InfoMapping()
  21         self.page = None
  22         self.server = None
  23         self.basepath = None
  24         self.extensions = LoadExtensions()
  25         print self.extensions.available()
  26         print self.extensions.available().keys()
  27         self.description = """
  28 Provides OpenID 2.0 authentication infrastructure. """
  29
  30         self.new_config(
  31             self.name,
  32             pconfig.String(
  33                 'database url',
  34                 'Database URL for OpenID temp storage',
  35                 'openid.sqlite'),
  36             pconfig.String(
  37                 'default email domain',
  38                 'Used for users missing the email property.',
  39                 'example.com'),
  40             pconfig.String(
  41                 'endpoint url',
  42                 'The Absolute URL of the OpenID provider',
  43                 'http://localhost:8080/idp/openid/'),
  44             pconfig.Template(
  45                 'identity url template',
  46                 'The templated URL where identities are exposed.',
  47                 'http://localhost:8080/idp/openid/id/%(username)s'),
  48             pconfig.List(
  49                 'trusted roots',
  50                 'List of trusted relying parties.'),
  51             pconfig.List(
  52                 'untrusted roots',
  53                 'List of untrusted relying parties.'),
  54             pconfig.Choice(
  55                 'enabled extensions',
  56                 'Choose the extensions to enable',
  57                 self.extensions.available().keys()),
  58         )
  59
  60     @property
  61     def endpoint_url(self):
  62         url = self.get_config_value('endpoint url')
  63         if url.endswith('/'):
  64             return url
  65         else:
  66             return url+'/'
  67
  68     @property
  69     def default_email_domain(self):
  70         return self.get_config_value('default email domain')
  71
  72     @property
  73     def identity_url_template(self):
  74         url = self.get_config_value('identity url template')
  75         if url.endswith('/'):
  76             return url
  77         else:
  78             return url+'/'
  79
  80     @property
  81     def trusted_roots(self):
  82         return self.get_config_value('trusted roots')
  83
  84     @property
  85     def untrusted_roots(self):
  86         return self.get_config_value('untrusted roots')
  87
  88     @property
  89     def enabled_extensions(self):
  90         return self.get_config_value('enabled extensions')
  91
  92     def get_tree(self, site):
  93         self.init_idp()
  94         self.page = OpenID(site, self)
  95         # self.admin = AdminPage(site, self)
  96
  97         return self.page
  98
  99     def init_idp(self):
 100         self.server = Server(
 101             OpenIDStore(self.get_config_value('database url')),
 102             op_endpoint=self.endpoint_url)
 103
 104         # Expose OpenID presence in the root
 105         headers = self._root.default_headers
 106         headers['X-XRDS-Location'] = self.endpoint_url+'XRDS'
 107
 108         html_heads = self._root.html_heads
 109         HEAD_LINK = '<link rel="%s" href="%s">'
 110         openid_heads = [HEAD_LINK % ('openid2.provider', self.endpoint_url),
 111                         HEAD_LINK % ('openid.server', self.endpoint_url)]
 112         html_heads['openid'] = openid_heads
 113
 114     def on_enable(self):
 115         super(IdpProvider, self).on_enable()
 116         self.init_idp()
 117         self.extensions.enable(self._config['enabled extensions'].get_value())
 118
 119
 120 class Installer(object):
 121
 122     def __init__(self, *pargs):
 123         self.name = 'openid'
 124         self.ptype = 'provider'
 125         self.pargs = pargs
 126
 127     def install_args(self, group):
 128         group.add_argument('--openid', choices=['yes', 'no'], default='yes',
 129                            help='Configure OpenID Provider')
 130
 131     def configure(self, opts):
 132         if opts['openid'] != 'yes':
 133             return
 134
 135         proto = 'https'
 136         if opts['secure'].lower() == 'no':
 137             proto = 'http'
 138         url = '%s://%s/%s/openid/' % (
 139             proto, opts['hostname'], opts['instance'])
 140
 141         # Add configuration data to database
 142         po = PluginObject(*self.pargs)
 143         po.name = 'openid'
 144         po.wipe_data()
 145         po.wipe_config_values()
 146         config = {'endpoint url': url,
 147                   'identity_url_template': '%sid/%%(username)s' % url}
 148         po.save_plugin_config(config)
 149
 150         # Update global config to add login plugin
 151         po.is_enabled = True
 152         po.save_enabled_state()