ipsilon/providers/openidp.py

   1 #!/usr/bin/python
   2 #
   3 # Copyright (C) 2014  Ipsilon project Contributors, for licensee see COPYING
   4
   5 from __future__ import absolute_import
   6
   7 from ipsilon.providers.common import ProviderBase
   8 from ipsilon.providers.common import FACILITY
   9 from ipsilon.providers.openid.auth import OpenID
  10 from ipsilon.providers.openid.extensions.common import LoadExtensions
  11 from ipsilon.util.plugin import PluginObject
  12 from ipsilon.util import config as pconfig
  13 from ipsilon.info.common import InfoMapping
  14
  15 from openid.server.server import Server
  16 # TODO: Move this to the database
  17 from openid.store.memstore import MemoryStore
  18
  19
  20 class IdpProvider(ProviderBase):
  21
  22     def __init__(self):
  23         super(IdpProvider, self).__init__('openid', 'openid')
  24         self.mapping = InfoMapping()
  25         self.page = None
  26         self.server = None
  27         self.basepath = None
  28         self.extensions = LoadExtensions()
  29         print self.extensions.available()
  30         print self.extensions.available().keys()
  31         self.description = """
  32 Provides OpenID 2.0 authentication infrastructure. """
  33
  34         self.new_config(
  35             self.name,
  36             pconfig.String(
  37                 'default email domain',
  38                 'Used for users missing the email property.',
  39                 'example.com'),
  40             pconfig.String(
  41                 'endpoint url',
  42                 'The Absolute URL of the OpenID provider',
  43                 'http://localhost:8080/idp/openid/'),
  44             pconfig.Template(
  45                 'identity url template',
  46                 'The templated URL where identities are exposed.',
  47                 'http://localhost:8080/idp/openid/id/%(username)s'),
  48             pconfig.List(
  49                 'trusted roots',
  50                 'List of trusted relying parties.'),
  51             pconfig.List(
  52                 'untrusted roots',
  53                 'List of untrusted relying parties.'),
  54             pconfig.Choice(
  55                 'enabled extensions',
  56                 'Choose the extensions to enable',
  57                 self.extensions.available().keys()),
  58             pconfig.Condition(
  59                 'enabled',
  60                 'Whether the OpenID IDP is enabled',
  61                 False)
  62         )
  63
  64     @property
  65     def endpoint_url(self):
  66         url = self.get_config_value('endpoint url')
  67         if url.endswith('/'):
  68             return url
  69         else:
  70             return url+'/'
  71
  72     @property
  73     def default_email_domain(self):
  74         return self.get_config_value('default email domain')
  75
  76     @property
  77     def identity_url_template(self):
  78         url = self.get_config_value('identity url template')
  79         if url.endswith('/'):
  80             return url
  81         else:
  82             return url+'/'
  83
  84     @property
  85     def trusted_roots(self):
  86         return self.get_config_value('trusted roots')
  87
  88     @property
  89     def untrusted_roots(self):
  90         return self.get_config_value('untrusted roots')
  91
  92     @property
  93     def enabled_extensions(self):
  94         return self.get_config_value('enabled extensions')
  95
  96     def get_tree(self, site):
  97         self.init_idp()
  98         self.page = OpenID(site, self)
  99         # self.admin = AdminPage(site, self)
 100
 101         # Expose OpenID presence in the root
 102         headers = site[FACILITY]['root'].default_headers
 103         headers['X-XRDS-Location'] = self.endpoint_url+'XRDS'
 104
 105         html_heads = site[FACILITY]['root'].html_heads
 106         HEAD_LINK = '<link rel="%s" href="%s">'
 107         openid_heads = [HEAD_LINK % ('openid2.provider', self.endpoint_url),
 108                         HEAD_LINK % ('openid.server', self.endpoint_url)]
 109         html_heads['openid'] = openid_heads
 110
 111         return self.page
 112
 113     def init_idp(self):
 114         self.server = Server(MemoryStore(), op_endpoint=self.endpoint_url)
 115
 116     def on_enable(self):
 117         self.init_idp()
 118         self.extensions.enable(self._config['enabled extensions'].get_value())
 119
 120
 121 class Installer(object):
 122
 123     def __init__(self):
 124         self.name = 'openid'
 125         self.ptype = 'provider'
 126
 127     def install_args(self, group):
 128         group.add_argument('--openid', choices=['yes', 'no'], default='yes',
 129                            help='Configure OpenID Provider')
 130
 131     def configure(self, opts):
 132         if opts['openid'] != 'yes':
 133             return
 134
 135         proto = 'https'
 136         if opts['secure'].lower() == 'no':
 137             proto = 'http'
 138         url = '%s://%s/%s/openid/' % (
 139             proto, opts['hostname'], opts['instance'])
 140
 141         # Add configuration data to database
 142         po = PluginObject()
 143         po.name = 'openid'
 144         po.wipe_data()
 145
 146         po.wipe_config_values(FACILITY)
 147         config = {'endpoint url': url,
 148                   'identity_url_template': '%sid/%%(username)s' % url,
 149                   'enabled': '1'}
 150         po.save_plugin_config(FACILITY, config)