1 # Copyright (C) 2014 Ipsilon project Contributors, for license see COPYING
3 from __future__ import absolute_import
5 from ipsilon.providers.common import ProviderBase, ProviderInstaller
6 from ipsilon.providers.openid.store import OpenIDStore
7 from ipsilon.providers.openid.auth import OpenID
8 from ipsilon.providers.openid.extensions.common import LoadExtensions
9 from ipsilon.util.plugin import PluginObject
10 from ipsilon.util import config as pconfig
11 from ipsilon.info.common import InfoMapping
13 from openid.server.server import Server
16 class IdpProvider(ProviderBase):
18 def __init__(self, *pargs):
19 super(IdpProvider, self).__init__('openid', 'openid', *pargs)
20 self.mapping = InfoMapping()
25 self.extensions = LoadExtensions()
26 self.description = """
27 Provides OpenID 2.0 authentication infrastructure. """
33 'Database URL for OpenID temp storage',
36 'default email domain',
37 'Used for users missing the email property.',
41 'The Absolute URL of the OpenID provider',
42 'http://localhost:8080/idp/openid/'),
44 'identity url template',
45 'The templated URL where identities are exposed.',
46 'http://localhost:8080/idp/openid/id/%(username)s'),
49 'List of trusted relying parties.'),
52 'List of untrusted relying parties.'),
55 'Choose the extensions to enable',
56 self.extensions.available().keys()),
58 'default attribute mapping',
59 'Defines how to map attributes before calling extensions',
62 'default allowed attributes',
63 'Defines a list of allowed attributes, applied after mapping',
68 def endpoint_url(self):
69 url = self.get_config_value('endpoint url')
76 def default_email_domain(self):
77 return self.get_config_value('default email domain')
80 def identity_url_template(self):
81 url = self.get_config_value('identity url template')
88 def trusted_roots(self):
89 return self.get_config_value('trusted roots')
92 def untrusted_roots(self):
93 return self.get_config_value('untrusted roots')
96 def enabled_extensions(self):
97 return self.get_config_value('enabled extensions')
100 def default_attribute_mapping(self):
101 return self.get_config_value('default attribute mapping')
104 def default_allowed_attributes(self):
105 return self.get_config_value('default allowed attributes')
107 def get_tree(self, site):
108 self.page = OpenID(site, self)
109 # self.admin = AdminPage(site, self)
113 def used_datastores(self):
114 return [self.datastore]
117 self.datastore = OpenIDStore(self.get_config_value('database url'))
118 self.server = Server(
120 op_endpoint=self.endpoint_url)
122 # Expose OpenID presence in the root
123 headers = self._root.default_headers
124 headers['X-XRDS-Location'] = self.endpoint_url+'XRDS'
126 html_heads = self._root.html_heads
127 HEAD_LINK = '<link rel="%s" href="%s">'
128 openid_heads = [HEAD_LINK % ('openid2.provider', self.endpoint_url),
129 HEAD_LINK % ('openid.server', self.endpoint_url)]
130 html_heads['openid'] = openid_heads
133 super(IdpProvider, self).on_enable()
135 self.extensions.enable(self._config['enabled extensions'].get_value())
138 class Installer(ProviderInstaller):
140 def __init__(self, *pargs):
141 super(Installer, self).__init__()
145 def install_args(self, group):
146 group.add_argument('--openid', choices=['yes', 'no'], default='yes',
147 help='Configure OpenID Provider')
148 group.add_argument('--openid-dburi',
149 help='OpenID database URI')
150 group.add_argument('--openid-extensions', default='',
151 help='List of OpenID Extensions to enable')
153 def configure(self, opts, changes):
154 if opts['openid'] != 'yes':
158 if opts['secure'].lower() == 'no':
160 url = '%s://%s/%s/openid/' % (
161 proto, opts['hostname'], opts['instance'])
163 # Add configuration data to database
164 po = PluginObject(*self.pargs)
167 po.wipe_config_values()
168 config = {'endpoint url': url,
169 'identity url template': '%sid/%%(username)s' % url,
170 'database url': opts['openid_dburi'] or
171 opts['database_url'] % {
172 'datadir': opts['data_dir'], 'dbname': 'openid'},
173 'enabled extensions': opts['openid_extensions']}
174 po.save_plugin_config(config)
176 # Update global config to add login plugin
178 po.save_enabled_state()