projects / cascardo / ipsilon.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Add expiration to Idp metadata
[cascardo/ipsilon.git] / ipsilon / util / page.py
1 # Copyright (C) 2013  Simo Sorce <simo@redhat.com>
2 #
3 # see file 'COPYING' for use and warranty information
4 #
5 # This program is free software; you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation, either version 3 of the License, or
8 # (at your option) any later version.
9 #
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13 # GNU General Public License for more details.
14 #
15 # You should have received a copy of the GNU General Public License
16 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
17
18 import cherrypy
19 from ipsilon.util.log import Log
20 from ipsilon.util.user import UserSession
21 from ipsilon.util.trans import Transaction
22 from urllib import unquote
23 try:
24     from urlparse import urlparse
25     from urlparse import parse_qs
26 except ImportError:
27     # pylint: disable=no-name-in-module, import-error
28     from urllib.parse import urlparse
29     from urllib.parse import parse_qs
30
31
32 def admin_protect(fn):
33
34     def check(*args, **kwargs):
35         if UserSession().get_user().is_admin:
36             return fn(*args, **kwargs)
37
38         raise cherrypy.HTTPError(403)
39
40     return check
41
42
43 class Page(Log):
44     def __init__(self, site, form=False):
45         if 'template_env' not in site:
46             raise ValueError('Missing template environment')
47         self._site = site
48         self.basepath = cherrypy.config.get('base.mount', "")
49         self.user = None
50         self._is_form_page = form
51         self.default_headers = dict()
52         self.auth_protect = False
53
54     def get_url(self):
55         return cherrypy.url(relative=False)
56
57     def instance_base_url(self):
58         url = self.get_url()
59         s = urlparse(unquote(url))
60         return '%s://%s%s' % (s.scheme, s.netloc, self.basepath)
61
62     def _check_referer(self, referer, url):
63         r = urlparse(unquote(referer))
64         u = urlparse(unquote(url))
65         if r.scheme != u.scheme:
66             return False
67         if r.netloc != u.netloc:
68             return False
69         if r.path.startswith(self.basepath):
70             return True
71         return False
72
73     def __call__(self, *args, **kwargs):
74         # pylint: disable=star-args
75         cherrypy.response.headers.update(self.default_headers)
76
77         self.user = UserSession().get_user()
78
79         if self.auth_protect and self.user.is_anonymous:
80             raise cherrypy.HTTPError(401)
81
82         if len(args) > 0:
83             op = getattr(self, args[0], None)
84             if callable(op) and getattr(op, 'public_function', None):
85                 return op(*args[1:], **kwargs)
86         else:
87             if self._is_form_page:
88                 self._debug("method: %s" % cherrypy.request.method)
89                 op = getattr(self, cherrypy.request.method, None)
90                 if callable(op):
91                     # Basic CSRF protection
92                     if cherrypy.request.method != 'GET':
93                         url = self.get_url()
94                         if 'referer' not in cherrypy.request.headers:
95                             self._debug("Missing referer in %s request to %s"
96                                         % (cherrypy.request.method, url))
97                             raise cherrypy.HTTPError(403)
98                         referer = cherrypy.request.headers['referer']
99                         if not self._check_referer(referer, url):
100                             self._debug("Wrong referer %s in request to %s"
101                                         % (referer, url))
102                             raise cherrypy.HTTPError(403)
103                     return op(*args, **kwargs)
104             else:
105                 op = getattr(self, 'root', None)
106                 if callable(op):
107                     return op(*args, **kwargs)
108
109         return self.default(*args, **kwargs)
110
111     def _template_model(self):
112         model = dict()
113         model['basepath'] = self.basepath
114         model['title'] = 'IPSILON'
115         model['user'] = self.user
116         return model
117
118     def _template(self, *args, **kwargs):
119         # pylint: disable=star-args
120         t = self._site['template_env'].get_template(args[0])
121         m = self._template_model()
122         m.update(kwargs)
123         return t.render(**m)
124
125     def default(self, *args, **kwargs):
126         raise cherrypy.NotFound()
127
128     def add_subtree(self, name, page):
129         self.__dict__[name] = page
130
131     def del_subtree(self, name):
132         del self.__dict__[name]
133
134     def get_valid_transaction(self, provider, **kwargs):
135         try:
136             t = Transaction(provider)
137             # Try with kwargs first
138             tid = t.find_tid(kwargs)
139             if not tid:
140                 # If no TID yet See if we have it in a referer
141                 if 'referer' in cherrypy.request.headers:
142                     r = urlparse(unquote(cherrypy.request.headers['referer']))
143                     if r.query:
144                         tid = t.find_tid(parse_qs(r.query))
145                 if not tid:
146                     t.create_tid()
147             return t
148         except ValueError:
149             msg = 'Transaction expired, or cookies not available'
150             raise cherrypy.HTTPError(401, msg)
151
152     exposed = True
Unnamed repository; edit this file 'description' to name the repository.