# Copyright (C) 2014 Ipsilon contributors, see COPYING file for license
+from ipsilon.info.common import InfoMapping
from ipsilon.login.common import LoginFormBase, LoginManagerBase
from ipsilon.login.common import FACILITY
from ipsilon.util.plugin import PluginObject
+from ipsilon.util import config as pconfig
import cherrypy
from fedora.client.fasproxy import FasProxyClient
from fedora.client import AuthError
+try:
+ import openid_cla.cla as cla
+
+ CLA_GROUPS = {
+ 'cla_click': cla.CLA_URI_FEDORA_CLICK,
+ 'cla_dell': cla.CLA_URI_FEDORA_DELL,
+ 'cla_done': cla.CLA_URI_FEDORA_DONE,
+ 'cla_fedora': cla.CLA_URI_FEDORA_FEDORA,
+ 'cla_fpca': cla.CLA_URI_FEDORA_FPCA,
+ 'cla_ibm': cla.CLA_URI_FEDORA_IBM,
+ 'cla_intel': cla.CLA_URI_FEDORA_INTEL,
+ 'cla_redhat': cla.CLA_URI_FEDORA_REDHAT,
+ }
+except ImportError:
+ CLA_GROUPS = dict()
+
+fas_mapping = {
+ 'username': 'nickname',
+ 'telephone': 'phone',
+ 'country_code': 'country',
+ 'human_name': 'fullname',
+ 'email': 'email',
+ 'timezone': 'timezone',
+}
+
+
class FAS(LoginFormBase):
+ def __init__(self, site, mgr, page):
+ super(FAS, self).__init__(site, mgr, page)
+ self.mapper = InfoMapping()
+ self.mapper.set_mapping(fas_mapping)
+
def POST(self, *args, **kwargs):
username = kwargs.get("login_name")
password = kwargs.get("login_password")
except Exception, e: # pylint: disable=broad-except
cherrypy.log.error("Unknown Error [%s]" % str(e))
if data and data.user:
- return self.lm.auth_successful(data.user['username'],
- userdata={'fas': data.user})
+ userdata = self.make_userdata(data.user)
+ return self.lm.auth_successful(self.trans,
+ data.user['username'],
+ userdata=userdata)
else:
error = "Authentication failed"
cherrypy.log.error(error)
# pylint: disable=star-args
return self._template(self.formtemplate, **context)
+ def make_userdata(self, fas_data):
+ userdata, fas_extra = self.mapper.map_attrs(fas_data)
+
+ # compute and store groups and cla groups
+ userdata['groups'] = []
+ userdata['extras'] = {'fas': fas_extra, 'cla': []}
+ for group in fas_data.get('approved_memberships', {}):
+ if 'name' not in group:
+ continue
+ if group.get('group_type') == 'cla':
+ if group['name'] in CLA_GROUPS:
+ userdata['extras']['cla'].append(CLA_GROUPS[group['name']])
+ else:
+ userdata['extras']['cla'].append(group['name'])
+ else:
+ userdata['groups'].append(group['name'])
+
+ return userdata
+
class LoginManager(LoginManagerBase):
self.description = """
Form based login Manager that uses the Fedora Authentication Server
"""
- self._options = {
- 'help text': [
- """ The text shown to guide the user at login time. """,
- 'string',
- 'Login wth your FAS credentials'
- ],
- 'username text': [
- """ The text shown to ask for the username in the form. """,
- 'string',
- 'FAS Username'
- ],
- 'password text': [
- """ The text shown to ask for the password in the form. """,
- 'string',
- 'Password'
- ],
- 'FAS url': [
- """ The FAS Url. """,
- 'string',
- 'https://admin.fedoraproject.org/accounts/'
- ],
- 'FAS Proxy client user Agent': [
- """ The User Agent presented to the FAS Server. """,
- 'string',
- 'Ipsilon v1.0'
- ],
- 'FAS Insecure Auth': [
- """ If 'YES' skips FAS server cert verification. """,
- 'string',
- ''
- ],
- }
+ self.new_config(
+ self.name,
+ pconfig.String(
+ 'FAS url',
+ 'The FAS Url.',
+ 'https://admin.fedoraproject.org/accounts/'),
+ pconfig.String(
+ 'FAS Proxy client user Agent',
+ 'The User Agent presented to the FAS Server.',
+ 'Ipsilon v1.0'),
+ pconfig.Condition(
+ 'FAS Insecure Auth',
+ 'If checked skips FAS server cert verification.',
+ False),
+ pconfig.String(
+ 'username text',
+ 'Text used to ask for the username at login time.',
+ 'FAS Username'),
+ pconfig.String(
+ 'password text',
+ 'Text used to ask for the password at login time.',
+ 'Password'),
+ pconfig.String(
+ 'help text',
+ 'Text used to guide the user at login time.',
+ 'Login with your FAS credentials')
+ )
@property
def help_text(self):
self.fpc = FasProxyClient(base_url=self.fas_url,
useragent=self.user_agent,
insecure=(self.insecure == 'YES'))
- self.page = FAS(site, self, 'login/fas', 'login/fas.html')
+ self.page = FAS(site, self, 'login/fas')
return self.page
order = []
order.append('fas')
globalconf['order'] = ','.join(order)
- po.set_config(globalconf)
- po.save_plugin_config(FACILITY)
+ po.save_plugin_config(FACILITY, globalconf)