-#!/usr/bin/python
-#
-# Copyright (C) 2014 Ipsilon contributors, see COPYING file for license
+# Copyright (C) 2014 Ipsilon project Contributors, for license see COPYING
-
-from ipsilon.login.common import LoginFormBase, LoginManagerBase
-from ipsilon.login.common import FACILITY
+from ipsilon.login.common import LoginFormBase, LoginManagerBase, \
+ LoginManagerInstaller
from ipsilon.util.plugin import PluginObject
+from ipsilon.util.policy import Policy
+from ipsilon.util import config as pconfig
import cherrypy
+import logging
from fedora.client.fasproxy import FasProxyClient
from fedora.client import AuthError
+try:
+ import openid_cla.cla as cla
+
+ CLA_GROUPS = {
+ 'cla_click': cla.CLA_URI_FEDORA_CLICK,
+ 'cla_dell': cla.CLA_URI_FEDORA_DELL,
+ 'cla_done': cla.CLA_URI_FEDORA_DONE,
+ 'cla_fedora': cla.CLA_URI_FEDORA_FEDORA,
+ 'cla_fpca': cla.CLA_URI_FEDORA_FPCA,
+ 'cla_ibm': cla.CLA_URI_FEDORA_IBM,
+ 'cla_intel': cla.CLA_URI_FEDORA_INTEL,
+ 'cla_redhat': cla.CLA_URI_FEDORA_REDHAT,
+ }
+except ImportError:
+ CLA_GROUPS = dict()
+
+fas_mapping = [
+ ['username', 'nickname'],
+ ['telephone', 'phone'],
+ ['country_code', 'country'],
+ ['human_name', 'fullname'],
+ ['email', 'email'],
+ ['timezone', 'timezone'],
+]
+
+
class FAS(LoginFormBase):
+ def __init__(self, site, mgr, page):
+ super(FAS, self).__init__(site, mgr, page)
+ self.mapper = Policy(fas_mapping)
+
def POST(self, *args, **kwargs):
username = kwargs.get("login_name")
password = kwargs.get("login_password")
try:
_, data = self.lm.fpc.login(username, password)
except AuthError, e:
- cherrypy.log.error("Authentication error [%s]" % str(e))
+ cherrypy.log.error("Authentication error [%s]" % str(e),
+ severity=logging.ERROR)
except Exception, e: # pylint: disable=broad-except
- cherrypy.log.error("Unknown Error [%s]" % str(e))
+ cherrypy.log.error("Unknown Error [%s]" % str(e),
+ severity=logging.ERROR)
+
if data and data.user:
+ userdata = self.make_userdata(data.user)
return self.lm.auth_successful(self.trans,
data.user['username'],
- userdata={'fas': data.user})
+ userdata=userdata)
else:
error = "Authentication failed"
- cherrypy.log.error(error)
+ cherrypy.log.error(error, severity=logging.ERROR)
else:
error = "Username or password is missing"
- cherrypy.log.error("Error: " + error)
+ cherrypy.log.error("Error: " + error, severity=logging.ERROR)
context = self.create_tmpl_context(
username=username,
error_password=not password,
error_username=not username
)
- # pylint: disable=star-args
+ self.lm.set_auth_error()
return self._template(self.formtemplate, **context)
+ def make_userdata(self, fas_data):
+ userdata, fas_extra = self.mapper.map_attributes(fas_data)
+
+ # compute and store groups and cla groups
+ userdata['_groups'] = []
+ userdata['_extras'] = {'fas': fas_extra, 'cla': []}
+ for group in fas_data.get('approved_memberships', {}):
+ if 'name' not in group:
+ continue
+ if group.get('group_type') == 'cla':
+ if group['name'] in CLA_GROUPS:
+ group_name = CLA_GROUPS[group['name']]
+ else:
+ group_name = group['name']
+ userdata['_extras']['cla'].append(group_name)
+ else:
+ userdata['_groups'].append(group['name'])
+
+ return userdata
+
class LoginManager(LoginManagerBase):
self.description = """
Form based login Manager that uses the Fedora Authentication Server
"""
- self._options = {
- 'help text': [
- """ The text shown to guide the user at login time. """,
- 'string',
- 'Login wth your FAS credentials'
- ],
- 'username text': [
- """ The text shown to ask for the username in the form. """,
- 'string',
- 'FAS Username'
- ],
- 'password text': [
- """ The text shown to ask for the password in the form. """,
- 'string',
- 'Password'
- ],
- 'FAS url': [
- """ The FAS Url. """,
- 'string',
- 'https://admin.fedoraproject.org/accounts/'
- ],
- 'FAS Proxy client user Agent': [
- """ The User Agent presented to the FAS Server. """,
- 'string',
- 'Ipsilon v1.0'
- ],
- 'FAS Insecure Auth': [
- """ If 'YES' skips FAS server cert verification. """,
- 'string',
- ''
- ],
- }
- self.conf_opt_order = ['FAS url', 'FAS Proxy client user Agent',
- 'FAS Insecure Auth', 'username text',
- 'password text', 'help text']
+ self.new_config(
+ self.name,
+ pconfig.String(
+ 'FAS url',
+ 'The FAS Url.',
+ 'https://admin.fedoraproject.org/accounts/'),
+ pconfig.String(
+ 'FAS Proxy client user Agent',
+ 'The User Agent presented to the FAS Server.',
+ 'Ipsilon v1.0'),
+ pconfig.Condition(
+ 'FAS Insecure Auth',
+ 'If checked skips FAS server cert verification.',
+ False),
+ pconfig.String(
+ 'username text',
+ 'Text used to ask for the username at login time.',
+ 'FAS Username'),
+ pconfig.String(
+ 'password text',
+ 'Text used to ask for the password at login time.',
+ 'Password'),
+ pconfig.String(
+ 'help text',
+ 'Text used to guide the user at login time.',
+ 'Login with your FAS credentials')
+ )
@property
def help_text(self):
self.fpc = FasProxyClient(base_url=self.fas_url,
useragent=self.user_agent,
insecure=(self.insecure == 'YES'))
- self.page = FAS(site, self, 'login/fas', 'login/fas.html')
+ self.page = FAS(site, self, 'login/fas')
return self.page
-class Installer(object):
+class Installer(LoginManagerInstaller):
- def __init__(self):
+ def __init__(self, *pargs):
+ super(Installer, self).__init__()
self.name = 'fas'
- self.ptype = 'login'
+ self.pargs = pargs
def install_args(self, group):
group.add_argument('--fas', choices=['yes', 'no'], default='no',
return
# Add configuration data to database
- po = PluginObject()
+ po = PluginObject(*self.pargs)
po.name = 'fas'
po.wipe_data()
-
- po.wipe_config_values(FACILITY)
+ po.wipe_config_values()
# Update global config to add login plugin
- po = PluginObject()
- po.name = 'global'
- globalconf = po.get_plugin_config(FACILITY)
- if 'order' in globalconf:
- order = globalconf['order'].split(',')
- else:
- order = []
- order.append('fas')
- globalconf['order'] = ','.join(order)
- po.set_config(globalconf)
- po.save_plugin_config(FACILITY)
+ po.is_enabled = True
+ po.save_enabled_state()