Fix error returned from login plugins

[cascardo/ipsilon.git] / ipsilon / login / authkrb.py

diff --git a/ipsilon/login/authkrb.py b/ipsilon/login/authkrb.py
old mode 100755 (executable)
new mode 100644 (file)
index af659e7..60eeb6b
--- a/ipsilon/login/authkrb.py
+++ b/ipsilon/login/authkrb.py
@@ -1,5 +1,3 @@
-#!/usr/bin/python
-#
 # Copyright (C) 2014  Simo Sorce <simo@redhat.com>
 #
 # see file 'COPYING' for use and warranty information
@@ -17,9 +15,10 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-from ipsilon.login.common import LoginPageBase, LoginManagerBase
-from ipsilon.login.common import FACILITY
+from ipsilon.login.common import LoginPageBase, LoginManagerBase, \
+    LoginManagerInstaller
 from ipsilon.util.plugin import PluginObject
+from ipsilon.util.user import UserSession
 from string import Template
 import cherrypy
 import os
@@ -36,13 +35,18 @@ class Krb(LoginPageBase):
 class KrbAuth(LoginPageBase):
 
     def root(self, *args, **kwargs):
+        trans = self.get_valid_transaction('login', **kwargs)
         # If we can get here, we must be authenticated and remote_user
         # was set. Check the session has a user set already or error.
-        if self.user and self.user.name:
+        us = UserSession()
+        us.remote_login()
+        self.user = us.get_user()
+        if not self.user.is_anonymous:
             userdata = {'krb_principal_name': self.user.name}
-            return self.lm.auth_successful(self.user.name, userdata)
+            return self.lm.auth_successful(trans, self.user.name,
+                                           'krb', userdata)
         else:
-            return self.lm.auth_failed()
+            return self.lm.auth_failed(trans)
 
 
 class KrbError(LoginPageBase):
@@ -55,8 +59,9 @@ class KrbError(LoginPageBase):
         if 'WWW-Authenticate' not in cherrypy.request.headers:
             cherrypy.response.status = 401
 
-            if self.lm.next_login:
-                return self.lm.next_login.page.root(*args, **kwargs)
+            next_login = self.lm.next_login()
+            if next_login:
+                return next_login.page.root(*args, **kwargs)
 
             conturl = '%s/login' % self.basepath
             return self._template('login/krb.html',
@@ -64,7 +69,8 @@ class KrbError(LoginPageBase):
                                   cont=conturl)
 
         # If we get here, negotiate failed
-        return self.lm.auth_failed()
+        trans = self.get_valid_transaction('login', **kwargs)
+        return self.lm.auth_failed(trans)
 
 
 class LoginManager(LoginManagerBase):
@@ -77,6 +83,7 @@ class LoginManager(LoginManagerBase):
         self.description = """
 Kereros Negotiate authentication plugin. Relies on the mod_auth_kerb apache
 plugin for actual authentication. """
+        self.new_config(self.name)
 
     def get_tree(self, site):
         self.page = Krb(site, self)
@@ -107,11 +114,12 @@ CONF_TEMPLATE = """
 """
 
 
-class Installer(object):
+class Installer(LoginManagerInstaller):
 
-    def __init__(self):
+    def __init__(self, *pargs):
+        super(Installer, self).__init__()
         self.name = 'krb'
-        self.ptype = 'login'
+        self.pargs = pargs
 
     def install_args(self, group):
         group.add_argument('--krb', choices=['yes', 'no'], default='no',
@@ -144,18 +152,15 @@ class Installer(object):
             httpd_conf.write(hunk)
 
         # Add configuration data to database
-        po = PluginObject()
+        po = PluginObject(*self.pargs)
         po.name = 'krb'
         po.wipe_data()
 
         # Update global config, put 'krb' always first
-        po.name = 'global'
-        globalconf = po.get_plugin_config(FACILITY)
-        if 'order' in globalconf:
-            order = globalconf['order'].split(',')
-        else:
-            order = []
-        order.insert(0, 'krb')
-        globalconf['order'] = ','.join(order)
-        po.set_config(globalconf)
-        po.save_plugin_config(FACILITY)
+        ph = self.pargs[0]
+        ph.refresh_enabled()
+        if 'krb' not in ph.enabled:
+            enabled = []
+            enabled.extend(ph.enabled)
+            enabled.insert(0, 'krb')
+            ph.save_enabled(enabled)