IdP-initiated logout for current user

[cascardo/ipsilon.git] / ipsilon / login / common.py
diff --git a/ipsilon/login/common.py b/ipsilon/login/common.py

old mode 100755 (executable)

new mode 100644 (file)

index b394fa0..d616882
--- a/ipsilon/login/common.py
+++ b/ipsilon/login/common.py
@@ -1,5 +1,3 @@
-#!/usr/bin/python
-#
  # Copyright (C) 2013  Simo Sorce <simo@redhat.com>
  #
  # see file 'COPYING' for use and warranty information
@@ -39,34 +37,44 @@ class LoginManagerBase(PluginConfig, PluginObject):
          self.path = '/'
          self.info = None
  
-    def redirect_to_path(self, path):
+    def redirect_to_path(self, path, trans=None):
          base = cherrypy.config.get('base.mount', "")
-        raise cherrypy.HTTPRedirect('%s/login/%s' % (base, path))
+        url = '%s/login/%s' % (base, path)
+        if trans:
+            url += '?%s' % trans.get_GET_arg()
+        raise cherrypy.HTTPRedirect(url)
  
      def auth_successful(self, trans, username, auth_type=None, userdata=None):
          session = UserSession()
  
+        # merge attributes from login plugin and info plugin
          if self.info:
-            userattrs = self.info.get_user_attrs(username)
-            if userdata:
-                userdata.update(userattrs.get('userdata', {}))
-            else:
-                userdata = userattrs.get('userdata', {})
+            infoattrs = self.info.get_user_attrs(username)
+        else:
+            infoattrs = dict()
  
-            # merge groups and extras from login plugin and info plugin
-            userdata['groups'] = list(set(userdata.get('groups', []) +
-                                          userattrs.get('groups', [])))
+        if userdata is None:
+            userdata = dict()
  
-            userdata['extras'] = userdata.get('extras', {})
-            userdata['extras'].update(userattrs.get('extras', {}))
+        if '_groups' in infoattrs:
+            userdata['_groups'] = list(set(userdata.get('_groups', []) +
+                                           infoattrs['_groups']))
+            del infoattrs['_groups']
  
-            self.debug("User %s attributes: %s" % (username, repr(userdata)))
+        if '_extras' in infoattrs:
+            userdata['_extras'] = userdata.get('_extras', {})
+            userdata['_extras'].update(infoattrs['_extras'])
+            del infoattrs['_extras']
+
+        userdata.update(infoattrs)
+
+        self.debug("User %s attributes: %s" % (username, repr(userdata)))
  
          if auth_type:
              if userdata:
-                userdata.update({'auth_type': auth_type})
+                userdata.update({'_auth_type': auth_type})
              else:
-                userdata = {'auth_type': auth_type}
+                userdata = {'_auth_type': auth_type}
  
          # create session login including all the userdata just gathered
          session.login(username, userdata)
@@ -95,7 +103,7 @@ class LoginManagerBase(PluginConfig, PluginObject):
          # try with next module
          next_login = self.next_login()
          if next_login:
-            return self.redirect_to_path(next_login.path)
+            return self.redirect_to_path(next_login.path, trans)
  
          # return to the caller if any
          session = UserSession()
@@ -114,6 +122,9 @@ class LoginManagerBase(PluginConfig, PluginObject):
  
          raise cherrypy.HTTPRedirect(transdata['login_return'])
  
+    def set_auth_error(self):
+        cherrypy.response.status = 401
+
      def get_tree(self, site):
          raise NotImplementedError
  
@@ -179,16 +190,18 @@ class LoginFormBase(LoginPageBase):
          cookie = SecureCookie(USERNAME_COOKIE)
          cookie.receive()
          username = cookie.value
-        if username is None:
-            username = ''
  
          target = None
          if self.trans is not None:
              tid = self.trans.transaction_id
              target = self.trans.retrieve().get('login_target')
+            username = self.trans.retrieve().get('login_username')
          if tid is None:
              tid = ''
  
+        if username is None:
+            username = ''
+
          context = {
              "title": 'Login',
              "action": '%s/%s' % (self.basepath, self.formpage),
@@ -260,11 +273,28 @@ class Login(Page):
  
  
  class Logout(Page):
+    def __init__(self, *args, **kwargs):
+        super(Logout, self).__init__(*args, **kwargs)
+        self.handlers = {}
  
      def root(self, *args, **kwargs):
-        UserSession().logout(self.user)
+        us = UserSession()
+
+        for provider in self.handlers:
+            self.debug("Calling logout for provider %s" % provider)
+            obj = self.handlers[provider]
+            obj()
+
+        us.logout(self.user)
          return self._template('logout.html', title='Logout')
  
+    def add_handler(self, provider, handler):
+        """
+        Providers can register a logout handler here that is called
+        when the IdP logout link is accessed.
+        """
+        self.handlers[provider] = handler
+
  
  class Cancel(Page):
  
@@ -285,6 +315,25 @@ class Cancel(Page):
              return op(*args, **kwargs)
  
  
+class LoginManagerInstaller(object):
+    def __init__(self):
+        self.facility = FACILITY
+        self.ptype = 'login'
+        self.name = None
+
+    def unconfigure(self, opts):
+        return
+
+    def install_args(self, group):
+        raise NotImplementedError
+
+    def validate_args(self, args):
+        return
+
+    def configure(self, opts):
+        raise NotImplementedError
+
+
  class LoginMgrsInstall(object):
  
      def __init__(self):