-#!/usr/bin/python
-#
-# Copyright (C) 2014 Ipsilon project Contributors, for licensee see COPYING
+# Copyright (C) 2014 Ipsilon project Contributors, for license see COPYING
from __future__ import absolute_import
-from ipsilon.providers.common import ProviderBase
-from ipsilon.providers.common import FACILITY
+from ipsilon.providers.common import ProviderBase, ProviderInstaller
+from ipsilon.providers.openid.store import OpenIDStore
from ipsilon.providers.openid.auth import OpenID
from ipsilon.providers.openid.extensions.common import LoadExtensions
from ipsilon.util.plugin import PluginObject
+from ipsilon.util import config as pconfig
+from ipsilon.info.common import InfoMapping
from openid.server.server import Server
-# TODO: Move this to the database
-from openid.store.memstore import MemoryStore
class IdpProvider(ProviderBase):
- def __init__(self):
- super(IdpProvider, self).__init__('openid', 'openid')
+ def __init__(self, *pargs):
+ super(IdpProvider, self).__init__('openid', 'openid', *pargs)
+ self.mapping = InfoMapping()
self.page = None
+ self.datastore = None
self.server = None
self.basepath = None
- self.extensions = None
+ self.extensions = LoadExtensions()
self.description = """
Provides OpenID 2.0 authentication infrastructure. """
- self._options = {
- 'default email domain': [
- """Default email domain, for users missing email property.""",
- 'string',
- 'example.com'
- ],
- 'endpoint url': [
- """The Absolute URL of the OpenID provider""",
- 'string',
- 'http://localhost:8080/idp/openid/'
- ],
- 'identity url template': [
- """The templated URL where identities are exposed.""",
- 'string',
- 'http://localhost:8080/idp/openid/id/%(username)s'
- ],
- 'trusted roots': [
- """List of trusted relying parties.""",
- 'list',
- []
- ],
- 'untrusted roots': [
- """List of untrusted relying parties.""",
- 'list',
- []
- ],
- 'enabled extensions': [
- """List of enabled extensions""",
- 'list',
- []
- ],
- }
+ self.new_config(
+ self.name,
+ pconfig.String(
+ 'database url',
+ 'Database URL for OpenID temp storage',
+ 'openid.sqlite'),
+ pconfig.String(
+ 'default email domain',
+ 'Used for users missing the email property.',
+ 'example.com'),
+ pconfig.String(
+ 'endpoint url',
+ 'The Absolute URL of the OpenID provider',
+ 'http://localhost:8080/idp/openid/'),
+ pconfig.Template(
+ 'identity url template',
+ 'The templated URL where identities are exposed.',
+ 'http://localhost:8080/idp/openid/id/%(username)s'),
+ pconfig.List(
+ 'trusted roots',
+ 'List of trusted relying parties.'),
+ pconfig.List(
+ 'untrusted roots',
+ 'List of untrusted relying parties.'),
+ pconfig.Choice(
+ 'enabled extensions',
+ 'Choose the extensions to enable',
+ self.extensions.available().keys()),
+ pconfig.MappingList(
+ 'default attribute mapping',
+ 'Defines how to map attributes before calling extensions',
+ [['*', '*']]),
+ pconfig.ComplexList(
+ 'default allowed attributes',
+ 'Defines a list of allowed attributes, applied after mapping',
+ ['*']),
+ )
@property
def endpoint_url(self):
def enabled_extensions(self):
return self.get_config_value('enabled extensions')
+ @property
+ def default_attribute_mapping(self):
+ return self.get_config_value('default attribute mapping')
+
+ @property
+ def default_allowed_attributes(self):
+ return self.get_config_value('default allowed attributes')
+
def get_tree(self, site):
- self.init_idp()
self.page = OpenID(site, self)
# self.admin = AdminPage(site, self)
+ return self.page
+
+ def used_datastores(self):
+ return [self.datastore]
+
+ def init_idp(self):
+ self.datastore = OpenIDStore(self.get_config_value('database url'))
+ self.server = Server(
+ self.datastore,
+ op_endpoint=self.endpoint_url)
+
# Expose OpenID presence in the root
- headers = site[FACILITY]['root'].default_headers
+ headers = self._root.default_headers
headers['X-XRDS-Location'] = self.endpoint_url+'XRDS'
- html_heads = site[FACILITY]['root'].html_heads
+ html_heads = self._root.html_heads
HEAD_LINK = '<link rel="%s" href="%s">'
openid_heads = [HEAD_LINK % ('openid2.provider', self.endpoint_url),
HEAD_LINK % ('openid.server', self.endpoint_url)]
html_heads['openid'] = openid_heads
- return self.page
-
- def init_idp(self):
- self.server = Server(MemoryStore(), op_endpoint=self.endpoint_url)
- loader = LoadExtensions(self.enabled_extensions)
- self.extensions = loader.get_extensions()
-
def on_enable(self):
+ super(IdpProvider, self).on_enable()
self.init_idp()
+ self.extensions.enable(self._config['enabled extensions'].get_value())
-class Installer(object):
+class Installer(ProviderInstaller):
- def __init__(self):
+ def __init__(self, *pargs):
+ super(Installer, self).__init__()
self.name = 'openid'
- self.ptype = 'provider'
+ self.pargs = pargs
def install_args(self, group):
group.add_argument('--openid', choices=['yes', 'no'], default='yes',
help='Configure OpenID Provider')
+ group.add_argument('--openid-dburi',
+ help='OpenID database URI')
+ group.add_argument('--openid-extensions', default='',
+ help='List of OpenID Extensions to enable')
- def configure(self, opts):
+ def configure(self, opts, changes):
if opts['openid'] != 'yes':
return
proto, opts['hostname'], opts['instance'])
# Add configuration data to database
- po = PluginObject()
+ po = PluginObject(*self.pargs)
po.name = 'openid'
po.wipe_data()
-
- po.wipe_config_values(FACILITY)
+ po.wipe_config_values()
config = {'endpoint url': url,
- 'identity_url_template': '%sid/%%(username)s' % url,
- 'enabled': '1'}
- po.set_config(config)
- po.save_plugin_config(FACILITY)
+ 'identity url template': '%sid/%%(username)s' % url,
+ 'database url': opts['openid_dburi'] or
+ opts['database_url'] % {
+ 'datadir': opts['data_dir'], 'dbname': 'openid'},
+ 'enabled extensions': opts['openid_extensions']}
+ po.save_plugin_config(config)
+
+ # Update global config to add login plugin
+ po.is_enabled = True
+ po.save_enabled_state()