X-Git-Url: http://git.cascardo.info/?p=cascardo%2Fipsilon.git;a=blobdiff_plain;f=ipsilon%2Flogin%2Fauthfas.py;h=71db372fbc5d15662c5adda6aaa77221f97b0dc8;hp=1592cac777edae443120a9dbd7a83b8b0b7a1254;hb=83da2bf3963db3e4427bced3b4c0681e751e54da;hpb=a511d8ab35cc0f2872eac640ed4120766f92704a diff --git a/ipsilon/login/authfas.py b/ipsilon/login/authfas.py index 1592cac..71db372 100755 --- a/ipsilon/login/authfas.py +++ b/ipsilon/login/authfas.py @@ -3,17 +3,50 @@ # Copyright (C) 2014 Ipsilon contributors, see COPYING file for license +from ipsilon.info.common import InfoMapping from ipsilon.login.common import LoginFormBase, LoginManagerBase from ipsilon.login.common import FACILITY from ipsilon.util.plugin import PluginObject +from ipsilon.util import config as pconfig import cherrypy from fedora.client.fasproxy import FasProxyClient from fedora.client import AuthError +try: + import openid_cla.cla as cla + + CLA_GROUPS = { + 'cla_click': cla.CLA_URI_FEDORA_CLICK, + 'cla_dell': cla.CLA_URI_FEDORA_DELL, + 'cla_done': cla.CLA_URI_FEDORA_DONE, + 'cla_fedora': cla.CLA_URI_FEDORA_FEDORA, + 'cla_fpca': cla.CLA_URI_FEDORA_FPCA, + 'cla_ibm': cla.CLA_URI_FEDORA_IBM, + 'cla_intel': cla.CLA_URI_FEDORA_INTEL, + 'cla_redhat': cla.CLA_URI_FEDORA_REDHAT, + } +except ImportError: + CLA_GROUPS = dict() + +fas_mapping = { + 'username': 'nickname', + 'telephone': 'phone', + 'country_code': 'country', + 'human_name': 'fullname', + 'email': 'email', + 'timezone': 'timezone', +} + + class FAS(LoginFormBase): + def __init__(self, site, mgr, page): + super(FAS, self).__init__(site, mgr, page) + self.mapper = InfoMapping() + self.mapper.set_mapping(fas_mapping) + def POST(self, *args, **kwargs): username = kwargs.get("login_name") password = kwargs.get("login_password") @@ -28,8 +61,10 @@ class FAS(LoginFormBase): except Exception, e: # pylint: disable=broad-except cherrypy.log.error("Unknown Error [%s]" % str(e)) if data and data.user: - return self.lm.auth_successful(data.user['username'], - userdata={'fas': data.user}) + userdata = self.make_userdata(data.user) + return self.lm.auth_successful(self.trans, + data.user['username'], + userdata=userdata) else: error = "Authentication failed" cherrypy.log.error(error) @@ -46,6 +81,25 @@ class FAS(LoginFormBase): # pylint: disable=star-args return self._template(self.formtemplate, **context) + def make_userdata(self, fas_data): + userdata, fas_extra = self.mapper.map_attrs(fas_data) + + # compute and store groups and cla groups + userdata['groups'] = [] + userdata['extras'] = {'fas': fas_extra, 'cla': []} + for group in fas_data.get('approved_memberships', {}): + if 'name' not in group: + continue + if group.get('group_type') == 'cla': + if group['name'] in CLA_GROUPS: + userdata['extras']['cla'].append(CLA_GROUPS[group['name']]) + else: + userdata['extras']['cla'].append(group['name']) + else: + userdata['groups'].append(group['name']) + + return userdata + class LoginManager(LoginManagerBase): @@ -59,38 +113,33 @@ class LoginManager(LoginManagerBase): self.description = """ Form based login Manager that uses the Fedora Authentication Server """ - self._options = { - 'help text': [ - """ The text shown to guide the user at login time. """, - 'string', - 'Login wth your FAS credentials' - ], - 'username text': [ - """ The text shown to ask for the username in the form. """, - 'string', - 'FAS Username' - ], - 'password text': [ - """ The text shown to ask for the password in the form. """, - 'string', - 'Password' - ], - 'FAS url': [ - """ The FAS Url. """, - 'string', - 'https://admin.fedoraproject.org/accounts/' - ], - 'FAS Proxy client user Agent': [ - """ The User Agent presented to the FAS Server. """, - 'string', - 'Ipsilon v1.0' - ], - 'FAS Insecure Auth': [ - """ If 'YES' skips FAS server cert verification. """, - 'string', - '' - ], - } + self.new_config( + self.name, + pconfig.String( + 'FAS url', + 'The FAS Url.', + 'https://admin.fedoraproject.org/accounts/'), + pconfig.String( + 'FAS Proxy client user Agent', + 'The User Agent presented to the FAS Server.', + 'Ipsilon v1.0'), + pconfig.Condition( + 'FAS Insecure Auth', + 'If checked skips FAS server cert verification.', + False), + pconfig.String( + 'username text', + 'Text used to ask for the username at login time.', + 'FAS Username'), + pconfig.String( + 'password text', + 'Text used to ask for the password at login time.', + 'Password'), + pconfig.String( + 'help text', + 'Text used to guide the user at login time.', + 'Login with your FAS credentials') + ) @property def help_text(self): @@ -120,7 +169,7 @@ Form based login Manager that uses the Fedora Authentication Server self.fpc = FasProxyClient(base_url=self.fas_url, useragent=self.user_agent, insecure=(self.insecure == 'YES')) - self.page = FAS(site, self, 'login/fas', 'login/fas.html') + self.page = FAS(site, self, 'login/fas') return self.page @@ -155,5 +204,4 @@ class Installer(object): order = [] order.append('fas') globalconf['order'] = ','.join(order) - po.set_config(globalconf) - po.save_plugin_config(FACILITY) + po.save_plugin_config(FACILITY, globalconf)