X-Git-Url: http://git.cascardo.info/?p=cascardo%2Fipsilon.git;a=blobdiff_plain;f=ipsilon%2Flogin%2Fcommon.py;h=31053a0bcb82759d202cdb176bc9611b8f1bc119;hp=b394fa0ce90cf8d604141811880cf019666ee6a4;hb=426f03dffc8f648a12b5f8a4b2ab30c8b4498be3;hpb=b7b80c5c0fc1895e85aae3acbfcbbc593a42697f diff --git a/ipsilon/login/common.py b/ipsilon/login/common.py old mode 100755 new mode 100644 index b394fa0..31053a0 --- a/ipsilon/login/common.py +++ b/ipsilon/login/common.py @@ -1,26 +1,10 @@ -#!/usr/bin/python -# -# Copyright (C) 2013 Simo Sorce -# -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . +# Copyright (C) 2013 Ipsilon project Contributors, for license see COPYING from ipsilon.util.page import Page from ipsilon.util.user import UserSession from ipsilon.util.plugin import PluginInstaller, PluginLoader -from ipsilon.util.plugin import PluginObject, PluginConfig +from ipsilon.util.plugin import PluginObject +from ipsilon.util.config import ConfigHelper from ipsilon.info.common import Info from ipsilon.util.cookies import SecureCookie import cherrypy @@ -29,44 +13,54 @@ import cherrypy USERNAME_COOKIE = 'ipsilon_default_username' -class LoginManagerBase(PluginConfig, PluginObject): +class LoginManagerBase(ConfigHelper, PluginObject): def __init__(self, *args): - PluginConfig.__init__(self) + ConfigHelper.__init__(self) PluginObject.__init__(self, *args) self._root = None self._site = None self.path = '/' self.info = None - def redirect_to_path(self, path): + def redirect_to_path(self, path, trans=None): base = cherrypy.config.get('base.mount', "") - raise cherrypy.HTTPRedirect('%s/login/%s' % (base, path)) + url = '%s/login/%s' % (base, path) + if trans: + url += '?%s' % trans.get_GET_arg() + raise cherrypy.HTTPRedirect(url) def auth_successful(self, trans, username, auth_type=None, userdata=None): session = UserSession() + # merge attributes from login plugin and info plugin if self.info: - userattrs = self.info.get_user_attrs(username) - if userdata: - userdata.update(userattrs.get('userdata', {})) - else: - userdata = userattrs.get('userdata', {}) + infoattrs = self.info.get_user_attrs(username) + else: + infoattrs = dict() + + if userdata is None: + userdata = dict() + + if '_groups' in infoattrs: + userdata['_groups'] = list(set(userdata.get('_groups', []) + + infoattrs['_groups'])) + del infoattrs['_groups'] - # merge groups and extras from login plugin and info plugin - userdata['groups'] = list(set(userdata.get('groups', []) + - userattrs.get('groups', []))) + if '_extras' in infoattrs: + userdata['_extras'] = userdata.get('_extras', {}) + userdata['_extras'].update(infoattrs['_extras']) + del infoattrs['_extras'] - userdata['extras'] = userdata.get('extras', {}) - userdata['extras'].update(userattrs.get('extras', {})) + userdata.update(infoattrs) - self.debug("User %s attributes: %s" % (username, repr(userdata))) + self.debug("User %s attributes: %s" % (username, repr(userdata))) if auth_type: if userdata: - userdata.update({'auth_type': auth_type}) + userdata.update({'_auth_type': auth_type}) else: - userdata = {'auth_type': auth_type} + userdata = {'_auth_type': auth_type} # create session login including all the userdata just gathered session.login(username, userdata) @@ -91,11 +85,11 @@ class LoginManagerBase(PluginConfig, PluginObject): trans.wipe() raise cherrypy.HTTPRedirect(redirect) - def auth_failed(self, trans): + def auth_failed(self, trans, message=None): # try with next module next_login = self.next_login() if next_login: - return self.redirect_to_path(next_login.path) + return self.redirect_to_path(next_login.path, trans) # return to the caller if any session = UserSession() @@ -110,10 +104,13 @@ class LoginManagerBase(PluginConfig, PluginObject): # destroy session and return error if 'login_return' not in transdata: session.logout(None) - raise cherrypy.HTTPError(401) + raise cherrypy.HTTPError(401, message) raise cherrypy.HTTPRedirect(transdata['login_return']) + def set_auth_error(self): + cherrypy.response.status = 401 + def get_tree(self, site): raise NotImplementedError @@ -130,6 +127,19 @@ class LoginManagerBase(PluginConfig, PluginObject): except (ValueError, IndexError): return None + def other_login_stacks(self): + plugins = self._site[FACILITY] + stack = list() + try: + idx = plugins.enabled.index(self.name) + except (ValueError, IndexError): + idx = None + for i in range(0, len(plugins.enabled)): + if i == idx: + continue + stack.append(plugins.available[plugins.enabled[i]]) + return stack + def on_enable(self): # and add self to the root @@ -160,7 +170,6 @@ class LoginFormBase(LoginPageBase): def GET(self, *args, **kwargs): context = self.create_tmpl_context() - # pylint: disable=star-args return self._template(self.formtemplate, **context) def root(self, *args, **kwargs): @@ -170,25 +179,30 @@ class LoginFormBase(LoginPageBase): return op(*args, **kwargs) def create_tmpl_context(self, **kwargs): - next_url = None - next_login = self.lm.next_login() - if next_login: - next_url = '%s?%s' % (next_login.path, - self.trans.get_GET_arg()) + other_stacks = None + other_login_stacks = self.lm.other_login_stacks() + if other_login_stacks: + other_stacks = list() + for ls in other_login_stacks: + url = '%s?%s' % (ls.path, self.trans.get_GET_arg()) + name = ls.name + other_stacks.append({'url': url, 'name': name}) cookie = SecureCookie(USERNAME_COOKIE) cookie.receive() username = cookie.value - if username is None: - username = '' target = None if self.trans is not None: tid = self.trans.transaction_id target = self.trans.retrieve().get('login_target') + username = self.trans.retrieve().get('login_username') if tid is None: tid = '' + if username is None: + username = '' + context = { "title": 'Login', "action": '%s/%s' % (self.basepath, self.formpage), @@ -196,7 +210,7 @@ class LoginFormBase(LoginPageBase): "username_text": self.lm.username_text, "password_text": self.lm.password_text, "description": self.lm.help_text, - "next_url": next_url, + "other_stacks": other_stacks, "username": username, "login_target": target, "cancel_url": '%s/login/cancel?%s' % (self.basepath, @@ -225,14 +239,14 @@ class Login(Page): self._site[FACILITY] = plugins available = plugins.available.keys() - self._debug('Available login managers: %s' % str(available)) + self.debug('Available login managers: %s' % str(available)) for item in plugins.available: plugin = plugins.available[item] plugin.register(self, self._site) for item in plugins.enabled: - self._debug('Login plugin in enabled list: %s' % item) + self.debug('Login plugin in enabled list: %s' % item) if item not in plugins.available: continue plugins.available[item].enable() @@ -260,11 +274,28 @@ class Login(Page): class Logout(Page): + def __init__(self, *args, **kwargs): + super(Logout, self).__init__(*args, **kwargs) + self.handlers = {} def root(self, *args, **kwargs): - UserSession().logout(self.user) + us = UserSession() + + for provider in self.handlers: + self.debug("Calling logout for provider %s" % provider) + obj = self.handlers[provider] + obj() + + us.logout(self.user) return self._template('logout.html', title='Logout') + def add_handler(self, provider, handler): + """ + Providers can register a logout handler here that is called + when the IdP logout link is accessed. + """ + self.handlers[provider] = handler + class Cancel(Page): @@ -285,6 +316,25 @@ class Cancel(Page): return op(*args, **kwargs) +class LoginManagerInstaller(object): + def __init__(self): + self.facility = FACILITY + self.ptype = 'login' + self.name = None + + def unconfigure(self, opts, changes): + return + + def install_args(self, group): + raise NotImplementedError + + def validate_args(self, args): + return + + def configure(self, opts, changes): + raise NotImplementedError + + class LoginMgrsInstall(object): def __init__(self):