X-Git-Url: http://git.cascardo.info/?p=cascardo%2Fipsilon.git;a=blobdiff_plain;f=ipsilon%2Fproviders%2Fopenidp.py;fp=ipsilon%2Fproviders%2Fopenidp.py;h=2e41050d9960ff0f2b74f7dbf868812071bf6690;hp=0000000000000000000000000000000000000000;hb=f461a713ce28e434a34dca4e4d1abbfe255ef1ff;hpb=c6fab2542f52f6cca71c207c1925785971e51295 diff --git a/ipsilon/providers/openidp.py b/ipsilon/providers/openidp.py new file mode 100755 index 0000000..2e41050 --- /dev/null +++ b/ipsilon/providers/openidp.py @@ -0,0 +1,150 @@ +#!/usr/bin/python +# +# Copyright (C) 2014 Ipsilon project Contributors, for licensee see COPYING + +from __future__ import absolute_import + +from ipsilon.providers.common import ProviderBase +from ipsilon.providers.common import FACILITY +from ipsilon.providers.openid.auth import OpenID +from ipsilon.providers.openid.extensions.common import LoadExtensions +from ipsilon.util.plugin import PluginObject + +from openid.server.server import Server +# TODO: Move this to the database +from openid.store.memstore import MemoryStore + + +class IdpProvider(ProviderBase): + + def __init__(self): + super(IdpProvider, self).__init__('openid', 'openid') + self.page = None + self.server = None + self.basepath = None + self.extensions = None + self.description = """ +Provides OpenID 2.0 authentication infrastructure. """ + + self._options = { + 'default email domain': [ + """Default email domain, for users missing email property.""", + 'string', + 'example.com' + ], + 'endpoint url': [ + """The Absolute URL of the OpenID provider""", + 'string', + 'http://localhost:8080/idp/openid/' + ], + 'identity url template': [ + """The templated URL where identities are exposed.""", + 'string', + 'http://localhost:8080/idp/openid/id/%(username)s' + ], + 'trusted roots': [ + """List of trusted relying parties.""", + 'list', + [] + ], + 'untrusted roots': [ + """List of untrusted relying parties.""", + 'list', + [] + ], + 'enabled extensions': [ + """List of enabled extensions""", + 'list', + [] + ], + } + + @property + def endpoint_url(self): + url = self.get_config_value('endpoint url') + if url.endswith('/'): + return url + else: + return url+'/' + + @property + def default_email_domain(self): + return self.get_config_value('default email domain') + + @property + def identity_url_template(self): + url = self.get_config_value('identity url template') + if url.endswith('/'): + return url + else: + return url+'/' + + @property + def trusted_roots(self): + return self.get_config_value('trusted roots') + + @property + def untrusted_roots(self): + return self.get_config_value('untrusted roots') + + @property + def enabled_extensions(self): + return self.get_config_value('enabled extensions') + + def get_tree(self, site): + self.init_idp() + self.page = OpenID(site, self) + # self.admin = AdminPage(site, self) + + # Expose OpenID presence in the root + headers = site[FACILITY]['root'].default_headers + headers['X-XRDS-Location'] = self.endpoint_url+'XRDS' + + html_heads = site[FACILITY]['root'].html_heads + HEAD_LINK = '' + openid_heads = [HEAD_LINK % ('openid2.provider', self.endpoint_url), + HEAD_LINK % ('openid.server', self.endpoint_url)] + html_heads['openid'] = openid_heads + + return self.page + + def init_idp(self): + self.server = Server(MemoryStore(), op_endpoint=self.endpoint_url) + loader = LoadExtensions(self.enabled_extensions) + self.extensions = loader.get_extensions() + + def on_enable(self): + self.init_idp() + + +class Installer(object): + + def __init__(self): + self.name = 'openid' + self.ptype = 'provider' + + def install_args(self, group): + group.add_argument('--openid', choices=['yes', 'no'], default='yes', + help='Configure OpenID Provider') + + def configure(self, opts): + if opts['openid'] != 'yes': + return + + proto = 'https' + if opts['secure'].lower() == 'no': + proto = 'http' + url = '%s://%s/%s/openid/' % ( + proto, opts['hostname'], opts['instance']) + + # Add configuration data to database + po = PluginObject() + po.name = 'openid' + po.wipe_data() + + po.wipe_config_values(FACILITY) + config = {'endpoint url': url, + 'identity_url_template': '%sid/%%(username)s' % url, + 'enabled': '1'} + po.set_config(config) + po.save_plugin_config(FACILITY)