X-Git-Url: http://git.cascardo.info/?p=cascardo%2Fipsilon.git;a=blobdiff_plain;f=ipsilon%2Fproviders%2Fopenidp.py;h=8f745784211fbbb2bcdbf837f4043e4f1532dadd;hp=197b1cf66c2c1898b915649ff5612886c2fb8cc0;hb=485baf6ee7a315d1af1086fe5b5da8cff6c4ba37;hpb=83da2bf3963db3e4427bced3b4c0681e751e54da diff --git a/ipsilon/providers/openidp.py b/ipsilon/providers/openidp.py old mode 100755 new mode 100644 index 197b1cf..8f74578 --- a/ipsilon/providers/openidp.py +++ b/ipsilon/providers/openidp.py @@ -1,11 +1,9 @@ -#!/usr/bin/python -# -# Copyright (C) 2014 Ipsilon project Contributors, for licensee see COPYING +# Copyright (C) 2014 Ipsilon project Contributors, for license see COPYING from __future__ import absolute_import -from ipsilon.providers.common import ProviderBase -from ipsilon.providers.common import FACILITY +from ipsilon.providers.common import ProviderBase, ProviderInstaller +from ipsilon.providers.openid.store import OpenIDStore from ipsilon.providers.openid.auth import OpenID from ipsilon.providers.openid.extensions.common import LoadExtensions from ipsilon.util.plugin import PluginObject @@ -13,26 +11,26 @@ from ipsilon.util import config as pconfig from ipsilon.info.common import InfoMapping from openid.server.server import Server -# TODO: Move this to the database -from openid.store.memstore import MemoryStore class IdpProvider(ProviderBase): - def __init__(self): - super(IdpProvider, self).__init__('openid', 'openid') + def __init__(self, *pargs): + super(IdpProvider, self).__init__('openid', 'openid', *pargs) self.mapping = InfoMapping() self.page = None self.server = None self.basepath = None self.extensions = LoadExtensions() - print self.extensions.available() - print self.extensions.available().keys() self.description = """ Provides OpenID 2.0 authentication infrastructure. """ self.new_config( self.name, + pconfig.String( + 'database url', + 'Database URL for OpenID temp storage', + 'openid.sqlite'), pconfig.String( 'default email domain', 'Used for users missing the email property.', @@ -55,10 +53,14 @@ Provides OpenID 2.0 authentication infrastructure. """ 'enabled extensions', 'Choose the extensions to enable', self.extensions.available().keys()), - pconfig.Condition( - 'enabled', - 'Whether the OpenID IDP is enabled', - False) + pconfig.MappingList( + 'default attribute mapping', + 'Defines how to map attributes before calling extensions', + [['*', '*']]), + pconfig.ComplexList( + 'default allowed attributes', + 'Defines a list of allowed attributes, applied after mapping', + ['*']), ) @property @@ -93,42 +95,58 @@ Provides OpenID 2.0 authentication infrastructure. """ def enabled_extensions(self): return self.get_config_value('enabled extensions') + @property + def default_attribute_mapping(self): + return self.get_config_value('default attribute mapping') + + @property + def default_allowed_attributes(self): + return self.get_config_value('default allowed attributes') + def get_tree(self, site): self.init_idp() self.page = OpenID(site, self) # self.admin = AdminPage(site, self) + return self.page + + def init_idp(self): + self.server = Server( + OpenIDStore(self.get_config_value('database url')), + op_endpoint=self.endpoint_url) + # Expose OpenID presence in the root - headers = site[FACILITY]['root'].default_headers + headers = self._root.default_headers headers['X-XRDS-Location'] = self.endpoint_url+'XRDS' - html_heads = site[FACILITY]['root'].html_heads + html_heads = self._root.html_heads HEAD_LINK = '' openid_heads = [HEAD_LINK % ('openid2.provider', self.endpoint_url), HEAD_LINK % ('openid.server', self.endpoint_url)] html_heads['openid'] = openid_heads - return self.page - - def init_idp(self): - self.server = Server(MemoryStore(), op_endpoint=self.endpoint_url) - def on_enable(self): + super(IdpProvider, self).on_enable() self.init_idp() self.extensions.enable(self._config['enabled extensions'].get_value()) -class Installer(object): +class Installer(ProviderInstaller): - def __init__(self): + def __init__(self, *pargs): + super(Installer, self).__init__() self.name = 'openid' - self.ptype = 'provider' + self.pargs = pargs def install_args(self, group): group.add_argument('--openid', choices=['yes', 'no'], default='yes', help='Configure OpenID Provider') + group.add_argument('--openid-dburi', + help='OpenID database URI') + group.add_argument('--openid-extensions', default='', + help='List of OpenID Extensions to enable') - def configure(self, opts): + def configure(self, opts, changes): if opts['openid'] != 'yes': return @@ -139,12 +157,18 @@ class Installer(object): proto, opts['hostname'], opts['instance']) # Add configuration data to database - po = PluginObject() + po = PluginObject(*self.pargs) po.name = 'openid' po.wipe_data() - - po.wipe_config_values(FACILITY) + po.wipe_config_values() config = {'endpoint url': url, - 'identity_url_template': '%sid/%%(username)s' % url, - 'enabled': '1'} - po.save_plugin_config(FACILITY, config) + 'identity url template': '%sid/%%(username)s' % url, + 'database url': opts['openid_dburi'] or + opts['database_url'] % { + 'datadir': opts['data_dir'], 'dbname': 'openid'}, + 'enabled extensions': opts['openid_extensions']} + po.save_plugin_config(config) + + # Update global config to add login plugin + po.is_enabled = True + po.save_enabled_state()