X-Git-Url: http://git.cascardo.info/?p=cascardo%2Fipsilon.git;a=blobdiff_plain;f=ipsilon%2Fproviders%2Fopenidp.py;h=8f745784211fbbb2bcdbf837f4043e4f1532dadd;hp=2e41050d9960ff0f2b74f7dbf868812071bf6690;hb=485baf6ee7a315d1af1086fe5b5da8cff6c4ba37;hpb=f461a713ce28e434a34dca4e4d1abbfe255ef1ff diff --git a/ipsilon/providers/openidp.py b/ipsilon/providers/openidp.py old mode 100755 new mode 100644 index 2e41050..8f74578 --- a/ipsilon/providers/openidp.py +++ b/ipsilon/providers/openidp.py @@ -1,63 +1,67 @@ -#!/usr/bin/python -# -# Copyright (C) 2014 Ipsilon project Contributors, for licensee see COPYING +# Copyright (C) 2014 Ipsilon project Contributors, for license see COPYING from __future__ import absolute_import -from ipsilon.providers.common import ProviderBase -from ipsilon.providers.common import FACILITY +from ipsilon.providers.common import ProviderBase, ProviderInstaller +from ipsilon.providers.openid.store import OpenIDStore from ipsilon.providers.openid.auth import OpenID from ipsilon.providers.openid.extensions.common import LoadExtensions from ipsilon.util.plugin import PluginObject +from ipsilon.util import config as pconfig +from ipsilon.info.common import InfoMapping from openid.server.server import Server -# TODO: Move this to the database -from openid.store.memstore import MemoryStore class IdpProvider(ProviderBase): - def __init__(self): - super(IdpProvider, self).__init__('openid', 'openid') + def __init__(self, *pargs): + super(IdpProvider, self).__init__('openid', 'openid', *pargs) + self.mapping = InfoMapping() self.page = None self.server = None self.basepath = None - self.extensions = None + self.extensions = LoadExtensions() self.description = """ Provides OpenID 2.0 authentication infrastructure. """ - self._options = { - 'default email domain': [ - """Default email domain, for users missing email property.""", - 'string', - 'example.com' - ], - 'endpoint url': [ - """The Absolute URL of the OpenID provider""", - 'string', - 'http://localhost:8080/idp/openid/' - ], - 'identity url template': [ - """The templated URL where identities are exposed.""", - 'string', - 'http://localhost:8080/idp/openid/id/%(username)s' - ], - 'trusted roots': [ - """List of trusted relying parties.""", - 'list', - [] - ], - 'untrusted roots': [ - """List of untrusted relying parties.""", - 'list', - [] - ], - 'enabled extensions': [ - """List of enabled extensions""", - 'list', - [] - ], - } + self.new_config( + self.name, + pconfig.String( + 'database url', + 'Database URL for OpenID temp storage', + 'openid.sqlite'), + pconfig.String( + 'default email domain', + 'Used for users missing the email property.', + 'example.com'), + pconfig.String( + 'endpoint url', + 'The Absolute URL of the OpenID provider', + 'http://localhost:8080/idp/openid/'), + pconfig.Template( + 'identity url template', + 'The templated URL where identities are exposed.', + 'http://localhost:8080/idp/openid/id/%(username)s'), + pconfig.List( + 'trusted roots', + 'List of trusted relying parties.'), + pconfig.List( + 'untrusted roots', + 'List of untrusted relying parties.'), + pconfig.Choice( + 'enabled extensions', + 'Choose the extensions to enable', + self.extensions.available().keys()), + pconfig.MappingList( + 'default attribute mapping', + 'Defines how to map attributes before calling extensions', + [['*', '*']]), + pconfig.ComplexList( + 'default allowed attributes', + 'Defines a list of allowed attributes, applied after mapping', + ['*']), + ) @property def endpoint_url(self): @@ -91,43 +95,58 @@ Provides OpenID 2.0 authentication infrastructure. """ def enabled_extensions(self): return self.get_config_value('enabled extensions') + @property + def default_attribute_mapping(self): + return self.get_config_value('default attribute mapping') + + @property + def default_allowed_attributes(self): + return self.get_config_value('default allowed attributes') + def get_tree(self, site): self.init_idp() self.page = OpenID(site, self) # self.admin = AdminPage(site, self) + return self.page + + def init_idp(self): + self.server = Server( + OpenIDStore(self.get_config_value('database url')), + op_endpoint=self.endpoint_url) + # Expose OpenID presence in the root - headers = site[FACILITY]['root'].default_headers + headers = self._root.default_headers headers['X-XRDS-Location'] = self.endpoint_url+'XRDS' - html_heads = site[FACILITY]['root'].html_heads + html_heads = self._root.html_heads HEAD_LINK = '' openid_heads = [HEAD_LINK % ('openid2.provider', self.endpoint_url), HEAD_LINK % ('openid.server', self.endpoint_url)] html_heads['openid'] = openid_heads - return self.page - - def init_idp(self): - self.server = Server(MemoryStore(), op_endpoint=self.endpoint_url) - loader = LoadExtensions(self.enabled_extensions) - self.extensions = loader.get_extensions() - def on_enable(self): + super(IdpProvider, self).on_enable() self.init_idp() + self.extensions.enable(self._config['enabled extensions'].get_value()) -class Installer(object): +class Installer(ProviderInstaller): - def __init__(self): + def __init__(self, *pargs): + super(Installer, self).__init__() self.name = 'openid' - self.ptype = 'provider' + self.pargs = pargs def install_args(self, group): group.add_argument('--openid', choices=['yes', 'no'], default='yes', help='Configure OpenID Provider') + group.add_argument('--openid-dburi', + help='OpenID database URI') + group.add_argument('--openid-extensions', default='', + help='List of OpenID Extensions to enable') - def configure(self, opts): + def configure(self, opts, changes): if opts['openid'] != 'yes': return @@ -138,13 +157,18 @@ class Installer(object): proto, opts['hostname'], opts['instance']) # Add configuration data to database - po = PluginObject() + po = PluginObject(*self.pargs) po.name = 'openid' po.wipe_data() - - po.wipe_config_values(FACILITY) + po.wipe_config_values() config = {'endpoint url': url, - 'identity_url_template': '%sid/%%(username)s' % url, - 'enabled': '1'} - po.set_config(config) - po.save_plugin_config(FACILITY) + 'identity url template': '%sid/%%(username)s' % url, + 'database url': opts['openid_dburi'] or + opts['database_url'] % { + 'datadir': opts['data_dir'], 'dbname': 'openid'}, + 'enabled extensions': opts['openid_extensions']} + po.save_plugin_config(config) + + # Update global config to add login plugin + po.is_enabled = True + po.save_enabled_state()