for option in admin_config:
cherrypy.config[option] = admin_config[option]
-templates = os.path.join(cherrypy.config['base.dir'], 'templates')
-env = Environment(loader=FileSystemLoader(templates))
-
cherrypy.tools.protect = cherrypy.Tool('before_handler', page.protect)
+templates = os.path.join(cherrypy.config['base.dir'], 'templates')
+template_env = Environment(loader=FileSystemLoader(templates))
+
if __name__ == "__main__":
conf = {'/': {'tools.staticdir.root': os.getcwd()},
'/ui': {'tools.staticdir.on': True,
'tools.staticdir.dir': 'ui'}}
- cherrypy.quickstart(Root(env), '/', conf)
+ cherrypy.quickstart(Root('default', template_env), '/', conf)
else:
cherrypy.config['environment'] = 'embedded'
cherrypy.engine.start(blocking=False)
atexit.register(cherrypy.engine.stop)
- application = cherrypy.Application(Root(env),
+ application = cherrypy.Application(Root('default', template_env),
script_name=None, config=None)
--- /dev/null
+#!/usr/bin/python
+#
+# Copyright (C) 2013 Simo Sorce <simo@redhat.com>
+#
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+from ipsilon.util.page import Page
+from ipsilon.util.user import UserSession
+from ipsilon.util.plugin import PluginLoader, PluginObject
+import cherrypy
+
+
+class LoginManagerBase(PluginObject):
+
+ def __init__(self):
+ super(LoginManagerBase, self).__init__()
+ self.path = '/'
+ self.next_login = None
+
+ def redirect_to_path(self, path):
+ base = cherrypy.config.get('base.mount', "")
+ raise cherrypy.HTTPRedirect('%s/login/%s' % (base, path))
+
+ def auth_successful(self, username):
+ # save ref before calling UserSession login() as it
+ # may regenerate the session
+ ref = '/idp'
+ if 'referral' in cherrypy.session:
+ ref = cherrypy.session['referral']
+
+ UserSession().login(username)
+ raise cherrypy.HTTPRedirect(ref)
+
+ def auth_failed(self):
+ # Just make sure we destroy the session
+ UserSession().logout(None)
+
+ if self.next_login:
+ return self.redirect_to_path(self.next_login.path)
+
+ # FIXME: show an error page instead
+ raise cherrypy.HTTPError(401)
+
+
+class LoginPageBase(Page):
+
+ def __init__(self, site, mgr):
+ super(LoginPageBase, self).__init__(site)
+ self.lm = mgr
+
+ def root(self, *args, **kwargs):
+ raise cherrypy.HTTPError(500)
+
+
+FACILITY = 'login_config'
+
+
+class Login(Page):
+
+ def __init__(self, *args, **kwargs):
+ super(Login, self).__init__(*args, **kwargs)
+ self.first_login = None
+
+ loader = PluginLoader(Login, FACILITY, 'LoginManager')
+ self._site[FACILITY] = loader.get_plugin_data()
+ plugins = self._site[FACILITY]
+
+ prev_obj = None
+ for item in plugins['available']:
+ self._log('Login plugin available: %s' % item)
+ if item not in plugins['whitelist']:
+ continue
+ self._log('Login plugin enabled: %s' % item)
+ plugins['enabled'].append(item)
+ obj = plugins['available'][item]
+ if prev_obj:
+ prev_obj.next_login = obj
+ else:
+ self.first_login = obj
+ prev_obj = obj
+ if item in plugins['config']:
+ obj.set_config(plugins['config'][item])
+ self.__dict__[item] = obj.get_tree(self._site)
+
+ def _log(self, fact):
+ if cherrypy.config.get('debug', False):
+ cherrypy.log(fact)
+
+ def root(self, *args, **kwargs):
+ if self.first_login:
+ raise cherrypy.HTTPRedirect('%s/login/%s' %
+ (self.basepath,
+ self.first_login.path))
+ return self._template('login/index.html', title='Login')
+
+
+class Logout(Page):
+
+ def root(self, *args, **kwargs):
+ UserSession().logout(self.user)
+ return self._template('logout.html', title='Logout')
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from ipsilon.util.page import Page
+from ipsilon.login.common import Login
+from ipsilon.login.common import Logout
+
+sites = dict()
class Root(Page):
+ def __init__(self, site, template_env):
+ if not site in sites:
+ sites[site] = dict()
+ if template_env:
+ sites[site]['template_env'] = template_env
+ super(Root, self).__init__(sites[site])
+
+ # now set up the default login plugins
+ self.login = Login(self._site)
+ self.logout = Logout(self._site)
+
def root(self):
return self._template('index.html', title='Root')
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-from ipsilon.util.user import User
+from ipsilon.util.user import UserSession
import cherrypy
def protect():
- if cherrypy.request.login:
- user = cherrypy.session.get('user', None)
- if user == cherrypy.request.login:
- return
- else:
- cherrypy.session.regenerate()
- cherrypy.session['user'] = cherrypy.request.login
+ UserSession().remote_login()
class Page(object):
- def __init__(self, template_env):
- self._env = template_env
+ def __init__(self, site):
+ if not 'template_env' in site:
+ raise ValueError('Missing template environment')
+ self._site = site
self.basepath = cherrypy.config.get('base.mount', "")
- self.username = None
self.user = None
def __call__(self, *args, **kwargs):
# pylint: disable=star-args
- self.username = cherrypy.session.get('user', None)
- self.user = User(self.username)
+ self.user = UserSession().get_user()
if len(args) > 0:
op = getattr(self, args[0], None)
if callable(op) and getattr(self, args[0]+'.exposed', None):
- return op(args[1:], **kwargs)
+ return op(*args[1:], **kwargs)
else:
op = getattr(self, 'root', None)
if callable(op):
- return op(**kwargs)
+ return op(*args, **kwargs)
return self.default(*args, **kwargs)
def _template(self, *args, **kwargs):
- t = self._env.get_template(args[0])
+ t = self._site['template_env'].get_template(args[0])
return t.render(basepath=self.basepath, user=self.user, **kwargs)
def default(self, *args, **kwargs):
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from ipsilon.util.data import Store
+import cherrypy
class Site(object):
store = Store()
return store.get_user_preferences(username)
+ def reset(self):
+ self.name = None
+ self._userdata = dict()
+
@property
def is_admin(self):
if 'is_admin' in self._userdata:
def sites(self):
#TODO: implement setting sites via the user object ?
raise AttributeError
+
+
+class UserSession(object):
+ def __init__(self):
+ self.user = cherrypy.session.get('user', None)
+
+ def get_user(self):
+ return User(self.user)
+
+ def remote_login(self):
+ if cherrypy.request.login:
+ return self.login(cherrypy.request.login)
+
+ def login(self, username):
+ if self.user == username:
+ return
+
+ # REMOTE_USER changed, destroy old session and regenerate new
+ cherrypy.session.regenerate()
+ cherrypy.session['user'] = username
+ cherrypy.session.save()
+
+ cherrypy.log('LOGIN SUCCESSFUL: %s', username)
+
+ def logout(self, user):
+ if user is not None:
+ if not type(user) is User:
+ raise TypeError
+ # Completely reset user data
+ cherrypy.log.error('%s %s' % (user.name, user.fullname))
+ user.reset()
+
+ # Destroy current session in all cases
+ cherrypy.lib.sessions.expire()
name = 'ipsilon',
version = '0.1',
license = 'GPLv3+',
- packages = ['ipsilon', 'ipsilon.util'],
+ packages = ['ipsilon', 'ipsilon.login', 'ipsilon.util'],
data_files = [('share/man/man7', ["man/ipsilon.7"]),
('doc', ['COPYING']),
('examples', ['examples/ipsilon.conf'])]
<body>
<div id="container">
<div id="logo">
- <p>Ipsilon</p>
+ <p><a href="{{ basepath }}">Ipsilon</a></p>
</div>
<div id="admin">
{% if user.is_admin %}
</div>
<div id="content">
{% if not user.name %}
- <p>Please <a href="login">Log In</a>
+ <p>Please <a href="{{ basepath }}/login">Log In</a>
{% elif user.sites %}
<p>Registered application shortcuts:</p>
{% for site in user.sites %}
{% endfor %}
{% endif %}
</div>
+ <div id="logout">
+ {% if user.name %}
+ <p><a href="{{ basepath }}/logout">Log Out</a></p>
+ {% endif %}
+ </div>
</div>
</body>
</html>
--- /dev/null
+<!doctype html>
+<html lang="en">
+<head>
+ <meta charset="UTF-8"></meta>
+ <title>{{ title }}</title>
+ <link href="{{ basepath }}/ui/ipsilon.css" type="text/css" rel="stylesheet"></link>
+ <link href="{{ basepath }}/ui/favicon.ico" type="image/ico" rel="icon"></link>
+</head>
+<body>
+ <div id="container">
+ <div id="logo">
+ <p>Ipsilon</p>
+ </div>
+ <div id="admin">
+ {% if user.is_admin %}
+ <a href="admin">admin</a>
+ {% endif %}
+ </div>
+ <div id="login">
+ <p>Redirecting ... {{ redirect }}</p>
+ </div>
+ </div>
+</body>
+</html>
--- /dev/null
+<!doctype html>
+<html lang="en">
+<head>
+ <meta charset="UTF-8"></meta>
+ <title>{{ title }}</title>
+ <link href="{{ basepath }}/ui/ipsilon.css" type="text/css" rel="stylesheet"></link>
+ <link href="{{ basepath }}/ui/favicon.ico" type="image/ico" rel="icon"></link>
+</head>
+<body>
+ <div id="container">
+ <div id="logo">
+ <p><a href="{{ basepath }}">Ipsilon</a></p>
+ </div>
+ <div id="logout">
+ {% if user.name %}
+ <p>Something prevented a successful logout</p>
+ <p>You are still logged in as {{ user.fullname }}</p>
+ {% else %}
+ <p>Successfully logged out.</p>
+ <p>Return to <a href="{{ basepath }}">Home</a> page</p>
+ {% endif %}
+ </div>
+</body>
+</html>