cascardo/ipsilon.git
5 years agoMove some exceptions into provider.common
Simo Sorce [Tue, 7 Oct 2014 15:00:37 +0000 (11:00 -0400)]
Move some exceptions into provider.common

These are generically useful and can be rused as they are by other
providers.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoFix storing info plugin status and order
Simo Sorce [Thu, 9 Oct 2014 22:09:54 +0000 (18:09 -0400)]
Fix storing info plugin status and order

This is the same issue already resolved for the login plugins in
commit a6ed2bba137df5fb8a9fb2931ccb2d92ca3fa0e0

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoAdd sqlalchemy dependency to contrib rpm
Simo Sorce [Wed, 8 Oct 2014 20:02:42 +0000 (16:02 -0400)]
Add sqlalchemy dependency to contrib rpm

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoFix mod_auth_kerb based authentication
Simo Sorce [Thu, 9 Oct 2014 15:30:25 +0000 (11:30 -0400)]
Fix mod_auth_kerb based authentication

Recent changes in how self.user is populated broke krb based auth.
Explicitly check the remote user in the module to fix it.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoThe quickrun workdir and cscope.out should be ignored
Patrick Uiterwijk [Mon, 6 Oct 2014 19:08:51 +0000 (21:08 +0200)]
The quickrun workdir and cscope.out should be ignored

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
5 years agoAdd auto-auth requirement to all admin pages
Simo Sorce [Tue, 7 Oct 2014 03:32:34 +0000 (23:32 -0400)]
Add auto-auth requirement to all admin pages

Instead ofhaving to explicitly decorate all methods with auth_protect()
use the fact all pages go through Page.__call__ to conditionally check
if the user is anoynous and set a default when instantiating AdminPage
so that all admin pages require authentication.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoAdd AdminPage abstraction on top of util.Page
Simo Sorce [Tue, 7 Oct 2014 02:48:07 +0000 (22:48 -0400)]
Add AdminPage abstraction on top of util.Page

This is to allow different default headers between Admin pages and
other pages.
In particular we set no-caching headers to all admin pages to force
browsers to refresh as often as possible.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoAdd way to set default headers
Simo Sorce [Tue, 7 Oct 2014 02:18:56 +0000 (22:18 -0400)]
Add way to set default headers

When a Page is called automatically sets default headers by adding
headers on the default_headers variable.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoAdd pretty handler for 404
Simo Sorce [Tue, 7 Oct 2014 01:48:58 +0000 (21:48 -0400)]
Add pretty handler for 404

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoFix exposed functions
Simo Sorce [Tue, 7 Oct 2014 03:22:10 +0000 (23:22 -0400)]
Fix exposed functions

The Page util is supposed to intercept and enable exposed pages on
its own so that additional functions can be run in the generic __call__
Fix the code to check for the function argument correctly and use a
different argument than the standard cherrypy one for admin pages so
that we do actually land in the Page.__call__ all the time for those
pages.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoFix make cscope and clean
Simo Sorce [Mon, 6 Oct 2014 19:58:10 +0000 (15:58 -0400)]
Fix make cscope and clean

clean should clean more and cscope should not try to read an unexisting file.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoRedirect anonymous users away
Simo Sorce [Fri, 3 Oct 2014 17:24:37 +0000 (13:24 -0400)]
Redirect anonymous users away

It makes no sense to let anonymous users interact with the admin
pages so tighten up access and redirect away users that have no
rights.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoAdditional data store refactoring
Simo Sorce [Fri, 26 Sep 2014 21:41:04 +0000 (17:41 -0400)]
Additional data store refactoring

Use sqlalchemy to access Sql databases, which  are the only implemented
database backends for now.
If no database type is specified we assume a sqlite3 database file path
is configured (this is backwards compatible with current configuration
statements)

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoFix storing login plugin status and order
Simo Sorce [Fri, 26 Sep 2014 21:38:30 +0000 (17:38 -0400)]
Fix storing login plugin status and order

When plugins were enabled or disabled their status was not stored
in the database, unless the order was explicitly manipulated.
Moreover if the order was changed that fact would not be refrlected
in the actual authntication order until a restart.
Fix the code to always permanently store the enabled/disabled status,
and to immediately change the authentication order.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoMove wipe_data into Store() as reset_data
Simo Sorce [Thu, 25 Sep 2014 19:59:07 +0000 (15:59 -0400)]
Move wipe_data into Store() as reset_data

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoDatabases must be configured in cherrypy.config
Simo Sorce [Thu, 25 Sep 2014 20:05:04 +0000 (16:05 -0400)]
Databases must be configured in cherrypy.config

There was annoying duplicated init code in the data store classes that was
unused. Just require configuration to be present in cherrypy.config or bail.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoRemove unused dependency
Simo Sorce [Sun, 5 Oct 2014 16:49:11 +0000 (12:49 -0400)]
Remove unused dependency

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoProvide cleanup switch to quickrun
Simo Sorce [Thu, 25 Sep 2014 18:54:53 +0000 (14:54 -0400)]
Provide cleanup switch to quickrun

Easier to wipe old test and start with fresh data for a quickrun

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoUse installation template in quickrun
Simo Sorce [Thu, 25 Sep 2014 18:54:08 +0000 (14:54 -0400)]
Use installation template in quickrun

Instead of using a duplicate use installation template so there is
less risk of forgetting something in either.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoAdd make cscope target
Simo Sorce [Thu, 25 Sep 2014 20:09:39 +0000 (16:09 -0400)]
Add make cscope target

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoAdd transactions db default paths
Simo Sorce [Thu, 25 Sep 2014 18:36:32 +0000 (14:36 -0400)]
Add transactions db default paths

Fixes installation and quickrun

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoMake Transaction code more robust
Simo Sorce [Thu, 2 Oct 2014 23:51:34 +0000 (19:51 -0400)]
Make Transaction code more robust

Avoid raising exceptions when transactions are not found, just return
no cookies or empty dicts with no transactions in them.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoFix transaction handling in providers
Simo Sorce [Sun, 5 Oct 2014 18:00:25 +0000 (14:00 -0400)]
Fix transaction handling in providers

When a provider redirects to the login code, it must retain 'ownership'
of the transaction, otherwise the login code will wipe the transaction
data as sson as the authentication is completed but before the provider
has completed its part of the transaction.
Make sure the transaction code retrieves the 'owner' from the data for
pre-existing transactions.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoFix login session's userdata acquisition
Simo Sorce [Sun, 5 Oct 2014 17:33:16 +0000 (13:33 -0400)]
Fix login session's userdata acquisition

With the transaction code changes th session.login() function was
incorrectly moved before all the userdata was gathered. An incomplete
set was stored in the session.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoAdd testdir/ to gitignore.
Patrick Uiterwijk [Wed, 24 Sep 2014 18:53:14 +0000 (20:53 +0200)]
Add testdir/ to gitignore.

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
5 years agoAdd very simple LDAP authentication plugin
Simo Sorce [Thu, 28 Aug 2014 18:59:13 +0000 (14:59 -0400)]
Add very simple LDAP authentication plugin

Uses python-ldap to perform a simple bind after connecting to
the LDAP server using (by default) a TLS encrypted connection.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoTest transactions code with full redirect login
Simo Sorce [Fri, 19 Sep 2014 19:10:27 +0000 (15:10 -0400)]
Test transactions code with full redirect login

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoUse transactions throughout the code
Simo Sorce [Wed, 10 Sep 2014 21:20:02 +0000 (17:20 -0400)]
Use transactions throughout the code

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoAdd transactions support
Simo Sorce [Wed, 10 Sep 2014 21:19:55 +0000 (17:19 -0400)]
Add transactions support

In some cases a user may end up having multiple login pags in diffeent tabs in
the borwser (session restore after a crash, or simply opening multiple urls
which all redirect to the same IdP).
Without transactions multiple authentication requests in fly may step on each
other causing potentially all of them to fail to properly authenticate and
redirect back to the original web site.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoRefactor the data store a bit
Simo Sorce [Mon, 8 Sep 2014 19:55:34 +0000 (15:55 -0400)]
Refactor the data store a bit

Reduce code duplication, and clearly separates admin and user dbs.
Move plugin wrapper away and let plugin code use native functions.

This patch also changes the indexed data to use a uuid and assumes
2 identical uuid cannot be created concurrently.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoAdd abstraction class to handle cookies
Simo Sorce [Tue, 16 Sep 2014 21:07:18 +0000 (17:07 -0400)]
Add abstraction class to handle cookies

This handles secure cokies with useful helpers and defaults.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoAdd Info providers Admin pages
Simo Sorce [Tue, 2 Sep 2014 21:41:07 +0000 (17:41 -0400)]
Add Info providers Admin pages

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoAdd test that checks attrs are properly returned
Simo Sorce [Sat, 28 Jun 2014 03:10:12 +0000 (23:10 -0400)]
Add test that checks attrs are properly returned

Uses the info_nss module to source attirbutes from the system user

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoAdd support for returning user attributes
Simo Sorce [Mon, 16 Jun 2014 23:36:03 +0000 (19:36 -0400)]
Add support for returning user attributes

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoAdd Info Provider plugin framework
Simo Sorce [Fri, 27 Jun 2014 23:29:27 +0000 (19:29 -0400)]
Add Info Provider plugin framework

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoAdd error log facility to Log utility
Simo Sorce [Thu, 28 Aug 2014 18:25:15 +0000 (14:25 -0400)]
Add error log facility to Log utility

Also improve debug errors by adding the originating function

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoAdd proper ordering to login plugins config opts
Simo Sorce [Fri, 29 Aug 2014 22:03:34 +0000 (18:03 -0400)]
Add proper ordering to login plugins config opts

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoAllow plugins to determine config options order
Simo Sorce [Fri, 29 Aug 2014 21:50:45 +0000 (17:50 -0400)]
Allow plugins to determine config options order

Ordering may also be partial, for any option not specified they will be
appended in lexycographic order.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoRemove service name from the form plugin
Simo Sorce [Fri, 29 Aug 2014 22:04:49 +0000 (18:04 -0400)]
Remove service name from the form plugin

When using the external apache modules for form based authentication,
the pam service name is set in the apache config files and cannot be
dynamically changed, do not offr it as a configuration option.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoUse an instance specific session id cookie name
Simo Sorce [Fri, 1 Aug 2014 14:22:04 +0000 (10:22 -0400)]
Use an instance specific session id cookie name

Avoids issues if multiple instances are used on the same server

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoConfine session to the instance
Simo Sorce [Fri, 1 Aug 2014 14:19:53 +0000 (10:19 -0400)]
Confine session to the instance

Set session path so that the session is sent only for the specific instance

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoUse helper cookie to remember the username
Simo Sorce [Fri, 1 Aug 2014 12:15:49 +0000 (08:15 -0400)]
Use helper cookie to remember the username

This makes the login page a lot more friendy
Available only over HTTPS
Max age set to 15 days

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoCreate common form handler page
Simo Sorce [Fri, 1 Aug 2014 12:14:58 +0000 (08:14 -0400)]
Create common form handler page

Reduce duplication

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoRename form login page
Simo Sorce [Fri, 1 Aug 2014 11:59:52 +0000 (07:59 -0400)]
Rename form login page

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoRemove unused option from the FAS login plugin
Simo Sorce [Thu, 28 Aug 2014 18:44:43 +0000 (14:44 -0400)]
Remove unused option from the FAS login plugin

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoHandle the presence of additional form fields
Simo Sorce [Fri, 19 Sep 2014 19:08:52 +0000 (15:08 -0400)]
Handle the presence of additional form fields

For exampe hidden fields which must be preserved and POSTed back to the
action url.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoCast db value to string before comparison
Simo Sorce [Fri, 12 Sep 2014 21:13:14 +0000 (17:13 -0400)]
Cast db value to string before comparison

Avoid false negatives when the sqlite3 db is 'smart' and automatically
converts the type to integer.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoAllow deferred initialization of providers
Simo Sorce [Fri, 12 Sep 2014 21:17:59 +0000 (17:17 -0400)]
Allow deferred initialization of providers

This fixes enabling a provider after the sever is started.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoDo not reprovision if conf is already available
Simo Sorce [Mon, 8 Sep 2014 21:36:02 +0000 (17:36 -0400)]
Do not reprovision if conf is already available

Also use a more meaningful directory name by default

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoDeclare admin attribute
Simo Sorce [Mon, 8 Sep 2014 20:00:48 +0000 (16:00 -0400)]
Declare admin attribute

Makes lint happier

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoFix the check for hasattr(., 'admin')
Patrick Uiterwijk [Fri, 5 Sep 2014 21:37:28 +0000 (17:37 -0400)]
Fix the check for hasattr(., 'admin')

Avoid crashing if a provider does not have an admin interface

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
5 years agoAdd FAS login plugin
Simo Sorce [Tue, 26 Aug 2014 20:38:14 +0000 (16:38 -0400)]
Add FAS login plugin

This plugin simply take a Fedora username and password and authenticates
the user against the FAS Server.

FAS returned data is saved as userdata in the 'fas' attribute.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoRestore ability to run from checkout
Simo Sorce [Mon, 25 Aug 2014 20:40:21 +0000 (16:40 -0400)]
Restore ability to run from checkout

also adds quickrun.py script to make it easy.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoMove user attribute storage into session functions
Simo Sorce [Fri, 27 Jun 2014 23:36:56 +0000 (19:36 -0400)]
Move user attribute storage into session functions

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoUse new Log class everywhere
Simo Sorce [Sat, 28 Jun 2014 00:26:22 +0000 (20:26 -0400)]
Use new Log class everywhere

Replace copies of _debug function sprinkled all over the code
with a single implementation

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
- Removed replace of self._debug to self.debug

5 years agoAdd Log class that can be inherited from safely
Simo Sorce [Sat, 28 Jun 2014 00:17:00 +0000 (20:17 -0400)]
Add Log class that can be inherited from safely

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoPrefer the 'form' login manager in ipa setups
Simo Sorce [Tue, 17 Jun 2014 19:16:55 +0000 (15:16 -0400)]
Prefer the 'form' login manager in ipa setups

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk
- Replaced "all(lm not in" with "not any(lm in"

5 years agoAdd External form auth plugin
Simo Sorce [Mon, 16 Jun 2014 16:25:30 +0000 (12:25 -0400)]
Add External form auth plugin

This plugin uses mod_intercept_form_submit to perform authentication.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoRework remote_login and remove protect decorator
Simo Sorce [Wed, 18 Jun 2014 04:04:08 +0000 (00:04 -0400)]
Rework remote_login and remove protect decorator

The protect decorator was not really being used for anything, remove it.

Change the way UserSession's remote_login() works.
If called now it either sets a REMOTE_USER (if found) or nukes the current
user data in the session.
This means this function can be safely called only in a login plugin now.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
5 years agoChange test executables into modules
Simo Sorce [Mon, 16 Jun 2014 20:26:31 +0000 (16:26 -0400)]
Change test executables into modules

Create a common tests framework and convert tests into modules loaded
at runtime using the ipsilon plugin framework.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoFix warning
Simo Sorce [Mon, 16 Jun 2014 15:22:18 +0000 (11:22 -0400)]
Fix warning

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd tests to source distribution too
Simo Sorce [Mon, 16 Jun 2014 15:22:02 +0000 (11:22 -0400)]
Add tests to source distribution too

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd project url and maintainer data to setup file
Simo Sorce [Mon, 16 Jun 2014 15:21:15 +0000 (11:21 -0400)]
Add project url and maintainer data to setup file

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoStrenghten default Security options in IDP
Simo Sorce [Tue, 17 Jun 2014 13:13:38 +0000 (09:13 -0400)]
Strenghten default Security options in IDP

Always deny access to the IDP if not using SSL by default.
Always turn on secure/httponly cookies by default.
Add a switch to disable all security options for testing.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoFix non-'make test' installation
Simo Sorce [Tue, 17 Jun 2014 18:46:25 +0000 (14:46 -0400)]
Fix non-'make test' installation

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoMove parsing code into helpers module
Simo Sorce [Sun, 15 Jun 2014 21:46:47 +0000 (17:46 -0400)]
Move parsing code into helpers module

This way common test actions can be easily reused by multiple tests.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd server install option to turn on debugging
Simo Sorce [Fri, 6 Jun 2014 20:04:15 +0000 (16:04 -0400)]
Add server install option to turn on debugging

Use this in the testsuite so we can get meaningful output in the logs
when something fails.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoPrint more info about the steps being performed
Simo Sorce [Fri, 6 Jun 2014 19:09:24 +0000 (15:09 -0400)]
Print more info about the steps being performed

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoClean up only after package removal, not during upgrades.
Jan Pazdziora [Fri, 6 Jun 2014 14:18:08 +0000 (16:18 +0200)]
Clean up only after package removal, not during upgrades.

Signed-off-by: Jan Pazdziora <jpazdziora@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
5 years agoMake sure semanage and restorecon are installed when we want to use them.
Jan Pazdziora [Fri, 6 Jun 2014 14:07:11 +0000 (16:07 +0200)]
Make sure semanage and restorecon are installed when we want to use them.

Addressing
Installing : ipsilon-0.2.4-3.fc20.x86_64                                  1/1
/var/tmp/rpm-tmp.pDkQSL: line 1: semanage: command not found

Signed-off-by: Jan Pazdziora <jpazdziora@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
5 years agoIf there are some errors while semanaging, we want to see them.
Jan Pazdziora [Fri, 6 Jun 2014 14:02:21 +0000 (16:02 +0200)]
If there are some errors while semanaging, we want to see them.

Signed-off-by: Jan Pazdziora <jpazdziora@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
5 years agoBump up release to 0.2.5 v0.2.5
Simo Sorce [Wed, 4 Jun 2014 14:27:33 +0000 (10:27 -0400)]
Bump up release to 0.2.5

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd first test, checks client/server installs work
Simo Sorce [Sun, 1 Jun 2014 19:47:44 +0000 (15:47 -0400)]
Add first test, checks client/server installs work

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd support for socket wrappers if available
Simo Sorce [Mon, 2 Jun 2014 18:05:57 +0000 (14:05 -0400)]
Add support for socket wrappers if available

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd basic testing infrastructure
Simo Sorce [Wed, 28 May 2014 22:29:39 +0000 (18:29 -0400)]
Add basic testing infrastructure

make test will now run some sanity tests to make sure basic installation
procedures work in a sinthetic test environment.

Adds:
- custom httpd setup for tests
- use profiles to driver ipsilon servers and clients installation
- starts multiple httpd servers

This way we can test interaction between IDP and SP servers

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd test login module
Simo Sorce [Thu, 29 May 2014 01:36:12 +0000 (21:36 -0400)]
Add test login module

This is useful to do automated testing.
It accepts authentication as long as the password is 'ipsilon'.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdditional parametrization of template files
Simo Sorce [Thu, 29 May 2014 02:34:33 +0000 (22:34 -0400)]
Additional parametrization of template files

To allow for testing in a custom rootdir, and with a custom user.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoDo not make directory unwritable
Simo Sorce [Wed, 28 May 2014 22:28:14 +0000 (18:28 -0400)]
Do not make directory unwritable

This does not stop the user, but makes it hard to deal wit the directory
in testing.
Let file fixing use the default 700 permissions.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd support for passing configuration profile
Simo Sorce [Tue, 27 May 2014 22:02:29 +0000 (18:02 -0400)]
Add support for passing configuration profile

The new option --config-profile accepts a INI style file, so that
installation options are passed in via a file. this is useful for
testing and automated installs.

This file can have 2 sections: globals, arguments.

The globals section can change global variable in the install script
like: TEMPLATES, CONFDIR, DATADIR, HTTPDCONFD and so on, so that an
installation can use non-standad directories.

The argumets section accepts any argument option.
The config profile file is parsed after all arguments have parsed and
can override any plugin argument.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAllow turning off security at install time
Simo Sorce [Fri, 30 May 2014 14:09:18 +0000 (10:09 -0400)]
Allow turning off security at install time

This should be used only for testing purposes

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd optional field to allow pasting the metadata
Simo Sorce [Thu, 29 May 2014 13:38:18 +0000 (09:38 -0400)]
Add optional field to allow pasting the metadata

This way a user can avoid copying the metadata file arund but paste
the content straight from a terminal window.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd tooltips to SAML forms
Simo Sorce [Tue, 27 May 2014 21:01:38 +0000 (17:01 -0400)]
Add tooltips to SAML forms

This should make clearer what is expected in each field.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoShow the Save button only if it useful
Simo Sorce [Tue, 27 May 2014 20:13:28 +0000 (16:13 -0400)]
Show the Save button only if it useful

If the user cannot perform any action there is no reason to show the
save button.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoIf krb is explicitly 'no' do not check for ipa
Simo Sorce [Tue, 27 May 2014 19:28:30 +0000 (15:28 -0400)]
If krb is explicitly 'no' do not check for ipa

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoFix location name
Simo Sorce [Thu, 29 May 2014 02:48:57 +0000 (22:48 -0400)]
Fix location name

Must be the same name wher ethe instance is mounted!

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoFix typo
Simo Sorce [Tue, 27 May 2014 21:31:16 +0000 (17:31 -0400)]
Fix typo

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoAdd sdist and rpms targets to Makefile
Simo Sorce [Tue, 20 May 2014 19:42:24 +0000 (15:42 -0400)]
Add sdist and rpms targets to Makefile

make rpms will now create fedora rpms in dist/[s]rpms

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoFix sample spec file to use a versioned doc dir
Simo Sorce [Tue, 20 May 2014 13:45:08 +0000 (09:45 -0400)]
Fix sample spec file to use a versioned doc dir

This makes the same spec file work on latest Fedora and RHEL7 too.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoFix handling of SP renames
Simo Sorce [Tue, 20 May 2014 18:18:21 +0000 (14:18 -0400)]
Fix handling of SP renames

Properly replace page self.url

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoFix referer checks with escaped URLs
Simo Sorce [Tue, 20 May 2014 19:20:43 +0000 (15:20 -0400)]
Fix referer checks with escaped URLs

When a SP name included spaces the referer checker would fail to match
the url. It would try to return a 403 error, unfortunately this would
also trip as a return instead of an exception was used, ending up with
a 500 error being returned to the user.

Fix url checks by unquoting before comparing.
Fix error reporting by rasing an exception when needed instead of
returning.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoFix E501 line too long errors
Simo Sorce [Tue, 20 May 2014 19:29:45 +0000 (15:29 -0400)]
Fix E501 line too long errors

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoFix E256 with stricter pep8 error checker
Simo Sorce [Tue, 20 May 2014 19:28:27 +0000 (15:28 -0400)]
Fix E256 with stricter pep8 error checker

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoFix E713 with stricter pep8 error checker
Simo Sorce [Tue, 20 May 2014 19:25:29 +0000 (15:25 -0400)]
Fix E713 with stricter pep8 error checker

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoBump up release to 0.2.4 v0.2.4
Simo Sorce [Tue, 20 May 2014 12:05:09 +0000 (14:05 +0200)]
Bump up release to 0.2.4

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoDistribute README file too
Simo Sorce [Tue, 20 May 2014 12:07:19 +0000 (14:07 +0200)]
Distribute README file too

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoFix typo in selinux boolean name
Simo Sorce [Tue, 20 May 2014 12:03:09 +0000 (14:03 +0200)]
Fix typo in selinux boolean name

This was causing pam auth to fail, as the boolean was not being turned on.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoFix generation fo server's metadata file
Simo Sorce [Mon, 19 May 2014 19:15:56 +0000 (21:15 +0200)]
Fix generation fo server's metadata file

At some point a '/' got lost, causing the generation of wrong endpoints.
Clients would then be redirected to an unexisting path and get a 404.

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoBump up release to 0.2.3 v0.2.3
Simo Sorce [Wed, 7 May 2014 16:23:28 +0000 (12:23 -0400)]
Bump up release to 0.2.3

Signed-off-by: Simo Sorce <simo@redhat.com>
5 years agoFix broken login plugins order config handling
Nathan Kinder [Sat, 10 May 2014 00:38:32 +0000 (17:38 -0700)]
Fix broken login plugins order config handling

The administrative page for configuring login plugins order had
a number of problems.  The html template expects a list of plugin
names to be supplied,  but a list of the actual plugin objects
was being supplied.  This caused a 500 error since join() would
throw an exception when it encounters something other than a string.

Even after fixing the 500 error, actually modifying the plugin
order would not work due to further issues with plugin objects
being used when strings representing the plugin names are expected
(and vice-versa).

This patch ensures that strings representing plugin names are
supplied to the html template, and that plugin objects are used
when re-ordering the live plugin list.

Resolves: https://fedorahosted.org/ipsilon/ticket/2

Signed-off-by: Nathan Kinder <nkinder@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
5 years agoWSGI settings incorrectly makes instance global
Nathan Kinder [Fri, 9 May 2014 23:16:11 +0000 (16:16 -0700)]
WSGI settings incorrectly makes instance global

The WSGIProcessGroup directive should only apply to the /idp URI.
Without wrapping this directive in the Location element, multiple
Ipsilon instances or an Ipsilon instance installed on a FreeIPA
server will conflict and encounter problems running in the same
httpd process. All wsgi processes will end up redirected to the
last process grup defined in the configuration in this case and
all other instances of wsgi applications will be unreachable.

Resolves: https://fedorahosted.org/ipsilon/ticket/1

Signed-off-by: Nathan Kinder <nkinder@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>