From 2fb8bff093e49d95ab25eb8343ebbb1091f6e7a6 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 24 Jan 2014 14:26:15 -0500 Subject: [PATCH 1/1] Implement login plugin infrastructure Signed-off-by: Simo Sorce --- ipsilon/idpserver.py | 10 ++-- ipsilon/login/__init__.py | 0 ipsilon/login/common.py | 114 +++++++++++++++++++++++++++++++++++++ ipsilon/root.py | 15 +++++ ipsilon/util/page.py | 26 ++++----- ipsilon/util/user.py | 39 +++++++++++++ setup.py | 2 +- templates/index.html | 9 ++- templates/login/index.html | 24 ++++++++ templates/logout.html | 24 ++++++++ 10 files changed, 239 insertions(+), 24 deletions(-) create mode 100644 ipsilon/login/__init__.py create mode 100755 ipsilon/login/common.py create mode 100644 templates/login/index.html create mode 100644 templates/logout.html diff --git a/ipsilon/idpserver.py b/ipsilon/idpserver.py index 41a2cf4..f9fb527 100755 --- a/ipsilon/idpserver.py +++ b/ipsilon/idpserver.py @@ -35,16 +35,16 @@ admin_config = datastore.get_admin_config() for option in admin_config: cherrypy.config[option] = admin_config[option] -templates = os.path.join(cherrypy.config['base.dir'], 'templates') -env = Environment(loader=FileSystemLoader(templates)) - cherrypy.tools.protect = cherrypy.Tool('before_handler', page.protect) +templates = os.path.join(cherrypy.config['base.dir'], 'templates') +template_env = Environment(loader=FileSystemLoader(templates)) + if __name__ == "__main__": conf = {'/': {'tools.staticdir.root': os.getcwd()}, '/ui': {'tools.staticdir.on': True, 'tools.staticdir.dir': 'ui'}} - cherrypy.quickstart(Root(env), '/', conf) + cherrypy.quickstart(Root('default', template_env), '/', conf) else: cherrypy.config['environment'] = 'embedded' @@ -53,5 +53,5 @@ else: cherrypy.engine.start(blocking=False) atexit.register(cherrypy.engine.stop) - application = cherrypy.Application(Root(env), + application = cherrypy.Application(Root('default', template_env), script_name=None, config=None) diff --git a/ipsilon/login/__init__.py b/ipsilon/login/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/ipsilon/login/common.py b/ipsilon/login/common.py new file mode 100755 index 0000000..416ff31 --- /dev/null +++ b/ipsilon/login/common.py @@ -0,0 +1,114 @@ +#!/usr/bin/python +# +# Copyright (C) 2013 Simo Sorce +# +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +from ipsilon.util.page import Page +from ipsilon.util.user import UserSession +from ipsilon.util.plugin import PluginLoader, PluginObject +import cherrypy + + +class LoginManagerBase(PluginObject): + + def __init__(self): + super(LoginManagerBase, self).__init__() + self.path = '/' + self.next_login = None + + def redirect_to_path(self, path): + base = cherrypy.config.get('base.mount', "") + raise cherrypy.HTTPRedirect('%s/login/%s' % (base, path)) + + def auth_successful(self, username): + # save ref before calling UserSession login() as it + # may regenerate the session + ref = '/idp' + if 'referral' in cherrypy.session: + ref = cherrypy.session['referral'] + + UserSession().login(username) + raise cherrypy.HTTPRedirect(ref) + + def auth_failed(self): + # Just make sure we destroy the session + UserSession().logout(None) + + if self.next_login: + return self.redirect_to_path(self.next_login.path) + + # FIXME: show an error page instead + raise cherrypy.HTTPError(401) + + +class LoginPageBase(Page): + + def __init__(self, site, mgr): + super(LoginPageBase, self).__init__(site) + self.lm = mgr + + def root(self, *args, **kwargs): + raise cherrypy.HTTPError(500) + + +FACILITY = 'login_config' + + +class Login(Page): + + def __init__(self, *args, **kwargs): + super(Login, self).__init__(*args, **kwargs) + self.first_login = None + + loader = PluginLoader(Login, FACILITY, 'LoginManager') + self._site[FACILITY] = loader.get_plugin_data() + plugins = self._site[FACILITY] + + prev_obj = None + for item in plugins['available']: + self._log('Login plugin available: %s' % item) + if item not in plugins['whitelist']: + continue + self._log('Login plugin enabled: %s' % item) + plugins['enabled'].append(item) + obj = plugins['available'][item] + if prev_obj: + prev_obj.next_login = obj + else: + self.first_login = obj + prev_obj = obj + if item in plugins['config']: + obj.set_config(plugins['config'][item]) + self.__dict__[item] = obj.get_tree(self._site) + + def _log(self, fact): + if cherrypy.config.get('debug', False): + cherrypy.log(fact) + + def root(self, *args, **kwargs): + if self.first_login: + raise cherrypy.HTTPRedirect('%s/login/%s' % + (self.basepath, + self.first_login.path)) + return self._template('login/index.html', title='Login') + + +class Logout(Page): + + def root(self, *args, **kwargs): + UserSession().logout(self.user) + return self._template('logout.html', title='Logout') diff --git a/ipsilon/root.py b/ipsilon/root.py index e445dc5..30f6b43 100755 --- a/ipsilon/root.py +++ b/ipsilon/root.py @@ -18,9 +18,24 @@ # along with this program. If not, see . from ipsilon.util.page import Page +from ipsilon.login.common import Login +from ipsilon.login.common import Logout + +sites = dict() class Root(Page): + def __init__(self, site, template_env): + if not site in sites: + sites[site] = dict() + if template_env: + sites[site]['template_env'] = template_env + super(Root, self).__init__(sites[site]) + + # now set up the default login plugins + self.login = Login(self._site) + self.logout = Logout(self._site) + def root(self): return self._template('index.html', title='Root') diff --git a/ipsilon/util/page.py b/ipsilon/util/page.py index 18b5be2..0da0e37 100755 --- a/ipsilon/util/page.py +++ b/ipsilon/util/page.py @@ -17,45 +17,39 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -from ipsilon.util.user import User +from ipsilon.util.user import UserSession import cherrypy def protect(): - if cherrypy.request.login: - user = cherrypy.session.get('user', None) - if user == cherrypy.request.login: - return - else: - cherrypy.session.regenerate() - cherrypy.session['user'] = cherrypy.request.login + UserSession().remote_login() class Page(object): - def __init__(self, template_env): - self._env = template_env + def __init__(self, site): + if not 'template_env' in site: + raise ValueError('Missing template environment') + self._site = site self.basepath = cherrypy.config.get('base.mount', "") - self.username = None self.user = None def __call__(self, *args, **kwargs): # pylint: disable=star-args - self.username = cherrypy.session.get('user', None) - self.user = User(self.username) + self.user = UserSession().get_user() if len(args) > 0: op = getattr(self, args[0], None) if callable(op) and getattr(self, args[0]+'.exposed', None): - return op(args[1:], **kwargs) + return op(*args[1:], **kwargs) else: op = getattr(self, 'root', None) if callable(op): - return op(**kwargs) + return op(*args, **kwargs) return self.default(*args, **kwargs) def _template(self, *args, **kwargs): - t = self._env.get_template(args[0]) + t = self._site['template_env'].get_template(args[0]) return t.render(basepath=self.basepath, user=self.user, **kwargs) def default(self, *args, **kwargs): diff --git a/ipsilon/util/user.py b/ipsilon/util/user.py index ccca9fb..4f7df91 100755 --- a/ipsilon/util/user.py +++ b/ipsilon/util/user.py @@ -18,6 +18,7 @@ # along with this program. If not, see . from ipsilon.util.data import Store +import cherrypy class Site(object): @@ -40,6 +41,10 @@ class User(object): store = Store() return store.get_user_preferences(username) + def reset(self): + self.name = None + self._userdata = dict() + @property def is_admin(self): if 'is_admin' in self._userdata: @@ -78,3 +83,37 @@ class User(object): def sites(self): #TODO: implement setting sites via the user object ? raise AttributeError + + +class UserSession(object): + def __init__(self): + self.user = cherrypy.session.get('user', None) + + def get_user(self): + return User(self.user) + + def remote_login(self): + if cherrypy.request.login: + return self.login(cherrypy.request.login) + + def login(self, username): + if self.user == username: + return + + # REMOTE_USER changed, destroy old session and regenerate new + cherrypy.session.regenerate() + cherrypy.session['user'] = username + cherrypy.session.save() + + cherrypy.log('LOGIN SUCCESSFUL: %s', username) + + def logout(self, user): + if user is not None: + if not type(user) is User: + raise TypeError + # Completely reset user data + cherrypy.log.error('%s %s' % (user.name, user.fullname)) + user.reset() + + # Destroy current session in all cases + cherrypy.lib.sessions.expire() diff --git a/setup.py b/setup.py index 3fa7549..30a6239 100755 --- a/setup.py +++ b/setup.py @@ -23,7 +23,7 @@ setup( name = 'ipsilon', version = '0.1', license = 'GPLv3+', - packages = ['ipsilon', 'ipsilon.util'], + packages = ['ipsilon', 'ipsilon.login', 'ipsilon.util'], data_files = [('share/man/man7', ["man/ipsilon.7"]), ('doc', ['COPYING']), ('examples', ['examples/ipsilon.conf'])] diff --git a/templates/index.html b/templates/index.html index 157c938..c983af2 100644 --- a/templates/index.html +++ b/templates/index.html @@ -9,7 +9,7 @@
{% if user.is_admin %} @@ -23,7 +23,7 @@
{% if not user.name %} -

Please Log In +

Please Log In {% elif user.sites %}

Registered application shortcuts:

{% for site in user.sites %} @@ -31,6 +31,11 @@ {% endfor %} {% endif %}
+
+ {% if user.name %} +

Log Out

+ {% endif %} +
diff --git a/templates/login/index.html b/templates/login/index.html new file mode 100644 index 0000000..6b2e2cd --- /dev/null +++ b/templates/login/index.html @@ -0,0 +1,24 @@ + + + + + {{ title }} + + + + +
+ +
+ {% if user.is_admin %} + admin + {% endif %} +
+
+

Redirecting ... {{ redirect }}

+
+
+ + diff --git a/templates/logout.html b/templates/logout.html new file mode 100644 index 0000000..f6f61ac --- /dev/null +++ b/templates/logout.html @@ -0,0 +1,24 @@ + + + + + {{ title }} + + + + +
+ +
+ {% if user.name %} +

Something prevented a successful logout

+

You are still logged in as {{ user.fullname }}

+ {% else %} +

Successfully logged out.

+

Return to Home page

+ {% endif %} +
+ + -- 2.20.1