diff options
Diffstat (limited to 'ipsilon/providers')
-rwxr-xr-x | ipsilon/providers/common.py | 80 | ||||
-rwxr-xr-x | ipsilon/providers/openid/extensions/ax.py | 2 | ||||
-rwxr-xr-x | ipsilon/providers/openid/extensions/cla.py | 2 | ||||
-rwxr-xr-x | ipsilon/providers/openid/extensions/common.py | 16 | ||||
-rwxr-xr-x | ipsilon/providers/openid/extensions/fas_teams.py | 2 | ||||
-rwxr-xr-x | ipsilon/providers/openid/extensions/sreg.py | 2 | ||||
-rwxr-xr-x | ipsilon/providers/openid/extensions/teams.py | 2 | ||||
-rwxr-xr-x | ipsilon/providers/openidp.py | 31 | ||||
-rwxr-xr-x | ipsilon/providers/saml2idp.py | 29 |
9 files changed, 64 insertions, 102 deletions
diff --git a/ipsilon/providers/common.py b/ipsilon/providers/common.py index ead50e2..03118ae 100755 --- a/ipsilon/providers/common.py +++ b/ipsilon/providers/common.py @@ -51,68 +51,29 @@ class InvalidRequest(ProviderException): class ProviderBase(PluginConfig, PluginObject): - def __init__(self, name, path): + def __init__(self, name, path, *pargs): PluginConfig.__init__(self) - PluginObject.__init__(self) + PluginObject.__init__(self, *pargs) self.name = name + self._root = None self.path = path self.tree = None - self.is_enabled = False - - def on_enable(self): - # this one does nothing - # derived classes can override with custom behavior - return def get_tree(self, site): raise NotImplementedError - def register(self, site): - if self.tree: - # already registered - return - - # configure self - plugins = site[FACILITY] - if self.name in plugins['config']: - self.import_config(plugins['config'][self.name]) + def register(self, root, site): + self._root = root # init pages and admin interfaces self.tree = self.get_tree(site) - self._debug('IdP Provider registered: %s' % self.name) - if self.get_config_value('enabled') is True: - # and enable self - self._enable(site) - - def _enable(self, site): - root = site[FACILITY]['root'] - root.add_subtree(self.name, self.tree) - self._debug('IdP Provider enabled: %s' % self.name) - self.is_enabled = True - self.on_enable() - - def enable(self, site): - if self.is_enabled: - return - - self._enable(site) - self.set_config_value('enabled', True) - self.save_plugin_config(FACILITY) - - def disable(self, site): - if not self.is_enabled: - return - - # remove self to the root - root = site[FACILITY]['root'] - root.del_subtree(self.name) + def on_enable(self): + self._root.add_subtree(self.name, self.tree) - self.is_enabled = False - self.set_config_value('enabled', False) - self.save_plugin_config(FACILITY) - self._debug('IdP Provider disabled: %s' % self.name) + def on_disable(self): + self._root.del_subtree(self.name) class ProviderPageBase(Page): @@ -155,21 +116,26 @@ FACILITY = 'provider_config' class LoadProviders(Log): def __init__(self, root, site): - loader = PluginLoader(LoadProviders, FACILITY, 'IdpProvider') - site[FACILITY] = loader.get_plugin_data() - providers = site[FACILITY] + plugins = PluginLoader(LoadProviders, FACILITY, 'IdpProvider') + plugins.get_plugin_data() + site[FACILITY] = plugins - available = providers['available'].keys() + available = plugins.available.keys() self._debug('Available providers: %s' % str(available)) - providers['root'] = root - for item in providers['available']: - plugin = providers['available'][item] - plugin.register(site) + for item in plugins.available: + plugin = plugins.available[item] + plugin.register(root, site) + + for item in plugins.enabled: + self._debug('Provider plugin in enabled list: %s' % item) + if item not in plugins.available: + continue + plugins.available[item].enable() class ProvidersInstall(object): def __init__(self): - pi = PluginInstaller(ProvidersInstall) + pi = PluginInstaller(ProvidersInstall, FACILITY) self.plugins = pi.get_plugins() diff --git a/ipsilon/providers/openid/extensions/ax.py b/ipsilon/providers/openid/extensions/ax.py index 7daa52a..d00a4fc 100755 --- a/ipsilon/providers/openid/extensions/ax.py +++ b/ipsilon/providers/openid/extensions/ax.py @@ -28,7 +28,7 @@ AP_MAP = { class OpenidExtension(OpenidExtensionBase): - def __init__(self): + def __init__(self, *pargs): super(OpenidExtension, self).__init__('Attribute Exchange') self.type_uris = [ ax.AXMessage.ns_uri, diff --git a/ipsilon/providers/openid/extensions/cla.py b/ipsilon/providers/openid/extensions/cla.py index cc4d11d..481f341 100755 --- a/ipsilon/providers/openid/extensions/cla.py +++ b/ipsilon/providers/openid/extensions/cla.py @@ -10,7 +10,7 @@ from openid_cla import cla class OpenidExtension(OpenidExtensionBase): - def __init__(self): + def __init__(self, *pargs): super(OpenidExtension, self).__init__('CLAs') self.type_uris = [ cla.cla_uri, diff --git a/ipsilon/providers/openid/extensions/common.py b/ipsilon/providers/openid/extensions/common.py index 804f695..02cd1a0 100755 --- a/ipsilon/providers/openid/extensions/common.py +++ b/ipsilon/providers/openid/extensions/common.py @@ -50,22 +50,20 @@ FACILITY = 'openid_extensions' class LoadExtensions(Log): def __init__(self): - loader = PluginLoader(LoadExtensions, FACILITY, 'OpenidExtension') - self.plugins = loader.get_plugin_data() + self.plugins = PluginLoader(LoadExtensions, + FACILITY, 'OpenidExtension') + self.plugins.get_plugin_data() - available = self.plugins['available'].keys() + available = self.plugins.available.keys() self._debug('Available Extensions: %s' % str(available)) def enable(self, enabled): for item in enabled: - if item not in self.plugins['available']: + if item not in self.plugins.available: self.debug('<%s> not available' % item) continue self.debug('Enable OpenId extension: %s' % item) - self.plugins['available'][item].enable() + self.plugins.available[item].enable() def available(self): - available = self.plugins['available'] - if available is None: - available = dict() - return available + return self.plugins.available diff --git a/ipsilon/providers/openid/extensions/fas_teams.py b/ipsilon/providers/openid/extensions/fas_teams.py index fd9dd27..4de2e83 100755 --- a/ipsilon/providers/openid/extensions/fas_teams.py +++ b/ipsilon/providers/openid/extensions/fas_teams.py @@ -10,7 +10,7 @@ from openid_teams import teams class OpenidExtension(Teams): - def __init__(self): + def __init__(self, *pargs): super(OpenidExtension, self).__init__('Fedora Teams') def _resp(self, request, userdata): diff --git a/ipsilon/providers/openid/extensions/sreg.py b/ipsilon/providers/openid/extensions/sreg.py index a2b4db7..e1144fc 100755 --- a/ipsilon/providers/openid/extensions/sreg.py +++ b/ipsilon/providers/openid/extensions/sreg.py @@ -10,7 +10,7 @@ from openid.extensions import sreg class OpenidExtension(OpenidExtensionBase): - def __init__(self): + def __init__(self, *pargs): super(OpenidExtension, self).__init__('Simple Registration') self.type_uris = [ sreg.ns_uri_1_1, diff --git a/ipsilon/providers/openid/extensions/teams.py b/ipsilon/providers/openid/extensions/teams.py index 50c09af..258a437 100755 --- a/ipsilon/providers/openid/extensions/teams.py +++ b/ipsilon/providers/openid/extensions/teams.py @@ -34,5 +34,5 @@ class Teams(OpenidExtensionBase): class OpenidExtension(Teams): - def __init__(self): + def __init__(self, *pargs): super(OpenidExtension, self).__init__('Teams') diff --git a/ipsilon/providers/openidp.py b/ipsilon/providers/openidp.py index 197b1cf..335b41b 100755 --- a/ipsilon/providers/openidp.py +++ b/ipsilon/providers/openidp.py @@ -5,7 +5,6 @@ from __future__ import absolute_import from ipsilon.providers.common import ProviderBase -from ipsilon.providers.common import FACILITY from ipsilon.providers.openid.auth import OpenID from ipsilon.providers.openid.extensions.common import LoadExtensions from ipsilon.util.plugin import PluginObject @@ -19,8 +18,8 @@ from openid.store.memstore import MemoryStore class IdpProvider(ProviderBase): - def __init__(self): - super(IdpProvider, self).__init__('openid', 'openid') + def __init__(self, *pargs): + super(IdpProvider, self).__init__('openid', 'openid', *pargs) self.mapping = InfoMapping() self.page = None self.server = None @@ -55,10 +54,6 @@ Provides OpenID 2.0 authentication infrastructure. """ 'enabled extensions', 'Choose the extensions to enable', self.extensions.available().keys()), - pconfig.Condition( - 'enabled', - 'Whether the OpenID IDP is enabled', - False) ) @property @@ -99,10 +94,10 @@ Provides OpenID 2.0 authentication infrastructure. """ # self.admin = AdminPage(site, self) # Expose OpenID presence in the root - headers = site[FACILITY]['root'].default_headers + headers = self._root.default_headers headers['X-XRDS-Location'] = self.endpoint_url+'XRDS' - html_heads = site[FACILITY]['root'].html_heads + html_heads = self._root.html_heads HEAD_LINK = '<link rel="%s" href="%s">' openid_heads = [HEAD_LINK % ('openid2.provider', self.endpoint_url), HEAD_LINK % ('openid.server', self.endpoint_url)] @@ -114,15 +109,17 @@ Provides OpenID 2.0 authentication infrastructure. """ self.server = Server(MemoryStore(), op_endpoint=self.endpoint_url) def on_enable(self): + super(IdpProvider, self).on_enable() self.init_idp() self.extensions.enable(self._config['enabled extensions'].get_value()) class Installer(object): - def __init__(self): + def __init__(self, *pargs): self.name = 'openid' self.ptype = 'provider' + self.pargs = pargs def install_args(self, group): group.add_argument('--openid', choices=['yes', 'no'], default='yes', @@ -139,12 +136,14 @@ class Installer(object): proto, opts['hostname'], opts['instance']) # Add configuration data to database - po = PluginObject() + po = PluginObject(*self.pargs) po.name = 'openid' po.wipe_data() - - po.wipe_config_values(FACILITY) + po.wipe_config_values() config = {'endpoint url': url, - 'identity_url_template': '%sid/%%(username)s' % url, - 'enabled': '1'} - po.save_plugin_config(FACILITY, config) + 'identity_url_template': '%sid/%%(username)s' % url} + po.save_plugin_config(config) + + # Update global config to add login plugin + po.is_enabled = True + po.save_enabled_state() diff --git a/ipsilon/providers/saml2idp.py b/ipsilon/providers/saml2idp.py index 8896e16..b0f4304 100755 --- a/ipsilon/providers/saml2idp.py +++ b/ipsilon/providers/saml2idp.py @@ -18,7 +18,6 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. from ipsilon.providers.common import ProviderBase, ProviderPageBase -from ipsilon.providers.common import FACILITY from ipsilon.providers.saml2.auth import AuthenticateRequest from ipsilon.providers.saml2.admin import Saml2AdminPage from ipsilon.providers.saml2.provider import IdentityProvider @@ -119,8 +118,8 @@ class SAML2(ProviderPageBase): class IdpProvider(ProviderBase): - def __init__(self): - super(IdpProvider, self).__init__('saml2', 'saml2') + def __init__(self, *pargs): + super(IdpProvider, self).__init__('saml2', 'saml2', *pargs) self.admin = None self.page = None self.idp = None @@ -163,10 +162,6 @@ Provides SAML 2.0 authentication infrastructure. """ 'default email domain', 'Used for users missing the email property.', 'example.com'), - pconfig.Condition( - 'enabled', - 'Whether the SAML IDP is enabled', - False) ) if cherrypy.config.get('debug', False): import logging @@ -242,7 +237,8 @@ Provides SAML 2.0 authentication infrastructure. """ return idp def on_enable(self): - self.init_idp() + super(IdpProvider, self).on_enable() + self.idp = self.init_idp() if hasattr(self, 'admin'): if self.admin: self.admin.add_sps() @@ -250,9 +246,10 @@ Provides SAML 2.0 authentication infrastructure. """ class Installer(object): - def __init__(self): + def __init__(self, *pargs): self.name = 'saml2' self.ptype = 'provider' + self.pargs = pargs def install_args(self, group): group.add_argument('--saml2', choices=['yes', 'no'], default='yes', @@ -297,17 +294,19 @@ class Installer(object): meta.output(os.path.join(path, 'metadata.xml')) # Add configuration data to database - po = PluginObject() + po = PluginObject(*self.pargs) po.name = 'saml2' po.wipe_data() - - po.wipe_config_values(FACILITY) + po.wipe_config_values() config = {'idp storage path': path, 'idp metadata file': 'metadata.xml', 'idp certificate file': cert.cert, - 'idp key file': cert.key, - 'enabled': '1'} - po.save_plugin_config(FACILITY, config) + 'idp key file': cert.key} + po.save_plugin_config(config) + + # Update global config to add login plugin + po.is_enabled = True + po.save_enabled_state() # Fixup permissions so only the ipsilon user can read these files files.fix_user_dirs(path, opts['system_user']) |