summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimo Sorce <simo@redhat.com>2013-12-19 23:32:47 -0500
committerSimo Sorce <simo@redhat.com>2014-01-23 18:52:51 -0500
commitcd5fc1d17b16ac41c589130ccb0436d74d06a847 (patch)
treeb1caa494ae933d8b5c2aa9fa7f221d31485a294b
parentee0d1ce71d1f4883aecc426595ac86322a91260e (diff)
downloadipsilon-cd5fc1d17b16ac41c589130ccb0436d74d06a847.tar.gz
ipsilon-cd5fc1d17b16ac41c589130ccb0436d74d06a847.tar.xz
ipsilon-cd5fc1d17b16ac41c589130ccb0436d74d06a847.zip
Add infrastructure to handle login manager plugins
Signed-off-by: Simo Sorce <simo@redhat.com>
-rw-r--r--examples/ipsilon.conf2
-rwxr-xr-xsrc/ipsilon.py17
-rw-r--r--src/login/__init__.py0
-rwxr-xr-xsrc/login/common.py153
-rwxr-xr-xsrc/root.py14
-rwxr-xr-xsrc/util/data.py55
-rwxr-xr-xsrc/util/page.py24
-rwxr-xr-xsrc/util/plugin.py33
-rwxr-xr-xsrc/util/user.py38
-rw-r--r--templates/index.html9
-rw-r--r--templates/login/index.html24
-rw-r--r--templates/logout.html24
12 files changed, 344 insertions, 49 deletions
diff --git a/examples/ipsilon.conf b/examples/ipsilon.conf
index fa75839..0f8e445 100644
--- a/examples/ipsilon.conf
+++ b/examples/ipsilon.conf
@@ -1,4 +1,6 @@
[global]
+debug = True
+
log.screen = True
base.mount = "/idp"
base.dir = "../"
diff --git a/src/ipsilon.py b/src/ipsilon.py
index 7a782d6..3f3043b 100755
--- a/src/ipsilon.py
+++ b/src/ipsilon.py
@@ -24,7 +24,7 @@ import os
import atexit
import threading
import cherrypy
-from util import plugin
+from login import common
from util import data
from util import page
from jinja2 import Environment, FileSystemLoader
@@ -32,27 +32,22 @@ import root
cherrypy.config.update('ipsilon.conf')
-plugins = plugin.Plugins(path=cherrypy.config['base.dir'])
-idp_providers = plugins.get_providers()
-if idp_providers:
- cherrypy.config['idp_providers'] = idp_providers
-
datastore = data.Store()
admin_config = datastore.get_admin_config()
for option in admin_config:
cherrypy.config[option] = admin_config[option]
-templates = os.path.join(cherrypy.config['base.dir'], 'templates')
-env = Environment(loader=FileSystemLoader(templates))
-
cherrypy.tools.protect = cherrypy.Tool('before_handler', page.protect)
+templates = os.path.join(cherrypy.config['base.dir'], 'templates')
+template_env = Environment(loader=FileSystemLoader(templates))
+
if __name__ == "__main__":
conf = { '/': {'tools.staticdir.root': os.getcwd()},
'/ui': { 'tools.staticdir.on': True,
'tools.staticdir.dir': 'ui' }
}
- cherrypy.quickstart(root.Root(env), '/', conf)
+ cherrypy.quickstart(root.Root('default', template_env), '/', conf)
else:
cherrypy.config['environment'] = 'embedded'
@@ -61,5 +56,5 @@ else:
cherrypy.engine.start(blocking=False)
atexit.register(cherrypy.engine.stop)
- application = cherrypy.Application(root.Root(env),
+ application = cherrypy.Application(root.Root('default', template_env),
script_name=None, config=None)
diff --git a/src/login/__init__.py b/src/login/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/src/login/__init__.py
diff --git a/src/login/common.py b/src/login/common.py
new file mode 100755
index 0000000..bd39c22
--- /dev/null
+++ b/src/login/common.py
@@ -0,0 +1,153 @@
+#!/usr/bin/python
+#
+# Copyright (C) 2013 Simo Sorce <simo@redhat.com>
+#
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+from util import data
+from util import page
+from util import user
+from util import plugin
+import cherrypy
+import inspect
+import os
+
+class LoginManagerBase(object):
+
+ def __init__(self):
+ self.name = None
+ self.path = '/'
+ self._config = None
+ self._options = None
+ self.next_login = None
+
+ def get_config_desc(self):
+ """ The configuration description is a dictionary that provides
+ A description of the supported configuration options, as well
+ as the default configuration option values.
+ The key is the option name, the value is an array of 3 elements:
+ - description
+ - option type
+ - default value
+ """
+ return self._options
+
+ def set_config(self, config):
+ self._config = config
+
+ def get_config_value(self, name):
+ value = None
+ if self._config:
+ value = self._config.get(name, None)
+ if not value:
+ if self._options:
+ opt = self._options.get(name, None)
+ if opt:
+ value = opt[2]
+
+ if cherrypy.config.get('debug', False):
+ cherrypy.log('[%s] %s: %s' % (self.name, name, value))
+
+ return value
+
+ def redirect_to_path(self, path):
+ base = cherrypy.config.get('base.mount', "")
+ raise cherrypy.HTTPRedirect('%s/login/%s' % (base, path))
+
+ def auth_successful(self, username):
+ # save ref before calling UserSession login() as it
+ # may regenerate the session
+ ref = '/idp'
+ if 'referral' in cherrypy.session:
+ ref = cherrypy.session['referral']
+
+ user.UserSession().login(username)
+ raise cherrypy.HTTPRedirect(ref)
+
+ def auth_failed(self):
+ # Just make sure we destroy the session
+ user.UserSession().logout(None)
+
+ if self.next_login:
+ return self.redirect_to_path(self.next_login.path)
+
+ # FIXME: show an error page instead
+ raise cherrypy.HTTPError(401)
+
+
+class LoginPageBase(page.Page):
+
+ def __init__(self, site, mgr):
+ super(LoginPageBase, self).__init__(site)
+ self.lm = mgr
+
+ def root(self, *args, **kwargs):
+ raise cherrypy.HTTPError(500)
+
+
+class Login(page.Page):
+
+ def __init__(self, *args, **kwargs):
+ super(Login, self).__init__(*args, **kwargs)
+ (whitelist, config) = data.Store().get_login_config()
+ if whitelist is not None:
+ self.plugin_whitelist = whitelist
+ else:
+ self.plugin_whitelist = []
+
+ self._site['login_plugins'] = dict()
+ login_plugins = self._site['login_plugins']
+ login_plugins['config'] = config
+
+ plugins = plugin.Plugins(path=cherrypy.config['base.dir'])
+ (login_path, login_file) = os.path.split(inspect.getfile(Login))
+ login_plugins['available'] = plugins.get_plugins(login_path, 'LoginManager')
+ login_plugins['enabled'] = []
+
+ prev_obj = None
+ for item in login_plugins['available']:
+ self._log('Login plugin available: %s' % item)
+ if item not in self.plugin_whitelist:
+ continue
+ self._log('Login plugin enabled: %s' % item)
+ login_plugins['enabled'].append(item)
+ obj = login_plugins['available'][item]
+ if prev_obj:
+ prev_obj.next_login = obj
+ else:
+ self.first_login = obj
+ prev_obj = obj
+ if item in config:
+ obj.set_config(config[item])
+ self.__dict__[item] = obj.get_tree(self._site)
+
+
+ def _log(self, fact):
+ if cherrypy.config.get('debug', False):
+ cherrypy.log(fact)
+
+ def root(self, *args, **kwargs):
+ if self.first_login:
+ raise cherrypy.HTTPRedirect('%s/login/%s' % (self.basepath,
+ self.first_login.path))
+ return self._template('login/index.html', title='Login')
+
+
+class Logout(page.Page):
+
+ def root(self, *args, **kwargs):
+ user.UserSession().logout(self.user)
+ return self._template('logout.html', title='Logout')
diff --git a/src/root.py b/src/root.py
index a352641..fb1a6ae 100755
--- a/src/root.py
+++ b/src/root.py
@@ -18,9 +18,23 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from util import page
+from login import common as lc
import cherrypy
+sites = dict()
+
class Root(page.Page):
+ def __init__(self, site, template_env):
+ if not site in sites:
+ sites[site] = dict()
+ if template_env:
+ sites[site]['template_env'] = template_env
+ super(Root, self).__init__(sites[site])
+
+ # now set up the default login plugins
+ self.login = lc.Login(self._site)
+ self.logout = lc.Logout(self._site)
+
def root(self):
return self._template('index.html', title='Root')
diff --git a/src/util/data.py b/src/util/data.py
index ec64588..c716ecf 100755
--- a/src/util/data.py
+++ b/src/util/data.py
@@ -110,3 +110,58 @@ class Store(object):
path = os.path.join(self._path, 'userprefs.sqlite')
return self._load_user_prefs(path, user)
+
+ def _load_login_config(self, dbname):
+ con = None
+ rows = []
+ try:
+ con = sqlite3.connect(dbname)
+ cur = con.cursor()
+ cur.executescript("""
+ CREATE TABLE IF NOT EXISTS login_config(name TEXT,
+ option TEXT,
+ value TEXT)
+ """)
+ cur.execute("SELECT * FROM login_config")
+ rows = cur.fetchall()
+ con.commit()
+ except sqlite3.Error, e:
+ if con:
+ con.rollback()
+ cherrypy.log.error("Failed to load config: [%s]" % e)
+ finally:
+ if con:
+ con.close()
+
+ lpo = []
+ plco = dict()
+ for row in rows:
+ if row[0] == 'global':
+ if row[1] == 'order':
+ lpo = row[2].split(',')
+ continue
+ if row[0] not in plco:
+ # one dict per provider
+ plco[row[0]] = dict()
+
+ conf = plco[row[0]]
+ if row[1] in conf:
+ if conf[row[1]] is list:
+ conf[row[1]].append(row[2])
+ else:
+ v = conf[row[1]]
+ conf[row[1]] = [v, row[2]]
+ else:
+ conf[row[1]] = row[2]
+
+ return (lpo, plco);
+
+ def get_login_config(self):
+ path = None
+ if 'admin.config.db' in cherrypy.config:
+ path = cherrypy.config['admin.config.db']
+ if not path:
+ path = os.path.join(self._path, 'adminconfig.sqlite')
+
+ return self._load_login_config(path)
+
diff --git a/src/util/page.py b/src/util/page.py
index 15cbed0..bf30c77 100755
--- a/src/util/page.py
+++ b/src/util/page.py
@@ -21,37 +21,33 @@ from util import user
import cherrypy
def protect():
- if cherrypy.request.login:
- user = cherrypy.session.get('user', None)
- if user == cherrypy.request.login:
- return
- else:
- cherrypy.session.regenerate()
- cherrypy.session['user'] = cherrypy.request.login
+ user.UserSession().remote_login()
class Page(object):
- def __init__(self, template_env):
- self._env = template_env
+ def __init__(self, site):
+ if not 'template_env' in site:
+ raise ValueError('Missing template environment')
+ self._site = site
self.basepath = cherrypy.config.get('base.mount', "")
self.username = None
+ self.user = None
def __call__(self, *args, **kwargs):
- self.username = cherrypy.session.get('user', None)
- self.user = user.User(self.username)
+ self.user = user.UserSession().get_user()
if len(args) > 0:
op = getattr(self, args[0], None)
if callable(op) and getattr(self, args[0]+'.exposed', None):
- return op(args[1:], **kwargs)
+ return op(*args[1:], **kwargs)
else:
op = getattr(self, 'root', None)
if callable(op):
- return op(**kwargs)
+ return op(*args, **kwargs)
return self.default(*args, **kwargs)
def _template(self, *args, **kwargs):
- t = self._env.get_template(args[0])
+ t = self._site['template_env'].get_template(args[0])
return t.render(basepath=self.basepath, user=self.user, **kwargs)
def default(self, *args, **kwargs):
diff --git a/src/util/plugin.py b/src/util/plugin.py
index be9ed02..0c8e466 100755
--- a/src/util/plugin.py
+++ b/src/util/plugin.py
@@ -37,8 +37,8 @@ class Plugins(object):
try:
if ext.lower() == '.py':
mod = imp.load_source(name, file_name)
- elif ex.lower() == '.pyc':
- mod = imp.load_compiled(name, file_name)
+ #elif ex.lower() == '.pyc':
+ # mod = imp.load_compiled(name, file_name)
else:
return
except Exception, e:
@@ -46,8 +46,10 @@ class Plugins(object):
return
if hasattr(mod, class_type):
- tree[name] = getattr(mod, class_type)()
- cherrypy.log.error('Added module %s' % (name))
+ instance = getattr(mod, class_type)()
+ public_name = getattr(instance, 'name', name)
+ tree[public_name] = instance
+ cherrypy.log.error('Added module %s as %s' % (name, public_name))
def _load_classes(self, tree, path, class_type):
files = None
@@ -58,23 +60,10 @@ class Plugins(object):
return
for name in files:
- filename = od.path.join(path, name)
+ filename = os.path.join(path, name)
self._load_class(tree, class_type, filename)
- def get_providers(self):
- if self._providers_tree is None:
- path = None
- if 'providers.dir' in cherrypy.config:
- path = cherrypy.config['providers.dir']
- if not path:
- path = os.path.join(self._path, 'providers')
-
- self._providers_tree = []
- self._load_classes(self._providers_tree, path, 'IdpProvider')
-
- return self._providers_tree
-
- def get_custom(self, class_type):
- tree = []
- self._load_classes(tree, class_type)
- return tree
+ def get_plugins(self, path, class_type):
+ plugins = dict()
+ self._load_classes(plugins, path, class_type)
+ return plugins
diff --git a/src/util/user.py b/src/util/user.py
index 1241340..f008571 100755
--- a/src/util/user.py
+++ b/src/util/user.py
@@ -18,6 +18,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from util import data
+import cherrypy
class Site(object):
def __init__(self, value):
@@ -38,6 +39,10 @@ class User(object):
store = data.Store()
return store._get_user_preferences(username)
+ def reset(self):
+ self.name = None
+ self._userdata = dict()
+
@property
def is_admin(self):
if 'is_admin' in self._userdata:
@@ -77,3 +82,36 @@ class User(object):
#TODO: implement setting sites via the user object ?
raise AttributeError
+
+class UserSession(object):
+ def __init__(self):
+ self.user = cherrypy.session.get('user', None)
+
+ def get_user(self):
+ return User(self.user)
+
+ def remote_login(self):
+ if cherrypy.request.login:
+ return self.login(cherrypy.request.login)
+
+ def login(self, username):
+ if self.user == username:
+ return
+
+ # REMOTE_USER changed, destroy old session and regenerate new
+ cherrypy.session.regenerate()
+ cherrypy.session['user'] = username
+ cherrypy.session.save()
+
+ cherrypy.log('LOGIN SUCCESSFUL: %s', username)
+
+ def logout(self, user):
+ if user is not None:
+ if not type(user) is User:
+ raise TypeError
+ # Completely reset user data
+ cherrypy.log.error('%s %s' % (user.name , user.fullname))
+ user.reset()
+
+ # Destroy current session in all cases
+ cherrypy.lib.sessions.expire()
diff --git a/templates/index.html b/templates/index.html
index 157c938..c983af2 100644
--- a/templates/index.html
+++ b/templates/index.html
@@ -9,7 +9,7 @@
<body>
<div id="container">
<div id="logo">
- <p>Ipsilon</p>
+ <p><a href="{{ basepath }}">Ipsilon</a></p>
</div>
<div id="admin">
{% if user.is_admin %}
@@ -23,7 +23,7 @@
</div>
<div id="content">
{% if not user.name %}
- <p>Please <a href="login">Log In</a>
+ <p>Please <a href="{{ basepath }}/login">Log In</a>
{% elif user.sites %}
<p>Registered application shortcuts:</p>
{% for site in user.sites %}
@@ -31,6 +31,11 @@
{% endfor %}
{% endif %}
</div>
+ <div id="logout">
+ {% if user.name %}
+ <p><a href="{{ basepath }}/logout">Log Out</a></p>
+ {% endif %}
+ </div>
</div>
</body>
</html>
diff --git a/templates/login/index.html b/templates/login/index.html
new file mode 100644
index 0000000..6b2e2cd
--- /dev/null
+++ b/templates/login/index.html
@@ -0,0 +1,24 @@
+<!doctype html>
+<html lang="en">
+<head>
+ <meta charset="UTF-8"></meta>
+ <title>{{ title }}</title>
+ <link href="{{ basepath }}/ui/ipsilon.css" type="text/css" rel="stylesheet"></link>
+ <link href="{{ basepath }}/ui/favicon.ico" type="image/ico" rel="icon"></link>
+</head>
+<body>
+ <div id="container">
+ <div id="logo">
+ <p>Ipsilon</p>
+ </div>
+ <div id="admin">
+ {% if user.is_admin %}
+ <a href="admin">admin</a>
+ {% endif %}
+ </div>
+ <div id="login">
+ <p>Redirecting ... {{ redirect }}</p>
+ </div>
+ </div>
+</body>
+</html>
diff --git a/templates/logout.html b/templates/logout.html
new file mode 100644
index 0000000..f6f61ac
--- /dev/null
+++ b/templates/logout.html
@@ -0,0 +1,24 @@
+<!doctype html>
+<html lang="en">
+<head>
+ <meta charset="UTF-8"></meta>
+ <title>{{ title }}</title>
+ <link href="{{ basepath }}/ui/ipsilon.css" type="text/css" rel="stylesheet"></link>
+ <link href="{{ basepath }}/ui/favicon.ico" type="image/ico" rel="icon"></link>
+</head>
+<body>
+ <div id="container">
+ <div id="logo">
+ <p><a href="{{ basepath }}">Ipsilon</a></p>
+ </div>
+ <div id="logout">
+ {% if user.name %}
+ <p>Something prevented a successful logout</p>
+ <p>You are still logged in as {{ user.fullname }}</p>
+ {% else %}
+ <p>Successfully logged out.</p>
+ <p>Return to <a href="{{ basepath }}">Home</a> page</p>
+ {% endif %}
+ </div>
+</body>
+</html>