diff options
author | Simo Sorce <simo@redhat.com> | 2013-12-19 23:32:47 -0500 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2014-01-23 18:52:51 -0500 |
commit | cd5fc1d17b16ac41c589130ccb0436d74d06a847 (patch) | |
tree | b1caa494ae933d8b5c2aa9fa7f221d31485a294b | |
parent | ee0d1ce71d1f4883aecc426595ac86322a91260e (diff) | |
download | ipsilon-cd5fc1d17b16ac41c589130ccb0436d74d06a847.tar.gz ipsilon-cd5fc1d17b16ac41c589130ccb0436d74d06a847.tar.xz ipsilon-cd5fc1d17b16ac41c589130ccb0436d74d06a847.zip |
Add infrastructure to handle login manager plugins
Signed-off-by: Simo Sorce <simo@redhat.com>
-rw-r--r-- | examples/ipsilon.conf | 2 | ||||
-rwxr-xr-x | src/ipsilon.py | 17 | ||||
-rw-r--r-- | src/login/__init__.py | 0 | ||||
-rwxr-xr-x | src/login/common.py | 153 | ||||
-rwxr-xr-x | src/root.py | 14 | ||||
-rwxr-xr-x | src/util/data.py | 55 | ||||
-rwxr-xr-x | src/util/page.py | 24 | ||||
-rwxr-xr-x | src/util/plugin.py | 33 | ||||
-rwxr-xr-x | src/util/user.py | 38 | ||||
-rw-r--r-- | templates/index.html | 9 | ||||
-rw-r--r-- | templates/login/index.html | 24 | ||||
-rw-r--r-- | templates/logout.html | 24 |
12 files changed, 344 insertions, 49 deletions
diff --git a/examples/ipsilon.conf b/examples/ipsilon.conf index fa75839..0f8e445 100644 --- a/examples/ipsilon.conf +++ b/examples/ipsilon.conf @@ -1,4 +1,6 @@ [global] +debug = True + log.screen = True base.mount = "/idp" base.dir = "../" diff --git a/src/ipsilon.py b/src/ipsilon.py index 7a782d6..3f3043b 100755 --- a/src/ipsilon.py +++ b/src/ipsilon.py @@ -24,7 +24,7 @@ import os import atexit import threading import cherrypy -from util import plugin +from login import common from util import data from util import page from jinja2 import Environment, FileSystemLoader @@ -32,27 +32,22 @@ import root cherrypy.config.update('ipsilon.conf') -plugins = plugin.Plugins(path=cherrypy.config['base.dir']) -idp_providers = plugins.get_providers() -if idp_providers: - cherrypy.config['idp_providers'] = idp_providers - datastore = data.Store() admin_config = datastore.get_admin_config() for option in admin_config: cherrypy.config[option] = admin_config[option] -templates = os.path.join(cherrypy.config['base.dir'], 'templates') -env = Environment(loader=FileSystemLoader(templates)) - cherrypy.tools.protect = cherrypy.Tool('before_handler', page.protect) +templates = os.path.join(cherrypy.config['base.dir'], 'templates') +template_env = Environment(loader=FileSystemLoader(templates)) + if __name__ == "__main__": conf = { '/': {'tools.staticdir.root': os.getcwd()}, '/ui': { 'tools.staticdir.on': True, 'tools.staticdir.dir': 'ui' } } - cherrypy.quickstart(root.Root(env), '/', conf) + cherrypy.quickstart(root.Root('default', template_env), '/', conf) else: cherrypy.config['environment'] = 'embedded' @@ -61,5 +56,5 @@ else: cherrypy.engine.start(blocking=False) atexit.register(cherrypy.engine.stop) - application = cherrypy.Application(root.Root(env), + application = cherrypy.Application(root.Root('default', template_env), script_name=None, config=None) diff --git a/src/login/__init__.py b/src/login/__init__.py new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/src/login/__init__.py diff --git a/src/login/common.py b/src/login/common.py new file mode 100755 index 0000000..bd39c22 --- /dev/null +++ b/src/login/common.py @@ -0,0 +1,153 @@ +#!/usr/bin/python +# +# Copyright (C) 2013 Simo Sorce <simo@redhat.com> +# +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +from util import data +from util import page +from util import user +from util import plugin +import cherrypy +import inspect +import os + +class LoginManagerBase(object): + + def __init__(self): + self.name = None + self.path = '/' + self._config = None + self._options = None + self.next_login = None + + def get_config_desc(self): + """ The configuration description is a dictionary that provides + A description of the supported configuration options, as well + as the default configuration option values. + The key is the option name, the value is an array of 3 elements: + - description + - option type + - default value + """ + return self._options + + def set_config(self, config): + self._config = config + + def get_config_value(self, name): + value = None + if self._config: + value = self._config.get(name, None) + if not value: + if self._options: + opt = self._options.get(name, None) + if opt: + value = opt[2] + + if cherrypy.config.get('debug', False): + cherrypy.log('[%s] %s: %s' % (self.name, name, value)) + + return value + + def redirect_to_path(self, path): + base = cherrypy.config.get('base.mount', "") + raise cherrypy.HTTPRedirect('%s/login/%s' % (base, path)) + + def auth_successful(self, username): + # save ref before calling UserSession login() as it + # may regenerate the session + ref = '/idp' + if 'referral' in cherrypy.session: + ref = cherrypy.session['referral'] + + user.UserSession().login(username) + raise cherrypy.HTTPRedirect(ref) + + def auth_failed(self): + # Just make sure we destroy the session + user.UserSession().logout(None) + + if self.next_login: + return self.redirect_to_path(self.next_login.path) + + # FIXME: show an error page instead + raise cherrypy.HTTPError(401) + + +class LoginPageBase(page.Page): + + def __init__(self, site, mgr): + super(LoginPageBase, self).__init__(site) + self.lm = mgr + + def root(self, *args, **kwargs): + raise cherrypy.HTTPError(500) + + +class Login(page.Page): + + def __init__(self, *args, **kwargs): + super(Login, self).__init__(*args, **kwargs) + (whitelist, config) = data.Store().get_login_config() + if whitelist is not None: + self.plugin_whitelist = whitelist + else: + self.plugin_whitelist = [] + + self._site['login_plugins'] = dict() + login_plugins = self._site['login_plugins'] + login_plugins['config'] = config + + plugins = plugin.Plugins(path=cherrypy.config['base.dir']) + (login_path, login_file) = os.path.split(inspect.getfile(Login)) + login_plugins['available'] = plugins.get_plugins(login_path, 'LoginManager') + login_plugins['enabled'] = [] + + prev_obj = None + for item in login_plugins['available']: + self._log('Login plugin available: %s' % item) + if item not in self.plugin_whitelist: + continue + self._log('Login plugin enabled: %s' % item) + login_plugins['enabled'].append(item) + obj = login_plugins['available'][item] + if prev_obj: + prev_obj.next_login = obj + else: + self.first_login = obj + prev_obj = obj + if item in config: + obj.set_config(config[item]) + self.__dict__[item] = obj.get_tree(self._site) + + + def _log(self, fact): + if cherrypy.config.get('debug', False): + cherrypy.log(fact) + + def root(self, *args, **kwargs): + if self.first_login: + raise cherrypy.HTTPRedirect('%s/login/%s' % (self.basepath, + self.first_login.path)) + return self._template('login/index.html', title='Login') + + +class Logout(page.Page): + + def root(self, *args, **kwargs): + user.UserSession().logout(self.user) + return self._template('logout.html', title='Logout') diff --git a/src/root.py b/src/root.py index a352641..fb1a6ae 100755 --- a/src/root.py +++ b/src/root.py @@ -18,9 +18,23 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. from util import page +from login import common as lc import cherrypy +sites = dict() + class Root(page.Page): + def __init__(self, site, template_env): + if not site in sites: + sites[site] = dict() + if template_env: + sites[site]['template_env'] = template_env + super(Root, self).__init__(sites[site]) + + # now set up the default login plugins + self.login = lc.Login(self._site) + self.logout = lc.Logout(self._site) + def root(self): return self._template('index.html', title='Root') diff --git a/src/util/data.py b/src/util/data.py index ec64588..c716ecf 100755 --- a/src/util/data.py +++ b/src/util/data.py @@ -110,3 +110,58 @@ class Store(object): path = os.path.join(self._path, 'userprefs.sqlite') return self._load_user_prefs(path, user) + + def _load_login_config(self, dbname): + con = None + rows = [] + try: + con = sqlite3.connect(dbname) + cur = con.cursor() + cur.executescript(""" + CREATE TABLE IF NOT EXISTS login_config(name TEXT, + option TEXT, + value TEXT) + """) + cur.execute("SELECT * FROM login_config") + rows = cur.fetchall() + con.commit() + except sqlite3.Error, e: + if con: + con.rollback() + cherrypy.log.error("Failed to load config: [%s]" % e) + finally: + if con: + con.close() + + lpo = [] + plco = dict() + for row in rows: + if row[0] == 'global': + if row[1] == 'order': + lpo = row[2].split(',') + continue + if row[0] not in plco: + # one dict per provider + plco[row[0]] = dict() + + conf = plco[row[0]] + if row[1] in conf: + if conf[row[1]] is list: + conf[row[1]].append(row[2]) + else: + v = conf[row[1]] + conf[row[1]] = [v, row[2]] + else: + conf[row[1]] = row[2] + + return (lpo, plco); + + def get_login_config(self): + path = None + if 'admin.config.db' in cherrypy.config: + path = cherrypy.config['admin.config.db'] + if not path: + path = os.path.join(self._path, 'adminconfig.sqlite') + + return self._load_login_config(path) + diff --git a/src/util/page.py b/src/util/page.py index 15cbed0..bf30c77 100755 --- a/src/util/page.py +++ b/src/util/page.py @@ -21,37 +21,33 @@ from util import user import cherrypy def protect(): - if cherrypy.request.login: - user = cherrypy.session.get('user', None) - if user == cherrypy.request.login: - return - else: - cherrypy.session.regenerate() - cherrypy.session['user'] = cherrypy.request.login + user.UserSession().remote_login() class Page(object): - def __init__(self, template_env): - self._env = template_env + def __init__(self, site): + if not 'template_env' in site: + raise ValueError('Missing template environment') + self._site = site self.basepath = cherrypy.config.get('base.mount', "") self.username = None + self.user = None def __call__(self, *args, **kwargs): - self.username = cherrypy.session.get('user', None) - self.user = user.User(self.username) + self.user = user.UserSession().get_user() if len(args) > 0: op = getattr(self, args[0], None) if callable(op) and getattr(self, args[0]+'.exposed', None): - return op(args[1:], **kwargs) + return op(*args[1:], **kwargs) else: op = getattr(self, 'root', None) if callable(op): - return op(**kwargs) + return op(*args, **kwargs) return self.default(*args, **kwargs) def _template(self, *args, **kwargs): - t = self._env.get_template(args[0]) + t = self._site['template_env'].get_template(args[0]) return t.render(basepath=self.basepath, user=self.user, **kwargs) def default(self, *args, **kwargs): diff --git a/src/util/plugin.py b/src/util/plugin.py index be9ed02..0c8e466 100755 --- a/src/util/plugin.py +++ b/src/util/plugin.py @@ -37,8 +37,8 @@ class Plugins(object): try: if ext.lower() == '.py': mod = imp.load_source(name, file_name) - elif ex.lower() == '.pyc': - mod = imp.load_compiled(name, file_name) + #elif ex.lower() == '.pyc': + # mod = imp.load_compiled(name, file_name) else: return except Exception, e: @@ -46,8 +46,10 @@ class Plugins(object): return if hasattr(mod, class_type): - tree[name] = getattr(mod, class_type)() - cherrypy.log.error('Added module %s' % (name)) + instance = getattr(mod, class_type)() + public_name = getattr(instance, 'name', name) + tree[public_name] = instance + cherrypy.log.error('Added module %s as %s' % (name, public_name)) def _load_classes(self, tree, path, class_type): files = None @@ -58,23 +60,10 @@ class Plugins(object): return for name in files: - filename = od.path.join(path, name) + filename = os.path.join(path, name) self._load_class(tree, class_type, filename) - def get_providers(self): - if self._providers_tree is None: - path = None - if 'providers.dir' in cherrypy.config: - path = cherrypy.config['providers.dir'] - if not path: - path = os.path.join(self._path, 'providers') - - self._providers_tree = [] - self._load_classes(self._providers_tree, path, 'IdpProvider') - - return self._providers_tree - - def get_custom(self, class_type): - tree = [] - self._load_classes(tree, class_type) - return tree + def get_plugins(self, path, class_type): + plugins = dict() + self._load_classes(plugins, path, class_type) + return plugins diff --git a/src/util/user.py b/src/util/user.py index 1241340..f008571 100755 --- a/src/util/user.py +++ b/src/util/user.py @@ -18,6 +18,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. from util import data +import cherrypy class Site(object): def __init__(self, value): @@ -38,6 +39,10 @@ class User(object): store = data.Store() return store._get_user_preferences(username) + def reset(self): + self.name = None + self._userdata = dict() + @property def is_admin(self): if 'is_admin' in self._userdata: @@ -77,3 +82,36 @@ class User(object): #TODO: implement setting sites via the user object ? raise AttributeError + +class UserSession(object): + def __init__(self): + self.user = cherrypy.session.get('user', None) + + def get_user(self): + return User(self.user) + + def remote_login(self): + if cherrypy.request.login: + return self.login(cherrypy.request.login) + + def login(self, username): + if self.user == username: + return + + # REMOTE_USER changed, destroy old session and regenerate new + cherrypy.session.regenerate() + cherrypy.session['user'] = username + cherrypy.session.save() + + cherrypy.log('LOGIN SUCCESSFUL: %s', username) + + def logout(self, user): + if user is not None: + if not type(user) is User: + raise TypeError + # Completely reset user data + cherrypy.log.error('%s %s' % (user.name , user.fullname)) + user.reset() + + # Destroy current session in all cases + cherrypy.lib.sessions.expire() diff --git a/templates/index.html b/templates/index.html index 157c938..c983af2 100644 --- a/templates/index.html +++ b/templates/index.html @@ -9,7 +9,7 @@ <body> <div id="container"> <div id="logo"> - <p>Ipsilon</p> + <p><a href="{{ basepath }}">Ipsilon</a></p> </div> <div id="admin"> {% if user.is_admin %} @@ -23,7 +23,7 @@ </div> <div id="content"> {% if not user.name %} - <p>Please <a href="login">Log In</a> + <p>Please <a href="{{ basepath }}/login">Log In</a> {% elif user.sites %} <p>Registered application shortcuts:</p> {% for site in user.sites %} @@ -31,6 +31,11 @@ {% endfor %} {% endif %} </div> + <div id="logout"> + {% if user.name %} + <p><a href="{{ basepath }}/logout">Log Out</a></p> + {% endif %} + </div> </div> </body> </html> diff --git a/templates/login/index.html b/templates/login/index.html new file mode 100644 index 0000000..6b2e2cd --- /dev/null +++ b/templates/login/index.html @@ -0,0 +1,24 @@ +<!doctype html> +<html lang="en"> +<head> + <meta charset="UTF-8"></meta> + <title>{{ title }}</title> + <link href="{{ basepath }}/ui/ipsilon.css" type="text/css" rel="stylesheet"></link> + <link href="{{ basepath }}/ui/favicon.ico" type="image/ico" rel="icon"></link> +</head> +<body> + <div id="container"> + <div id="logo"> + <p>Ipsilon</p> + </div> + <div id="admin"> + {% if user.is_admin %} + <a href="admin">admin</a> + {% endif %} + </div> + <div id="login"> + <p>Redirecting ... {{ redirect }}</p> + </div> + </div> +</body> +</html> diff --git a/templates/logout.html b/templates/logout.html new file mode 100644 index 0000000..f6f61ac --- /dev/null +++ b/templates/logout.html @@ -0,0 +1,24 @@ +<!doctype html> +<html lang="en"> +<head> + <meta charset="UTF-8"></meta> + <title>{{ title }}</title> + <link href="{{ basepath }}/ui/ipsilon.css" type="text/css" rel="stylesheet"></link> + <link href="{{ basepath }}/ui/favicon.ico" type="image/ico" rel="icon"></link> +</head> +<body> + <div id="container"> + <div id="logo"> + <p><a href="{{ basepath }}">Ipsilon</a></p> + </div> + <div id="logout"> + {% if user.name %} + <p>Something prevented a successful logout</p> + <p>You are still logged in as {{ user.fullname }}</p> + {% else %} + <p>Successfully logged out.</p> + <p>Return to <a href="{{ basepath }}">Home</a> page</p> + {% endif %} + </div> +</body> +</html> |