diff options
Diffstat (limited to 'ipsilon')
-rw-r--r-- | ipsilon/__init__.py | 0 | ||||
-rw-r--r-- | ipsilon/admin/__init__.py | 0 | ||||
-rwxr-xr-x | ipsilon/admin/common.py | 123 | ||||
-rwxr-xr-x | ipsilon/ipsilon.py | 60 | ||||
-rw-r--r-- | ipsilon/login/__init__.py | 0 | ||||
-rwxr-xr-x | ipsilon/login/authkrb.py | 78 | ||||
-rwxr-xr-x | ipsilon/login/authpam.py | 112 | ||||
-rwxr-xr-x | ipsilon/login/common.py | 158 | ||||
-rwxr-xr-x | ipsilon/root.py | 44 | ||||
-rw-r--r-- | ipsilon/util/__init__.py | 0 | ||||
-rwxr-xr-x | ipsilon/util/data.py | 197 | ||||
-rwxr-xr-x | ipsilon/util/page.py | 56 | ||||
-rwxr-xr-x | ipsilon/util/plugin.py | 69 | ||||
-rwxr-xr-x | ipsilon/util/user.py | 117 |
14 files changed, 1014 insertions, 0 deletions
diff --git a/ipsilon/__init__.py b/ipsilon/__init__.py new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/ipsilon/__init__.py diff --git a/ipsilon/admin/__init__.py b/ipsilon/admin/__init__.py new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/ipsilon/admin/__init__.py diff --git a/ipsilon/admin/common.py b/ipsilon/admin/common.py new file mode 100755 index 0000000..6c975b1 --- /dev/null +++ b/ipsilon/admin/common.py @@ -0,0 +1,123 @@ +#!/usr/bin/python +# +# Copyright (C) 2014 Simo Sorce <simo@redhat.com> +# +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +from util import data +from util import page +from util import user +import cherrypy + +def admin_protect(fn): + + def check(*args, **kwargs): + if user.UserSession().get_user().is_admin: + return fn(*args, **kwargs) + + raise cherrypy.HTTPError(403) + + return check + +class LoginPluginPage(page.Page): + + def __init__(self, obj, site, baseurl): + super(LoginPluginPage, self).__init__(site) + self._obj = obj + self.url = '%s/%s' % (baseurl, obj.name) + + # Get the defaults + self.plugin_config = obj.get_config_desc() + if not self.plugin_config: + self.plugin_config = [] + + # Now overlay the actual config + for option in self.plugin_config: + self.plugin_config[option][2] = obj.get_config_value(option) + + @admin_protect + def GET(self, *args, **kwargs): + return self._template('admin/login_plugin.html', + title='%s plugin' % self._obj.name, + name='admin_login_%s_form' % self._obj.name, + action=self.url, + options=self.plugin_config) + + @admin_protect + def POST(self, *args, **kwargs): + + message = "Nothing was modified." + new_values = dict() + + for key, value in kwargs.iteritems(): + if key in self.plugin_config: + if value != self.plugin_config[key][2]: + cherrypy.log.error("Storing [%s]: %s = %s" % ( + self._obj.name, key, value)) + new_values[key] = value + + if len(new_values) != 0: + # First we try to save in the database + try: + store = data.Store() + store.save_login_plugin_config(self._obj.name, new_values) + message = "New configuration saved." + except Exception, e: + message = "Failed to save data!" + + # And only if it succeeds we change the live object + for name, value in new_values.items(): + self._obj.set_config_value(name, value) + self.plugin_config[name][2] = value + + return self._template('admin/login_plugin.html', + message=message, + title='%s plugin' % self._obj.name, + name='admin_login_%s_form' % self._obj.name, + action=self.url, + options=self.plugin_config) + + def root(self, *args, **kwargs): + cherrypy.log.error("method: %s" % cherrypy.request.method) + op = getattr(self, cherrypy.request.method, self.GET) + if callable(op): + return op(*args, **kwargs) + + +class LoginPlugins(page.Page): + def __init__(self, site, baseurl): + super(LoginPlugins, self).__init__(site) + self.url = '%s/login' % baseurl + + for plugin in self._site['login_plugins']['available']: + cherrypy.log.error('Admin login plugin: %s' % plugin) + obj = self._site['login_plugins']['available'][plugin] + self.__dict__[plugin] = LoginPluginPage(obj, self._site, self.url) + + +class Admin(page.Page): + + def __init__(self, *args, **kwargs): + super(Admin, self).__init__(*args, **kwargs) + self.url = '%s/admin' % self.basepath + self.login = LoginPlugins(self._site, self.url) + + def root(self, *args, **kwargs): + login_plugins = self._site['login_plugins'] + return self._template('admin/index.html', title='Administration', + available = login_plugins['available'], + enabled = login_plugins['enabled']) + diff --git a/ipsilon/ipsilon.py b/ipsilon/ipsilon.py new file mode 100755 index 0000000..3f3043b --- /dev/null +++ b/ipsilon/ipsilon.py @@ -0,0 +1,60 @@ +#!/usr/bin/python +# +# Copyright (C) 2013 Simo Sorce <simo@redhat.com> +# +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import sys +sys.stdout = sys.stderr + +import os +import atexit +import threading +import cherrypy +from login import common +from util import data +from util import page +from jinja2 import Environment, FileSystemLoader +import root + +cherrypy.config.update('ipsilon.conf') + +datastore = data.Store() +admin_config = datastore.get_admin_config() +for option in admin_config: + cherrypy.config[option] = admin_config[option] + +cherrypy.tools.protect = cherrypy.Tool('before_handler', page.protect) + +templates = os.path.join(cherrypy.config['base.dir'], 'templates') +template_env = Environment(loader=FileSystemLoader(templates)) + +if __name__ == "__main__": + conf = { '/': {'tools.staticdir.root': os.getcwd()}, + '/ui': { 'tools.staticdir.on': True, + 'tools.staticdir.dir': 'ui' } + } + cherrypy.quickstart(root.Root('default', template_env), '/', conf) + +else: + cherrypy.config['environment'] = 'embedded' + + if cherrypy.__version__.startswith('3.0') and cherrypy.engine.state == 0: + cherrypy.engine.start(blocking=False) + atexit.register(cherrypy.engine.stop) + + application = cherrypy.Application(root.Root('default', template_env), + script_name=None, config=None) diff --git a/ipsilon/login/__init__.py b/ipsilon/login/__init__.py new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/ipsilon/login/__init__.py diff --git a/ipsilon/login/authkrb.py b/ipsilon/login/authkrb.py new file mode 100755 index 0000000..867da0c --- /dev/null +++ b/ipsilon/login/authkrb.py @@ -0,0 +1,78 @@ +#!/usr/bin/python +# +# Copyright (C) 2014 Simo Sorce <simo@redhat.com> +# +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +from login import common +from util import page +import cherrypy + +class Krb(common.LoginPageBase): + + def root(self, *args, **kwargs): + # Someone typed manually or a robot is walking th tree. + # Redirect to default page + return self.lm.redirect_to_path(self.lm.path) + + +class KrbAuth(common.LoginPageBase): + + def root(self, *args, **kwargs): + # If we can get here, we must be authenticated and remote_user + # was set. Check the session has a use set already or error. + if self.user and self.user.name: + return self.lm.auth_successful(self.user.name) + else: + return self.lm.auth_failed() + + +class KrbError(common.LoginPageBase): + + def root(self, *args, **kwargs): + cherrypy.log.error('REQUEST: %s' % cherrypy.request.headers) + # If we have no negotiate header return whatever mod_auth_kerb + # generated and wait for the next request + + if not 'WWW-Authenticate' in cherrypy.request.headers: + cherrypy.response.status = 401 + + if self.lm.next_login: + return self.lm.next_login.page.root(*args, **kwargs) + + conturl = '%s/login' % self.basepath + return self._template('login/krb.html', + title='Kerberos Login', + cont=conturl) + + # If we get here, negotiate failed + return self.lm.auth_failed() + +class LoginManager(common.LoginManagerBase): + + def __init__(self, *args, **kwargs): + super(LoginManager, self).__init__(*args, **kwargs) + self.name = 'krb' + self.path = 'krb/negotiate' + self.description = """ +Kereros Negotiate authentication plugin. Relies on the mod_auth_kerb apache +plugin for actual authentication. """ + + def get_tree(self, site): + self.page = Krb(site, self) + self.page.negotiate = KrbAuth(site, self) + self.page.unauthorized = KrbError(site, self) + return self.page diff --git a/ipsilon/login/authpam.py b/ipsilon/login/authpam.py new file mode 100755 index 0000000..d11731d --- /dev/null +++ b/ipsilon/login/authpam.py @@ -0,0 +1,112 @@ +#!/usr/bin/python +# +# Copyright (C) 2013 Simo Sorce <simo@redhat.com> +# +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +from login import common +from util import page +import cherrypy +import pam + +class Pam(common.LoginPageBase): + + def _authenticate(self, username, password): + if self.lm.service_name: + ok = pam.authenticate(username, password, self.lm.service_name) + else: + ok = pam.authenticate(username, password) + + if ok: + cherrypy.log("User %s successfully authenticated." % username) + return username + + cherrypy.log("User %s failed authentication." % username) + return None + + def GET(self, *args, **kwargs): + return self._template('login/pam.html', title='Login', + action='%s/login/pam' % self.basepath, + service_name=self.lm.service_name, + username_text=self.lm.username_text, + password_text=self.lm.password_text) + + def POST(self, *args, **kwargs): + username = None + password = None + user = None + for key, value in kwargs.iteritems(): + if key == 'login_name': + username = value + elif key == 'login_password': + password = value + if username is not None and password is not None: + user = self._authenticate(username, password) + else: + cherrypy.log.error("Error: Username or password is missing") + + if user: + return self.lm.auth_successful(user) + else: + return self.lm.auth_failed() + + def root(self, *args, **kwargs): + op = getattr(self, cherrypy.request.method, self.GET) + if callable(op): + return op(*args, **kwargs) + +class LoginManager(common.LoginManagerBase): + + def __init__(self, *args, **kwargs): + super(LoginManager, self).__init__(*args, **kwargs) + self.name = 'pam' + self.path = 'pam' + self.description = """ +Form based login Manager that uses the system's PAM infrastructure +for authentication. """ + self._options = { + 'service name': [ + """ The name of the PAM service used to authenticate. """, + 'string', + 'remote' + ], + 'username text': [ + """ The text shown to ask for the username in the form. """, + 'string', + 'Username' + ], + 'password text': [ + """ The text shown to ask for the password in the form. """, + 'string', + 'Password' + ], + } + + @property + def service_name(self): + return self.get_config_value('service name') + + @property + def username_text(self): + return self.get_config_value('username text') + + @property + def password_text(self): + return self.get_config_value('password text') + + def get_tree(self, site): + self.page = Pam(site, self) + return self.page diff --git a/ipsilon/login/common.py b/ipsilon/login/common.py new file mode 100755 index 0000000..7a11f18 --- /dev/null +++ b/ipsilon/login/common.py @@ -0,0 +1,158 @@ +#!/usr/bin/python +# +# Copyright (C) 2013 Simo Sorce <simo@redhat.com> +# +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +from util import data +from util import page +from util import user +from util import plugin +import cherrypy +import inspect +import os + +class LoginManagerBase(object): + + def __init__(self): + self.name = None + self.path = '/' + self._config = None + self._options = None + self.next_login = None + + def get_config_desc(self): + """ The configuration description is a dictionary that provides + A description of the supported configuration options, as well + as the default configuration option values. + The key is the option name, the value is an array of 3 elements: + - description + - option type + - default value + """ + return self._options + + def set_config(self, config): + self._config = config + + def get_config_value(self, name): + value = None + if self._config: + value = self._config.get(name, None) + if not value: + if self._options: + opt = self._options.get(name, None) + if opt: + value = opt[2] + + if cherrypy.config.get('debug', False): + cherrypy.log('[%s] %s: %s' % (self.name, name, value)) + + return value + + def set_config_value(self, option, value): + if not self._config: + self._config = dict() + self._config[option] = value + + def redirect_to_path(self, path): + base = cherrypy.config.get('base.mount', "") + raise cherrypy.HTTPRedirect('%s/login/%s' % (base, path)) + + def auth_successful(self, username): + # save ref before calling UserSession login() as it + # may regenerate the session + ref = '/idp' + if 'referral' in cherrypy.session: + ref = cherrypy.session['referral'] + + user.UserSession().login(username) + raise cherrypy.HTTPRedirect(ref) + + def auth_failed(self): + # Just make sure we destroy the session + user.UserSession().logout(None) + + if self.next_login: + return self.redirect_to_path(self.next_login.path) + + # FIXME: show an error page instead + raise cherrypy.HTTPError(401) + + +class LoginPageBase(page.Page): + + def __init__(self, site, mgr): + super(LoginPageBase, self).__init__(site) + self.lm = mgr + + def root(self, *args, **kwargs): + raise cherrypy.HTTPError(500) + + +class Login(page.Page): + + def __init__(self, *args, **kwargs): + super(Login, self).__init__(*args, **kwargs) + (whitelist, config) = data.Store().get_login_config() + if whitelist is not None: + self.plugin_whitelist = whitelist + else: + self.plugin_whitelist = [] + + self._site['login_plugins'] = dict() + login_plugins = self._site['login_plugins'] + login_plugins['config'] = config + + plugins = plugin.Plugins(path=cherrypy.config['base.dir']) + (login_path, login_file) = os.path.split(inspect.getfile(Login)) + login_plugins['available'] = plugins.get_plugins(login_path, 'LoginManager') + login_plugins['enabled'] = [] + + prev_obj = None + for item in login_plugins['available']: + self._log('Login plugin available: %s' % item) + if item not in self.plugin_whitelist: + continue + self._log('Login plugin enabled: %s' % item) + login_plugins['enabled'].append(item) + obj = login_plugins['available'][item] + if prev_obj: + prev_obj.next_login = obj + else: + self.first_login = obj + prev_obj = obj + if item in config: + obj.set_config(config[item]) + self.__dict__[item] = obj.get_tree(self._site) + + + def _log(self, fact): + if cherrypy.config.get('debug', False): + cherrypy.log(fact) + + def root(self, *args, **kwargs): + if self.first_login: + raise cherrypy.HTTPRedirect('%s/login/%s' % (self.basepath, + self.first_login.path)) + return self._template('login/index.html', title='Login') + + +class Logout(page.Page): + + def root(self, *args, **kwargs): + user.UserSession().logout(self.user) + return self._template('logout.html', title='Logout') diff --git a/ipsilon/root.py b/ipsilon/root.py new file mode 100755 index 0000000..160e85e --- /dev/null +++ b/ipsilon/root.py @@ -0,0 +1,44 @@ +#!/usr/bin/python +# +# Copyright (C) 2013 Simo Sorce <simo@redhat.com> +# +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +from util import page +from login import common as lc +from admin import common as ac +import cherrypy + +sites = dict() + +class Root(page.Page): + + def __init__(self, site, template_env): + if not site in sites: + sites[site] = dict() + if template_env: + sites[site]['template_env'] = template_env + super(Root, self).__init__(sites[site]) + + # now set up the default login plugins + self.login = lc.Login(self._site) + self.logout = lc.Logout(self._site) + + # after all plugins are setup we can instantiate the admin pages + self.admin = ac.Admin(self._site) + + def root(self): + return self._template('index.html', title='Root') diff --git a/ipsilon/util/__init__.py b/ipsilon/util/__init__.py new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/ipsilon/util/__init__.py diff --git a/ipsilon/util/data.py b/ipsilon/util/data.py new file mode 100755 index 0000000..3fda6d3 --- /dev/null +++ b/ipsilon/util/data.py @@ -0,0 +1,197 @@ +#!/usr/bin/python +# +# Copyright (C) 2013 Simo Sorce <simo@redhat.com> +# +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import os +import sqlite3 +import cherrypy + +class Store(object): + + def __init__(self, path=None): + if path is None: + self._path = os.getcwd() + else: + self._path = path + self._admin_dbname = self._get_admin_dbname() + self._user_dbname = self._get_userprefs_dbname() + + def _get_admin_dbname(self): + path = None + if 'admin.config.db' in cherrypy.config: + path = cherrypy.config['admin.config.db'] + if not path: + path = os.path.join(self._path, 'adminconfig.sqlite') + return path + + def _get_userprefs_dbname(self): + path = None + if 'user.prefs.db' in cherrypy.config: + path = cherrypy.config['user.prefs.db'] + if not path: + path = os.path.join(self._path, 'userprefs.sqlite') + return path + + def _load_config(self, dbname): + con = None + rows = [] + try: + con = sqlite3.connect(dbname) + cur = con.cursor() + cur.executescript(""" + CREATE TABLE IF NOT EXISTS config(name TEXT, value TEXT) + """) + cur.execute("SELECT * FROM config") + rows = cur.fetchall() + con.commit() + except sqlite3.Error, e: + if con: + con.rollback() + cherrypy.log.error("Failed to load config: [%s]" % e) + finally: + if con: + con.close() + + conf = {} + for row in rows: + if row[0] in conf: + # multivalued + if conf[row[0]] is list: + conf[row[0]].append(row[1]) + else: + v = conf[row[0]] + conf[row[0]] = [v, row[1]] + else: + conf[row[0]] = row[1] + + return conf + + def get_admin_config(self): + return self._load_config(self._admin_dbname) + + def _load_user_prefs(self, dbname, user): + con = None + rows = [] + try: + con = sqlite3.connect(dbname) + cur = con.cursor() + cur.executescript(""" + CREATE TABLE IF NOT EXISTS users(name TEXT, + option TEXT, + value TEXT) + """) + cur.execute("SELECT option, value FROM users " + "where name = '%s'" % user) + rows = cur.fetchall() + con.commit() + except sqlite3.Error, e: + if con: + con.rollback() + cherrypy.log.error("Failed to load %s's prefs from " + "%s: [%s]" % ( user, dbname, e)) + finally: + if con: + con.close() + + conf = {} + for row in rows: + conf[row[0]] = row[1] + + return conf + + def _get_user_preferences(self, user): + return self._load_user_prefs(self._user_dbname, user) + + def _load_login_config(self, dbname): + con = None + rows = [] + try: + con = sqlite3.connect(dbname) + cur = con.cursor() + cur.executescript(""" + CREATE TABLE IF NOT EXISTS login_config(name TEXT, + option TEXT, + value TEXT) + """) + cur.execute("SELECT * FROM login_config") + rows = cur.fetchall() + con.commit() + except sqlite3.Error, e: + if con: + con.rollback() + cherrypy.log.error("Failed to load config: [%s]" % e) + finally: + if con: + con.close() + + lpo = [] + plco = dict() + for row in rows: + if row[0] == 'global': + if row[1] == 'order': + lpo = row[2].split(',') + continue + if row[0] not in plco: + # one dict per provider + plco[row[0]] = dict() + + conf = plco[row[0]] + if row[1] in conf: + if conf[row[1]] is list: + conf[row[1]].append(row[2]) + else: + v = conf[row[1]] + conf[row[1]] = [v, row[2]] + else: + conf[row[1]] = row[2] + + return (lpo, plco); + + def get_login_config(self): + return self._load_login_config(self._admin_dbname) + + def save_login_plugin_config(self, name, options): + con = None + try: + con = sqlite3.connect(self._admin_dbname) + cur = con.cursor() + curvals = dict() + for row in cur.execute( + "SELECT option, value FROM login_config WHERE name=?", + (name,)): + curvals[row[0]] = row[1] + + for o in options: + if o in curvals: + cur.execute( + "UPDATE login_config SET value=? WHERE name=? AND option=?", + (options[o], name, o)) + else: + cur.execute( + "INSERT INTO login_config VALUES(?,?,?)", + (name, o, options[o])) + + con.commit() + except sqlite3.Error, e: + if con: + con.rollback() + cherrypy.log.error("Failed to store config: [%s]" % e) + raise + finally: + if con: + con.close() diff --git a/ipsilon/util/page.py b/ipsilon/util/page.py new file mode 100755 index 0000000..bf30c77 --- /dev/null +++ b/ipsilon/util/page.py @@ -0,0 +1,56 @@ +#!/usr/bin/python +# +# Copyright (C) 2013 Simo Sorce <simo@redhat.com> +# +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +from util import user +import cherrypy + +def protect(): + user.UserSession().remote_login() + +class Page(object): + def __init__(self, site): + if not 'template_env' in site: + raise ValueError('Missing template environment') + self._site = site + self.basepath = cherrypy.config.get('base.mount', "") + self.username = None + self.user = None + + def __call__(self, *args, **kwargs): + self.user = user.UserSession().get_user() + + if len(args) > 0: + op = getattr(self, args[0], None) + if callable(op) and getattr(self, args[0]+'.exposed', None): + return op(*args[1:], **kwargs) + else: + op = getattr(self, 'root', None) + if callable(op): + return op(*args, **kwargs) + + return self.default(*args, **kwargs) + + def _template(self, *args, **kwargs): + t = self._site['template_env'].get_template(args[0]) + return t.render(basepath=self.basepath, user=self.user, **kwargs) + + def default(self, *args, **kwargs): + raise cherrypy.HTTPError(404) + + exposed = True diff --git a/ipsilon/util/plugin.py b/ipsilon/util/plugin.py new file mode 100755 index 0000000..0c8e466 --- /dev/null +++ b/ipsilon/util/plugin.py @@ -0,0 +1,69 @@ +#!/usr/bin/python +# +# Copyright (C) 2013 Simo Sorce <simo@redhat.com> +# +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import os +import imp +import cherrypy + +class Plugins(object): + + def __init__(self, path=None): + if path is None: + self._path = os.getcwd() + else: + self._path = path + self._providers_tree = None + + def _load_class(self, tree, class_type, file_name): + cherrypy.log.error('Check module %s for class %s' % (file_name, + class_type)) + name, ext = os.path.splitext(os.path.split(file_name)[-1]) + try: + if ext.lower() == '.py': + mod = imp.load_source(name, file_name) + #elif ex.lower() == '.pyc': + # mod = imp.load_compiled(name, file_name) + else: + return + except Exception, e: + cherrypy.log.error('Failed to load "%s" module: [%s]' % (name, e)) + return + + if hasattr(mod, class_type): + instance = getattr(mod, class_type)() + public_name = getattr(instance, 'name', name) + tree[public_name] = instance + cherrypy.log.error('Added module %s as %s' % (name, public_name)) + + def _load_classes(self, tree, path, class_type): + files = None + try: + files = os.listdir(path) + except Exception, e: + cherrypy.log.error('No modules in %s: [%s]' % (path, e)) + return + + for name in files: + filename = os.path.join(path, name) + self._load_class(tree, class_type, filename) + + def get_plugins(self, path, class_type): + plugins = dict() + self._load_classes(plugins, path, class_type) + return plugins diff --git a/ipsilon/util/user.py b/ipsilon/util/user.py new file mode 100755 index 0000000..f008571 --- /dev/null +++ b/ipsilon/util/user.py @@ -0,0 +1,117 @@ +#!/usr/bin/python +# +# Copyright (C) 2013 Simo Sorce <simo@redhat.com> +# +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +from util import data +import cherrypy + +class Site(object): + def __init__(self, value): + # implement lookup of sites id for link/name + self.link = value + self.name = value + +class User(object): + def __init__(self, username): + if username is None: + self.name = None + self._userdata = dict() + else: + self._userdata = self._get_user_data(username) + self.name = username + + def _get_user_data(self, username): + store = data.Store() + return store._get_user_preferences(username) + + def reset(self): + self.name = None + self._userdata = dict() + + @property + def is_admin(self): + if 'is_admin' in self._userdata: + if self._userdata['is_admin'] == '1': + return True + return False + + @is_admin.setter + def is_admin(self, value): + if value is True: + self._userdata['is_admin'] = '1' + else: + self._userdata['is_admin'] = '0' + + @property + def fullname(self): + if 'fullname' in self._userdata: + return self._userdata['fullname'] + else: + return self.name + + @fullname.setter + def fullname(self, value): + self._userdata['fullname'] = value + + @property + def sites(self): + if 'sites' in self._userdata: + d = [] + for site in self._userdata['sites']: + d.append(Site(site)) + else: + return [] + + @sites.setter + def sites(self): + #TODO: implement setting sites via the user object ? + raise AttributeError + + +class UserSession(object): + def __init__(self): + self.user = cherrypy.session.get('user', None) + + def get_user(self): + return User(self.user) + + def remote_login(self): + if cherrypy.request.login: + return self.login(cherrypy.request.login) + + def login(self, username): + if self.user == username: + return + + # REMOTE_USER changed, destroy old session and regenerate new + cherrypy.session.regenerate() + cherrypy.session['user'] = username + cherrypy.session.save() + + cherrypy.log('LOGIN SUCCESSFUL: %s', username) + + def logout(self, user): + if user is not None: + if not type(user) is User: + raise TypeError + # Completely reset user data + cherrypy.log.error('%s %s' % (user.name , user.fullname)) + user.reset() + + # Destroy current session in all cases + cherrypy.lib.sessions.expire() |