diff options
Diffstat (limited to 'ipsilon')
-rwxr-xr-x | ipsilon/idpserver.py | 10 | ||||
-rw-r--r-- | ipsilon/login/__init__.py | 0 | ||||
-rwxr-xr-x | ipsilon/login/common.py | 114 | ||||
-rwxr-xr-x | ipsilon/root.py | 15 | ||||
-rwxr-xr-x | ipsilon/util/page.py | 26 | ||||
-rwxr-xr-x | ipsilon/util/user.py | 39 |
6 files changed, 183 insertions, 21 deletions
diff --git a/ipsilon/idpserver.py b/ipsilon/idpserver.py index 41a2cf4..f9fb527 100755 --- a/ipsilon/idpserver.py +++ b/ipsilon/idpserver.py @@ -35,16 +35,16 @@ admin_config = datastore.get_admin_config() for option in admin_config: cherrypy.config[option] = admin_config[option] -templates = os.path.join(cherrypy.config['base.dir'], 'templates') -env = Environment(loader=FileSystemLoader(templates)) - cherrypy.tools.protect = cherrypy.Tool('before_handler', page.protect) +templates = os.path.join(cherrypy.config['base.dir'], 'templates') +template_env = Environment(loader=FileSystemLoader(templates)) + if __name__ == "__main__": conf = {'/': {'tools.staticdir.root': os.getcwd()}, '/ui': {'tools.staticdir.on': True, 'tools.staticdir.dir': 'ui'}} - cherrypy.quickstart(Root(env), '/', conf) + cherrypy.quickstart(Root('default', template_env), '/', conf) else: cherrypy.config['environment'] = 'embedded' @@ -53,5 +53,5 @@ else: cherrypy.engine.start(blocking=False) atexit.register(cherrypy.engine.stop) - application = cherrypy.Application(Root(env), + application = cherrypy.Application(Root('default', template_env), script_name=None, config=None) diff --git a/ipsilon/login/__init__.py b/ipsilon/login/__init__.py new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/ipsilon/login/__init__.py diff --git a/ipsilon/login/common.py b/ipsilon/login/common.py new file mode 100755 index 0000000..416ff31 --- /dev/null +++ b/ipsilon/login/common.py @@ -0,0 +1,114 @@ +#!/usr/bin/python +# +# Copyright (C) 2013 Simo Sorce <simo@redhat.com> +# +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +from ipsilon.util.page import Page +from ipsilon.util.user import UserSession +from ipsilon.util.plugin import PluginLoader, PluginObject +import cherrypy + + +class LoginManagerBase(PluginObject): + + def __init__(self): + super(LoginManagerBase, self).__init__() + self.path = '/' + self.next_login = None + + def redirect_to_path(self, path): + base = cherrypy.config.get('base.mount', "") + raise cherrypy.HTTPRedirect('%s/login/%s' % (base, path)) + + def auth_successful(self, username): + # save ref before calling UserSession login() as it + # may regenerate the session + ref = '/idp' + if 'referral' in cherrypy.session: + ref = cherrypy.session['referral'] + + UserSession().login(username) + raise cherrypy.HTTPRedirect(ref) + + def auth_failed(self): + # Just make sure we destroy the session + UserSession().logout(None) + + if self.next_login: + return self.redirect_to_path(self.next_login.path) + + # FIXME: show an error page instead + raise cherrypy.HTTPError(401) + + +class LoginPageBase(Page): + + def __init__(self, site, mgr): + super(LoginPageBase, self).__init__(site) + self.lm = mgr + + def root(self, *args, **kwargs): + raise cherrypy.HTTPError(500) + + +FACILITY = 'login_config' + + +class Login(Page): + + def __init__(self, *args, **kwargs): + super(Login, self).__init__(*args, **kwargs) + self.first_login = None + + loader = PluginLoader(Login, FACILITY, 'LoginManager') + self._site[FACILITY] = loader.get_plugin_data() + plugins = self._site[FACILITY] + + prev_obj = None + for item in plugins['available']: + self._log('Login plugin available: %s' % item) + if item not in plugins['whitelist']: + continue + self._log('Login plugin enabled: %s' % item) + plugins['enabled'].append(item) + obj = plugins['available'][item] + if prev_obj: + prev_obj.next_login = obj + else: + self.first_login = obj + prev_obj = obj + if item in plugins['config']: + obj.set_config(plugins['config'][item]) + self.__dict__[item] = obj.get_tree(self._site) + + def _log(self, fact): + if cherrypy.config.get('debug', False): + cherrypy.log(fact) + + def root(self, *args, **kwargs): + if self.first_login: + raise cherrypy.HTTPRedirect('%s/login/%s' % + (self.basepath, + self.first_login.path)) + return self._template('login/index.html', title='Login') + + +class Logout(Page): + + def root(self, *args, **kwargs): + UserSession().logout(self.user) + return self._template('logout.html', title='Logout') diff --git a/ipsilon/root.py b/ipsilon/root.py index e445dc5..30f6b43 100755 --- a/ipsilon/root.py +++ b/ipsilon/root.py @@ -18,9 +18,24 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. from ipsilon.util.page import Page +from ipsilon.login.common import Login +from ipsilon.login.common import Logout + +sites = dict() class Root(Page): + def __init__(self, site, template_env): + if not site in sites: + sites[site] = dict() + if template_env: + sites[site]['template_env'] = template_env + super(Root, self).__init__(sites[site]) + + # now set up the default login plugins + self.login = Login(self._site) + self.logout = Logout(self._site) + def root(self): return self._template('index.html', title='Root') diff --git a/ipsilon/util/page.py b/ipsilon/util/page.py index 18b5be2..0da0e37 100755 --- a/ipsilon/util/page.py +++ b/ipsilon/util/page.py @@ -17,45 +17,39 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -from ipsilon.util.user import User +from ipsilon.util.user import UserSession import cherrypy def protect(): - if cherrypy.request.login: - user = cherrypy.session.get('user', None) - if user == cherrypy.request.login: - return - else: - cherrypy.session.regenerate() - cherrypy.session['user'] = cherrypy.request.login + UserSession().remote_login() class Page(object): - def __init__(self, template_env): - self._env = template_env + def __init__(self, site): + if not 'template_env' in site: + raise ValueError('Missing template environment') + self._site = site self.basepath = cherrypy.config.get('base.mount', "") - self.username = None self.user = None def __call__(self, *args, **kwargs): # pylint: disable=star-args - self.username = cherrypy.session.get('user', None) - self.user = User(self.username) + self.user = UserSession().get_user() if len(args) > 0: op = getattr(self, args[0], None) if callable(op) and getattr(self, args[0]+'.exposed', None): - return op(args[1:], **kwargs) + return op(*args[1:], **kwargs) else: op = getattr(self, 'root', None) if callable(op): - return op(**kwargs) + return op(*args, **kwargs) return self.default(*args, **kwargs) def _template(self, *args, **kwargs): - t = self._env.get_template(args[0]) + t = self._site['template_env'].get_template(args[0]) return t.render(basepath=self.basepath, user=self.user, **kwargs) def default(self, *args, **kwargs): diff --git a/ipsilon/util/user.py b/ipsilon/util/user.py index ccca9fb..4f7df91 100755 --- a/ipsilon/util/user.py +++ b/ipsilon/util/user.py @@ -18,6 +18,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. from ipsilon.util.data import Store +import cherrypy class Site(object): @@ -40,6 +41,10 @@ class User(object): store = Store() return store.get_user_preferences(username) + def reset(self): + self.name = None + self._userdata = dict() + @property def is_admin(self): if 'is_admin' in self._userdata: @@ -78,3 +83,37 @@ class User(object): def sites(self): #TODO: implement setting sites via the user object ? raise AttributeError + + +class UserSession(object): + def __init__(self): + self.user = cherrypy.session.get('user', None) + + def get_user(self): + return User(self.user) + + def remote_login(self): + if cherrypy.request.login: + return self.login(cherrypy.request.login) + + def login(self, username): + if self.user == username: + return + + # REMOTE_USER changed, destroy old session and regenerate new + cherrypy.session.regenerate() + cherrypy.session['user'] = username + cherrypy.session.save() + + cherrypy.log('LOGIN SUCCESSFUL: %s', username) + + def logout(self, user): + if user is not None: + if not type(user) is User: + raise TypeError + # Completely reset user data + cherrypy.log.error('%s %s' % (user.name, user.fullname)) + user.reset() + + # Destroy current session in all cases + cherrypy.lib.sessions.expire() |