1 files changed, 118 insertions, 0 deletions

diff --git a/ipa-server/ipa-gui/ipagui/proxyprovider.py b/ipa-server/ipa-gui/ipagui/proxyprovider.py
new file mode 100644
index 00000000..12519880
--- /dev/null
+++ b/ipa-server/ipa-gui/ipagui/proxyprovider.py
@@ -0,0 +1,118 @@
+from turbogears.identity.soprovider import *
+from turbogears.identity.visitor import *
+import logging
+
+log = logging.getLogger("turbogears.identity")
+
+class IPA_User(object):
+    '''
+    Shell of a User definition. We don't really need much here.
+    '''
+
+    def __init__(self, user_name):
+        self.user_name = user_name
+        self.display_name = user_name
+        self.permissions = None
+        self.groups = None
+        return
+
+class ProxyIdentity(object):
+    def __init__(self, visit_key, user=None):
+        if user:
+            self._user= user
+        self.visit_key= visit_key
+   
+    def _get_user(self):
+        try:
+            return self._user
+        except AttributeError:
+            # User hasn't already been set
+            return None
+    user= property(_get_user)
+
+    def _get_user_name(self):
+        if not self.user:
+            return None
+        return self.user.user_name
+    user_name= property(_get_user_name)
+
+    def _get_name(self):
+        if not self.user:
+            return None
+        return self.user.name
+    user_name= property(_get_name)
+
+    def _get_anonymous(self):
+        return not self.user
+    anonymous= property(_get_anonymous)
+
+    def _get_permissions(self):
+        try:
+            return self._permissions
+        except AttributeError:
+            # Permissions haven't been computed yet
+            return None
+    permissions= property(_get_permissions)
+
+    def _get_groups(self):
+        try:
+            return self._groups
+        except AttributeError:
+            # Groups haven't been computed yet
+            return None
+    groups= property(_get_groups)
+
+    def logout(self):
+        '''
+        Remove the link between this identity and the visit.
+        '''
+        # Clear the current identity
+        anon= ProxyObjectIdentity(None,None)
+        #XXX if user is None anonymous will be true, no need to set attr.
+        #anon.anonymous= True
+        identity.set_current_identity( anon )
+
+class ProxyIdentityProvider(SqlObjectIdentityProvider):
+    '''
+    IdentityProvider that uses REMOTE_USER from Apache
+    '''
+    def __init__(self):
+        super(ProxyIdentityProvider, self).__init__()
+        get = turbogears.config.get
+        # We can get any config variables here
+        log.info( "Proxy Identity starting" )
+
+    def create_provider_model(self):
+        pass
+
+    def validate_identity(self, user_name, password, visit_key):
+        user = IPA_User(user_name)
+        log.debug( "validate_identity %s" % user_name)
+  
+        return ProxyIdentity(visit_key, user)
+
+    def validate_password(self, user, user_name, password):
+        '''Validation has already occurred in the proxy'''
+        return True
+
+    def load_identity(self, visit_key):
+        try:
+#            user_name= cherrypy.request.headers['X-FORWARDED-USER']
+             user_name= "test@FREEIPA.ORG"
+        except KeyError:
+            return None
+        set_login_attempted( True )
+        return self.validate_identity( user_name, None, visit_key )
+
+    def anonymous_identity( self ):
+        '''
+        This shouldn't ever happen in IPA but including it to include the
+        entire identity API.
+        '''
+        return ProxyIdentity( None )
+
+    def authenticated_identity(self, user):
+        '''
+        Constructs Identity object for user that has no associated visit_key.
+        '''
+        return ProxyIdentity(None, user)