ipsilon.git/ipsilon/util, branch preconf The Ipsilon project Drop usage of self._debug and use self.debug instead 2015-05-05T18:32:24+00:00 Rob Crittenden rcritten@redhat.com 2015-04-29T17:57:34+00:00 158c4cdefc0bd5b8dabe38685c1bebccc24d656b This method was deprecated but still used in a lot of places. https://fedorahosted.org/ipsilon/ticket/120 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
This method was deprecated but still used in a lot of places.

https://fedorahosted.org/ipsilon/ticket/120

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Disallow iframes via X-Frame-Options and CSP by default 2015-04-24T17:10:34+00:00 Rob Crittenden rcritten@redhat.com 2015-04-23T20:42:27+00:00 44f663ac7dc5a6f28b25b083a21f6d9e912cff92 A decorator, allow_iframe, is also created so that specific pages can remove the deny values and allow operating within a frame. The Persona plugin relies on iframes and uses this decorator for all endpoints. https://fedorahosted.org/ipsilon/ticket/15 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com> 
A decorator, allow_iframe, is also created so that specific
pages can remove the deny values and allow operating within
a frame.

The Persona plugin relies on iframes and uses this decorator
for all endpoints.

https://fedorahosted.org/ipsilon/ticket/15

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Close database sesssions 2015-04-15T14:35:04+00:00 Patrick Uiterwijk puiterwijk@redhat.com 2015-04-14T11:00:25+00:00 800b39df6e2c65fa06a0d5da48002bb26b83b435 This will close any opened database sessions at the end of the request. https://fedorahosted.org/ipsilon/ticket/110 Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com> 
This will close any opened database sessions at the end
of the request.

https://fedorahosted.org/ipsilon/ticket/110

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>
The last allowed/mapping rule can be removed in SPs 2015-04-10T14:41:09+00:00 Rob Crittenden rcritten@redhat.com 2015-04-08T20:13:55+00:00 348fcbcbaf5c686cdb077c9bed53ded95ad04b49 If you created rule(s) in an SP for either allowed attributes or attribute mapping there was no way to remove the last rule meaning it could never go back to use the global defaults. https://fedorahosted.org/ipsilon/ticket/25 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
If you created rule(s) in an SP for either allowed attributes or
attribute mapping there was no way to remove the last rule meaning
it could never go back to use the global defaults.

https://fedorahosted.org/ipsilon/ticket/25

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Rename and move PluginConfig to ConfigHelper 2015-04-10T14:38:15+00:00 Rob Crittenden rcritten@redhat.com 2015-04-08T13:44:14+00:00 434bffc3b1ab4a74f0f23508e624e7427987aaf8 The configuration class was originally intended to be tied. At this point it is quite generic and useful outside of plugins. Rename it to something more generic and move it into the config module. https://fedorahosted.org/ipsilon/ticket/25 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
The configuration class was originally intended to be tied. At this
point it is quite generic and useful outside of plugins. Rename
it to something more generic and move it into the config module.

https://fedorahosted.org/ipsilon/ticket/25

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Add options to explicitly set database uris during install 2015-03-30T18:20:11+00:00 Patrick Uiterwijk puiterwijk@redhat.com 2015-03-30T14:38:10+00:00 3fd51fe0d4593cdc39c28f11deafe27845f25584 Also offer the option to set the OpenID database URI during install https://fedorahosted.org/ipsilon/ticket/17 Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com> 
Also offer the option to set the OpenID database URI during install

https://fedorahosted.org/ipsilon/ticket/17

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>
Set Cache-control on all generated pages, centralize in Endpoint 2015-03-19T20:57:55+00:00 Rob Crittenden rcritten@redhat.com 2015-03-16T20:31:55+00:00 83ec7148841303516fe31e76116b70c8a5f73aab See "Bindings for the OASIS Security Assertion Markup Language (SAML) V2.0" section 3.2.3.2. https://fedorahosted.org/ipsilon/ticket/7 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Nathan Kinder <nkinder@redhat.com> 
See "Bindings for the OASIS Security Assertion Markup Language (SAML)
V2.0" section 3.2.3.2.

https://fedorahosted.org/ipsilon/ticket/7

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Nathan Kinder <nkinder@redhat.com>
Save user attributes on subsequent calls to login. 2015-03-16T21:18:13+00:00 Rob Crittenden rcritten@redhat.com 2015-03-16T18:34:24+00:00 2667fc13306912d4a1481e495181679012255ef6 When a login comes in via the remote_login() call no user attributes are set. These may be later filled in by a subsequent call to login() after the info plugins are called but a short-circuit in that function exits if the user matches the current session. Add an extra conditional such that if the user matches, userattributes are passed in and the current user attributes for this user is empty then save the new data. https://fedorahosted.org/ipsilon/ticket/86 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Nathan Kinder <nkinder@redhat.com> 
When a login comes in via the remote_login() call no
user attributes are set. These may be later filled in by
a subsequent call to login() after the info plugins are
called but a short-circuit in that function exits if the
user matches the current session.

Add an extra conditional such that if the user matches,
userattributes are passed in and the current user attributes
for this user is empty then save the new data.

https://fedorahosted.org/ipsilon/ticket/86

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Nathan Kinder <nkinder@redhat.com>
Don't explicitly save sessions 2015-03-12T19:36:33+00:00 Nathan Kinder nkinder@redhat.com 2015-03-11T23:51:29+00:00 22e983978fcbd84896468017dd5bdacf8a18cf3c Saving a session causes it to be unlocked, but sessions have a hook that also performs a save just before the session is finalized. In CherryPy 3.3.0 and later, an assertion was added to ensure that a session is locked when trying to perform a save. Since we perform explicit saves in our code, this causes the assertion to be tripped when the hook executes. This patch removes our explicit save calls. We should rely on the hook to save and unlock the session. https://fedorahosted.org/ipsilon/ticket/84 Signed-off-by: Nathan Kinder <nkinder@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Saving a session causes it to be unlocked, but sessions have a
hook that also performs a save just before the session is finalized.
In CherryPy 3.3.0 and later, an assertion was added to ensure that
a session is locked when trying to perform a save.  Since we perform
explicit saves in our code, this causes the assertion to be tripped
when the hook executes.

This patch removes our explicit save calls.  We should rely on the
hook to save and unlock the session.

https://fedorahosted.org/ipsilon/ticket/84

Signed-off-by: Nathan Kinder <nkinder@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Proper fallback from referer to REQUEST_URI 2015-03-12T18:48:11+00:00 Simo Sorce simo@redhat.com 2015-03-12T17:51:04+00:00 078942b2cf6d73697f4c6b8a28cabe940f358532 If the referer is present but does not contain a transaction ID we still need to fallback to the REQUEST_URI. Fix the code to check the url and then fallback to REQUEST_URI rathe than decide upfront merely on the fact a referer is available. https://fedorahosted.org/ipsilon/ticket/74 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Nathan Kinder <nkinder@redhat.com> 
If the referer is present but does not contain a transaction ID we still
need to fallback to the REQUEST_URI. Fix the code to check the url and
then fallback to REQUEST_URI rathe than decide upfront merely on the
fact a referer is available.

https://fedorahosted.org/ipsilon/ticket/74

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Nathan Kinder <nkinder@redhat.com>