ipsilon.git/ipsilon/util, branch rowmagic The Ipsilon project Add options to explicitly set database uris during install 2015-03-30T18:20:11+00:00 Patrick Uiterwijk puiterwijk@redhat.com 2015-03-30T14:38:10+00:00 3fd51fe0d4593cdc39c28f11deafe27845f25584 Also offer the option to set the OpenID database URI during install https://fedorahosted.org/ipsilon/ticket/17 Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com> 
Also offer the option to set the OpenID database URI during install

https://fedorahosted.org/ipsilon/ticket/17

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Rob Crittenden <rcritten@redhat.com>
Set Cache-control on all generated pages, centralize in Endpoint 2015-03-19T20:57:55+00:00 Rob Crittenden rcritten@redhat.com 2015-03-16T20:31:55+00:00 83ec7148841303516fe31e76116b70c8a5f73aab See "Bindings for the OASIS Security Assertion Markup Language (SAML) V2.0" section 3.2.3.2. https://fedorahosted.org/ipsilon/ticket/7 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Nathan Kinder <nkinder@redhat.com> 
See "Bindings for the OASIS Security Assertion Markup Language (SAML)
V2.0" section 3.2.3.2.

https://fedorahosted.org/ipsilon/ticket/7

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Nathan Kinder <nkinder@redhat.com>
Save user attributes on subsequent calls to login. 2015-03-16T21:18:13+00:00 Rob Crittenden rcritten@redhat.com 2015-03-16T18:34:24+00:00 2667fc13306912d4a1481e495181679012255ef6 When a login comes in via the remote_login() call no user attributes are set. These may be later filled in by a subsequent call to login() after the info plugins are called but a short-circuit in that function exits if the user matches the current session. Add an extra conditional such that if the user matches, userattributes are passed in and the current user attributes for this user is empty then save the new data. https://fedorahosted.org/ipsilon/ticket/86 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Nathan Kinder <nkinder@redhat.com> 
When a login comes in via the remote_login() call no
user attributes are set. These may be later filled in by
a subsequent call to login() after the info plugins are
called but a short-circuit in that function exits if the
user matches the current session.

Add an extra conditional such that if the user matches,
userattributes are passed in and the current user attributes
for this user is empty then save the new data.

https://fedorahosted.org/ipsilon/ticket/86

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Nathan Kinder <nkinder@redhat.com>
Don't explicitly save sessions 2015-03-12T19:36:33+00:00 Nathan Kinder nkinder@redhat.com 2015-03-11T23:51:29+00:00 22e983978fcbd84896468017dd5bdacf8a18cf3c Saving a session causes it to be unlocked, but sessions have a hook that also performs a save just before the session is finalized. In CherryPy 3.3.0 and later, an assertion was added to ensure that a session is locked when trying to perform a save. Since we perform explicit saves in our code, this causes the assertion to be tripped when the hook executes. This patch removes our explicit save calls. We should rely on the hook to save and unlock the session. https://fedorahosted.org/ipsilon/ticket/84 Signed-off-by: Nathan Kinder <nkinder@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Saving a session causes it to be unlocked, but sessions have a
hook that also performs a save just before the session is finalized.
In CherryPy 3.3.0 and later, an assertion was added to ensure that
a session is locked when trying to perform a save.  Since we perform
explicit saves in our code, this causes the assertion to be tripped
when the hook executes.

This patch removes our explicit save calls.  We should rely on the
hook to save and unlock the session.

https://fedorahosted.org/ipsilon/ticket/84

Signed-off-by: Nathan Kinder <nkinder@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Proper fallback from referer to REQUEST_URI 2015-03-12T18:48:11+00:00 Simo Sorce simo@redhat.com 2015-03-12T17:51:04+00:00 078942b2cf6d73697f4c6b8a28cabe940f358532 If the referer is present but does not contain a transaction ID we still need to fallback to the REQUEST_URI. Fix the code to check the url and then fallback to REQUEST_URI rathe than decide upfront merely on the fact a referer is available. https://fedorahosted.org/ipsilon/ticket/74 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Nathan Kinder <nkinder@redhat.com> 
If the referer is present but does not contain a transaction ID we still
need to fallback to the REQUEST_URI. Fix the code to check the url and
then fallback to REQUEST_URI rathe than decide upfront merely on the
fact a referer is available.

https://fedorahosted.org/ipsilon/ticket/74

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Nathan Kinder <nkinder@redhat.com>
Find transaction ids for internal redirects 2015-03-06T20:15:31+00:00 Simo Sorce simo@redhat.com 2015-03-06T17:12:00+00:00 e0aa4f23846fa9f6bb0fb9eb021e930b035100eb On internal redirections, such as when ErrorDocument is used to redirect on failed negotiate authentication we need to look harder for the transaction id. Ticket: #74 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Nathan Kinder <nkinder@redhat.com> 
On internal redirections, such as when ErrorDocument is used to
redirect on failed negotiate authentication we need to look harder
for the transaction id.

Ticket: #74

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Nathan Kinder <nkinder@redhat.com>
Change root class of Page from Log to Endpoint 2015-02-27T21:05:00+00:00 Rob Crittenden rcritten@redhat.com 2015-02-25T15:13:26+00:00 075c3c53f72fde8e18af3f505249bef8812b7da3 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Low-level class for managing request endpoints 2015-02-27T21:04:13+00:00 Rob Crittenden rcritten@redhat.com 2015-02-20T15:57:32+00:00 a35c8bca80226a935dc5dab33e716e79ef820fd4 An Endpoint is different from a Page in that it doesn't have menus, templates, transactions, etc. It is only defines a URL that can be mounted. https://fedorahosted.org/ipsilon/ticket/38 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
An Endpoint is different from a Page in that it doesn't have menus,
templates, transactions, etc. It is only defines a URL that can be
mounted.

https://fedorahosted.org/ipsilon/ticket/38

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Make the configparser case sensitive. 2015-02-24T17:58:45+00:00 Patrick Uiterwijk puiterwijk@redhat.com 2015-02-24T16:48:24+00:00 4d234dc3956e8ac72d8e0eccc3c0d9594d1c85f8 Per the instructions of https://docs.python.org/2/library/configparser.html#ConfigParser.RawConfigParser.optionxform Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Per the instructions of
https://docs.python.org/2/library/configparser.html#ConfigParser.RawConfigParser.optionxform

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Make available case insensitive mapping matching 2015-02-24T15:58:25+00:00 Simo Sorce simo@redhat.com 2015-02-23T20:25:09+00:00 83f4cfcb6ee62348b25f0db9a771a10628fc57a6 If ignore_case is True then the incomping attributes are matched case-insensitively in the policy engine. The CAse of the incoming attribute is not changed on wildcard matches. On ther matches attributes will be replaced according to the mapping tables and the case used will be that of the mapped attributes. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com> 
If ignore_case is True then the incomping attributes are matched
case-insensitively in the policy engine.
The CAse of the incoming attribute is not changed on wildcard
matches. On ther matches attributes will be replaced according
to the mapping tables and the case used will be that of the
mapped attributes.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>