diff options
author | Simo Sorce <simo@redhat.com> | 2014-10-27 11:25:46 -0400 |
---|---|---|
committer | Patrick Uiterwijk <puiterwijk@redhat.com> | 2014-11-12 23:47:25 +0100 |
commit | b7b80c5c0fc1895e85aae3acbfcbbc593a42697f (patch) | |
tree | 530512524a374059a9648ace99c56146af95bf4d /ipsilon/providers | |
parent | c6b167fcf290c415b8d1903237fb5405b7213405 (diff) | |
download | ipsilon-b7b80c5c0fc1895e85aae3acbfcbbc593a42697f.tar.gz ipsilon-b7b80c5c0fc1895e85aae3acbfcbbc593a42697f.tar.xz ipsilon-b7b80c5c0fc1895e85aae3acbfcbbc593a42697f.zip |
Refactor plugin initialization and enablement
Move most plugin enablement and initialization code in plugin.py to
reduce code duplication and simplify and unifify plugin enablement
for all base plugin types (login, info, providers).
This patch breaks backwards compatibility as it changes how the list
of enabled plugins is stored in the database tables.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Diffstat (limited to 'ipsilon/providers')
-rwxr-xr-x | ipsilon/providers/common.py | 80 | ||||
-rwxr-xr-x | ipsilon/providers/openid/extensions/ax.py | 2 | ||||
-rwxr-xr-x | ipsilon/providers/openid/extensions/cla.py | 2 | ||||
-rwxr-xr-x | ipsilon/providers/openid/extensions/common.py | 16 | ||||
-rwxr-xr-x | ipsilon/providers/openid/extensions/fas_teams.py | 2 | ||||
-rwxr-xr-x | ipsilon/providers/openid/extensions/sreg.py | 2 | ||||
-rwxr-xr-x | ipsilon/providers/openid/extensions/teams.py | 2 | ||||
-rwxr-xr-x | ipsilon/providers/openidp.py | 31 | ||||
-rwxr-xr-x | ipsilon/providers/saml2idp.py | 29 |
9 files changed, 64 insertions, 102 deletions
diff --git a/ipsilon/providers/common.py b/ipsilon/providers/common.py index ead50e2..03118ae 100755 --- a/ipsilon/providers/common.py +++ b/ipsilon/providers/common.py @@ -51,68 +51,29 @@ class InvalidRequest(ProviderException): class ProviderBase(PluginConfig, PluginObject): - def __init__(self, name, path): + def __init__(self, name, path, *pargs): PluginConfig.__init__(self) - PluginObject.__init__(self) + PluginObject.__init__(self, *pargs) self.name = name + self._root = None self.path = path self.tree = None - self.is_enabled = False - - def on_enable(self): - # this one does nothing - # derived classes can override with custom behavior - return def get_tree(self, site): raise NotImplementedError - def register(self, site): - if self.tree: - # already registered - return - - # configure self - plugins = site[FACILITY] - if self.name in plugins['config']: - self.import_config(plugins['config'][self.name]) + def register(self, root, site): + self._root = root # init pages and admin interfaces self.tree = self.get_tree(site) - self._debug('IdP Provider registered: %s' % self.name) - if self.get_config_value('enabled') is True: - # and enable self - self._enable(site) - - def _enable(self, site): - root = site[FACILITY]['root'] - root.add_subtree(self.name, self.tree) - self._debug('IdP Provider enabled: %s' % self.name) - self.is_enabled = True - self.on_enable() - - def enable(self, site): - if self.is_enabled: - return - - self._enable(site) - self.set_config_value('enabled', True) - self.save_plugin_config(FACILITY) - - def disable(self, site): - if not self.is_enabled: - return - - # remove self to the root - root = site[FACILITY]['root'] - root.del_subtree(self.name) + def on_enable(self): + self._root.add_subtree(self.name, self.tree) - self.is_enabled = False - self.set_config_value('enabled', False) - self.save_plugin_config(FACILITY) - self._debug('IdP Provider disabled: %s' % self.name) + def on_disable(self): + self._root.del_subtree(self.name) class ProviderPageBase(Page): @@ -155,21 +116,26 @@ FACILITY = 'provider_config' class LoadProviders(Log): def __init__(self, root, site): - loader = PluginLoader(LoadProviders, FACILITY, 'IdpProvider') - site[FACILITY] = loader.get_plugin_data() - providers = site[FACILITY] + plugins = PluginLoader(LoadProviders, FACILITY, 'IdpProvider') + plugins.get_plugin_data() + site[FACILITY] = plugins - available = providers['available'].keys() + available = plugins.available.keys() self._debug('Available providers: %s' % str(available)) - providers['root'] = root - for item in providers['available']: - plugin = providers['available'][item] - plugin.register(site) + for item in plugins.available: + plugin = plugins.available[item] + plugin.register(root, site) + + for item in plugins.enabled: + self._debug('Provider plugin in enabled list: %s' % item) + if item not in plugins.available: + continue + plugins.available[item].enable() class ProvidersInstall(object): def __init__(self): - pi = PluginInstaller(ProvidersInstall) + pi = PluginInstaller(ProvidersInstall, FACILITY) self.plugins = pi.get_plugins() diff --git a/ipsilon/providers/openid/extensions/ax.py b/ipsilon/providers/openid/extensions/ax.py index 7daa52a..d00a4fc 100755 --- a/ipsilon/providers/openid/extensions/ax.py +++ b/ipsilon/providers/openid/extensions/ax.py @@ -28,7 +28,7 @@ AP_MAP = { class OpenidExtension(OpenidExtensionBase): - def __init__(self): + def __init__(self, *pargs): super(OpenidExtension, self).__init__('Attribute Exchange') self.type_uris = [ ax.AXMessage.ns_uri, diff --git a/ipsilon/providers/openid/extensions/cla.py b/ipsilon/providers/openid/extensions/cla.py index cc4d11d..481f341 100755 --- a/ipsilon/providers/openid/extensions/cla.py +++ b/ipsilon/providers/openid/extensions/cla.py @@ -10,7 +10,7 @@ from openid_cla import cla class OpenidExtension(OpenidExtensionBase): - def __init__(self): + def __init__(self, *pargs): super(OpenidExtension, self).__init__('CLAs') self.type_uris = [ cla.cla_uri, diff --git a/ipsilon/providers/openid/extensions/common.py b/ipsilon/providers/openid/extensions/common.py index 804f695..02cd1a0 100755 --- a/ipsilon/providers/openid/extensions/common.py +++ b/ipsilon/providers/openid/extensions/common.py @@ -50,22 +50,20 @@ FACILITY = 'openid_extensions' class LoadExtensions(Log): def __init__(self): - loader = PluginLoader(LoadExtensions, FACILITY, 'OpenidExtension') - self.plugins = loader.get_plugin_data() + self.plugins = PluginLoader(LoadExtensions, + FACILITY, 'OpenidExtension') + self.plugins.get_plugin_data() - available = self.plugins['available'].keys() + available = self.plugins.available.keys() self._debug('Available Extensions: %s' % str(available)) def enable(self, enabled): for item in enabled: - if item not in self.plugins['available']: + if item not in self.plugins.available: self.debug('<%s> not available' % item) continue self.debug('Enable OpenId extension: %s' % item) - self.plugins['available'][item].enable() + self.plugins.available[item].enable() def available(self): - available = self.plugins['available'] - if available is None: - available = dict() - return available + return self.plugins.available diff --git a/ipsilon/providers/openid/extensions/fas_teams.py b/ipsilon/providers/openid/extensions/fas_teams.py index fd9dd27..4de2e83 100755 --- a/ipsilon/providers/openid/extensions/fas_teams.py +++ b/ipsilon/providers/openid/extensions/fas_teams.py @@ -10,7 +10,7 @@ from openid_teams import teams class OpenidExtension(Teams): - def __init__(self): + def __init__(self, *pargs): super(OpenidExtension, self).__init__('Fedora Teams') def _resp(self, request, userdata): diff --git a/ipsilon/providers/openid/extensions/sreg.py b/ipsilon/providers/openid/extensions/sreg.py index a2b4db7..e1144fc 100755 --- a/ipsilon/providers/openid/extensions/sreg.py +++ b/ipsilon/providers/openid/extensions/sreg.py @@ -10,7 +10,7 @@ from openid.extensions import sreg class OpenidExtension(OpenidExtensionBase): - def __init__(self): + def __init__(self, *pargs): super(OpenidExtension, self).__init__('Simple Registration') self.type_uris = [ sreg.ns_uri_1_1, diff --git a/ipsilon/providers/openid/extensions/teams.py b/ipsilon/providers/openid/extensions/teams.py index 50c09af..258a437 100755 --- a/ipsilon/providers/openid/extensions/teams.py +++ b/ipsilon/providers/openid/extensions/teams.py @@ -34,5 +34,5 @@ class Teams(OpenidExtensionBase): class OpenidExtension(Teams): - def __init__(self): + def __init__(self, *pargs): super(OpenidExtension, self).__init__('Teams') diff --git a/ipsilon/providers/openidp.py b/ipsilon/providers/openidp.py index 197b1cf..335b41b 100755 --- a/ipsilon/providers/openidp.py +++ b/ipsilon/providers/openidp.py @@ -5,7 +5,6 @@ from __future__ import absolute_import from ipsilon.providers.common import ProviderBase -from ipsilon.providers.common import FACILITY from ipsilon.providers.openid.auth import OpenID from ipsilon.providers.openid.extensions.common import LoadExtensions from ipsilon.util.plugin import PluginObject @@ -19,8 +18,8 @@ from openid.store.memstore import MemoryStore class IdpProvider(ProviderBase): - def __init__(self): - super(IdpProvider, self).__init__('openid', 'openid') + def __init__(self, *pargs): + super(IdpProvider, self).__init__('openid', 'openid', *pargs) self.mapping = InfoMapping() self.page = None self.server = None @@ -55,10 +54,6 @@ Provides OpenID 2.0 authentication infrastructure. """ 'enabled extensions', 'Choose the extensions to enable', self.extensions.available().keys()), - pconfig.Condition( - 'enabled', - 'Whether the OpenID IDP is enabled', - False) ) @property @@ -99,10 +94,10 @@ Provides OpenID 2.0 authentication infrastructure. """ # self.admin = AdminPage(site, self) # Expose OpenID presence in the root - headers = site[FACILITY]['root'].default_headers + headers = self._root.default_headers headers['X-XRDS-Location'] = self.endpoint_url+'XRDS' - html_heads = site[FACILITY]['root'].html_heads + html_heads = self._root.html_heads HEAD_LINK = '<link rel="%s" href="%s">' openid_heads = [HEAD_LINK % ('openid2.provider', self.endpoint_url), HEAD_LINK % ('openid.server', self.endpoint_url)] @@ -114,15 +109,17 @@ Provides OpenID 2.0 authentication infrastructure. """ self.server = Server(MemoryStore(), op_endpoint=self.endpoint_url) def on_enable(self): + super(IdpProvider, self).on_enable() self.init_idp() self.extensions.enable(self._config['enabled extensions'].get_value()) class Installer(object): - def __init__(self): + def __init__(self, *pargs): self.name = 'openid' self.ptype = 'provider' + self.pargs = pargs def install_args(self, group): group.add_argument('--openid', choices=['yes', 'no'], default='yes', @@ -139,12 +136,14 @@ class Installer(object): proto, opts['hostname'], opts['instance']) # Add configuration data to database - po = PluginObject() + po = PluginObject(*self.pargs) po.name = 'openid' po.wipe_data() - - po.wipe_config_values(FACILITY) + po.wipe_config_values() config = {'endpoint url': url, - 'identity_url_template': '%sid/%%(username)s' % url, - 'enabled': '1'} - po.save_plugin_config(FACILITY, config) + 'identity_url_template': '%sid/%%(username)s' % url} + po.save_plugin_config(config) + + # Update global config to add login plugin + po.is_enabled = True + po.save_enabled_state() diff --git a/ipsilon/providers/saml2idp.py b/ipsilon/providers/saml2idp.py index 8896e16..b0f4304 100755 --- a/ipsilon/providers/saml2idp.py +++ b/ipsilon/providers/saml2idp.py @@ -18,7 +18,6 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. from ipsilon.providers.common import ProviderBase, ProviderPageBase -from ipsilon.providers.common import FACILITY from ipsilon.providers.saml2.auth import AuthenticateRequest from ipsilon.providers.saml2.admin import Saml2AdminPage from ipsilon.providers.saml2.provider import IdentityProvider @@ -119,8 +118,8 @@ class SAML2(ProviderPageBase): class IdpProvider(ProviderBase): - def __init__(self): - super(IdpProvider, self).__init__('saml2', 'saml2') + def __init__(self, *pargs): + super(IdpProvider, self).__init__('saml2', 'saml2', *pargs) self.admin = None self.page = None self.idp = None @@ -163,10 +162,6 @@ Provides SAML 2.0 authentication infrastructure. """ 'default email domain', 'Used for users missing the email property.', 'example.com'), - pconfig.Condition( - 'enabled', - 'Whether the SAML IDP is enabled', - False) ) if cherrypy.config.get('debug', False): import logging @@ -242,7 +237,8 @@ Provides SAML 2.0 authentication infrastructure. """ return idp def on_enable(self): - self.init_idp() + super(IdpProvider, self).on_enable() + self.idp = self.init_idp() if hasattr(self, 'admin'): if self.admin: self.admin.add_sps() @@ -250,9 +246,10 @@ Provides SAML 2.0 authentication infrastructure. """ class Installer(object): - def __init__(self): + def __init__(self, *pargs): self.name = 'saml2' self.ptype = 'provider' + self.pargs = pargs def install_args(self, group): group.add_argument('--saml2', choices=['yes', 'no'], default='yes', @@ -297,17 +294,19 @@ class Installer(object): meta.output(os.path.join(path, 'metadata.xml')) # Add configuration data to database - po = PluginObject() + po = PluginObject(*self.pargs) po.name = 'saml2' po.wipe_data() - - po.wipe_config_values(FACILITY) + po.wipe_config_values() config = {'idp storage path': path, 'idp metadata file': 'metadata.xml', 'idp certificate file': cert.cert, - 'idp key file': cert.key, - 'enabled': '1'} - po.save_plugin_config(FACILITY, config) + 'idp key file': cert.key} + po.save_plugin_config(config) + + # Update global config to add login plugin + po.is_enabled = True + po.save_enabled_state() # Fixup permissions so only the ipsilon user can read these files files.fix_user_dirs(path, opts['system_user']) |