summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Move some exceptions into provider.commonSimo Sorce2014-10-242-15/+16
| | | | | | | | These are generically useful and can be rused as they are by other providers. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Fix storing info plugin status and orderSimo Sorce2014-10-242-22/+40
| | | | | | | | This is the same issue already resolved for the login plugins in commit a6ed2bba137df5fb8a9fb2931ccb2d92ca3fa0e0 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Add sqlalchemy dependency to contrib rpmSimo Sorce2014-10-091-0/+1
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Fix mod_auth_kerb based authenticationSimo Sorce2014-10-091-1/+5
| | | | | | | | Recent changes in how self.user is populated broke krb based auth. Explicitly check the remote user in the module to fix it. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* The quickrun workdir and cscope.out should be ignoredPatrick Uiterwijk2014-10-071-0/+2
| | | | | Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Add auto-auth requirement to all admin pagesSimo Sorce2014-10-075-18/+9
| | | | | | | | | | Instead ofhaving to explicitly decorate all methods with auth_protect() use the fact all pages go through Page.__call__ to conditionally check if the user is anoynous and set a default when instantiating AdminPage so that all admin pages require authentication. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Add AdminPage abstraction on top of util.PageSimo Sorce2014-10-076-18/+29
| | | | | | | | | | This is to allow different default headers between Admin pages and other pages. In particular we set no-caching headers to all admin pages to force browsers to refresh as often as possible. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Add way to set default headersSimo Sorce2014-10-071-0/+3
| | | | | | | | When a Page is called automatically sets default headers by adding headers on the default_headers variable. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Add pretty handler for 404Simo Sorce2014-10-074-1/+22
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Fix exposed functionsSimo Sorce2014-10-075-8/+8
| | | | | | | | | | | | The Page util is supposed to intercept and enable exposed pages on its own so that additional functions can be run in the generic __call__ Fix the code to check for the function argument correctly and use a different argument than the standard cherrypy one for admin pages so that we do actually land in the Page.__call__ all the time for those pages. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Fix make cscope and cleanSimo Sorce2014-10-071-1/+2
| | | | | | | clean should clean more and cscope should not try to read an unexisting file. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Redirect anonymous users awaySimo Sorce2014-10-065-3/+24
| | | | | | | | | It makes no sense to let anonymous users interact with the admin pages so tighten up access and redirect away users that have no rights. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Additional data store refactoringSimo Sorce2014-10-061-170/+153
| | | | | | | | | | | Use sqlalchemy to access Sql databases, which are the only implemented database backends for now. If no database type is specified we assume a sqlite3 database file path is configured (this is backwards compatible with current configuration statements) Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Fix storing login plugin status and orderSimo Sorce2014-10-061-6/+25
| | | | | | | | | | | | When plugins were enabled or disabled their status was not stored in the database, unless the order was explicitly manipulated. Moreover if the order was changed that fact would not be refrlected in the actual authntication order until a restart. Fix the code to always permanently store the enabled/disabled status, and to immediately change the authentication order. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Move wipe_data into Store() as reset_dataSimo Sorce2014-10-061-15/+19
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Databases must be configured in cherrypy.configSimo Sorce2014-10-061-34/+8
| | | | | | | | There was annoying duplicated init code in the data store classes that was unused. Just require configuration to be present in cherrypy.config or bail. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Remove unused dependencySimo Sorce2014-10-061-3/+1
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Provide cleanup switch to quickrunSimo Sorce2014-10-061-0/+7
| | | | | | | Easier to wipe old test and start with fresh data for a quickrun Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Use installation template in quickrunSimo Sorce2014-10-061-27/+10
| | | | | | | | Instead of using a duplicate use installation template so there is less risk of forgetting something in either. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Add make cscope targetSimo Sorce2014-10-061-1/+4
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Add transactions db default pathsSimo Sorce2014-10-062-1/+6
| | | | | | | Fixes installation and quickrun Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Make Transaction code more robustSimo Sorce2014-10-061-6/+8
| | | | | | | | Avoid raising exceptions when transactions are not found, just return no cookies or empty dicts with no transactions in them. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Fix transaction handling in providersSimo Sorce2014-10-062-3/+6
| | | | | | | | | | | | When a provider redirects to the login code, it must retain 'ownership' of the transaction, otherwise the login code will wipe the transaction data as sson as the authentication is completed but before the provider has completed its part of the transaction. Make sure the transaction code retrieves the 'owner' from the data for pre-existing transactions. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Fix login session's userdata acquisitionSimo Sorce2014-10-061-1/+3
| | | | | | | | | With the transaction code changes th session.login() function was incorrectly moved before all the userdata was gathered. An incomplete set was stored in the session. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Add testdir/ to gitignore.Patrick Uiterwijk2014-09-241-0/+1
| | | | | Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Add very simple LDAP authentication pluginSimo Sorce2014-09-242-0/+393
| | | | | | | | Uses python-ldap to perform a simple bind after connecting to the LDAP server using (by default) a TLS encrypted connection. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Test transactions code with full redirect loginSimo Sorce2014-09-242-0/+141
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Use transactions throughout the codeSimo Sorce2014-09-2411-45/+106
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Add transactions supportSimo Sorce2014-09-242-0/+89
| | | | | | | | | | | | In some cases a user may end up having multiple login pags in diffeent tabs in the borwser (session restore after a crash, or simply opening multiple urls which all redirect to the same IdP). Without transactions multiple authentication requests in fly may step on each other causing potentially all of them to fail to properly authenticate and redirect back to the original web site. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Refactor the data store a bitSimo Sorce2014-09-246-330/+251
| | | | | | | | | | | Reduce code duplication, and clearly separates admin and user dbs. Move plugin wrapper away and let plugin code use native functions. This patch also changes the indexed data to use a uuid and assumes 2 identical uuid cannot be created concurrently. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Add abstraction class to handle cookiesSimo Sorce2014-09-243-9/+78
| | | | | | | This handles secure cokies with useful helpers and defaults. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Add Info providers Admin pagesSimo Sorce2014-09-248-6/+229
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Add test that checks attrs are properly returnedSimo Sorce2014-09-242-0/+162
| | | | | | | Uses the info_nss module to source attirbutes from the system user Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Add support for returning user attributesSimo Sorce2014-09-242-1/+37
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Add Info Provider plugin frameworkSimo Sorce2014-09-246-1/+147
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Add error log facility to Log utilitySimo Sorce2014-09-241-1/+6
| | | | | | | Also improve debug errors by adding the originating function Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Add proper ordering to login plugins config optsSimo Sorce2014-09-243-0/+6
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Allow plugins to determine config options orderSimo Sorce2014-09-242-2/+17
| | | | | | | | Ordering may also be partial, for any option not specified they will be appended in lexycographic order. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Remove service name from the form pluginSimo Sorce2014-09-241-9/+1
| | | | | | | | | When using the external apache modules for form based authentication, the pam service name is set in the apache config files and cannot be dynamically changed, do not offr it as a configuration option. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Use an instance specific session id cookie nameSimo Sorce2014-09-241-0/+1
| | | | | | | Avoids issues if multiple instances are used on the same server Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Confine session to the instanceSimo Sorce2014-09-241-0/+1
| | | | | | | Set session path so that the session is sent only for the specific instance Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Use helper cookie to remember the usernameSimo Sorce2014-09-245-5/+29
| | | | | | | | | This makes the login page a lot more friendy Available only over HTTPS Max age set to 15 days Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Create common form handler pageSimo Sorce2014-09-245-119/+50
| | | | | | | Reduce duplication Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Rename form login pageSimo Sorce2014-09-244-5/+5
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Remove unused option from the FAS login pluginSimo Sorce2014-09-241-10/+0
| | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Handle the presence of additional form fieldsSimo Sorce2014-09-241-3/+10
| | | | | | | | For exampe hidden fields which must be preserved and POSTed back to the action url. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Cast db value to string before comparisonSimo Sorce2014-09-241-1/+1
| | | | | | | | Avoid false negatives when the sqlite3 db is 'smart' and automatically converts the type to integer. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Allow deferred initialization of providersSimo Sorce2014-09-243-24/+45
| | | | | | | This fixes enabling a provider after the sever is started. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Do not reprovision if conf is already availableSimo Sorce2014-09-241-18/+23
| | | | | | | Also use a more meaningful directory name by default Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
* Declare admin attributeSimo Sorce2014-09-241-0/+1
| | | | | | | Makes lint happier Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
generated by cgit (git 2.34.1) at 2024-05-10 20:47:58 +0000