summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorroot <root@adelauth>2008-10-23 09:37:53 (GMT)
committerroot <root@adelauth>2008-10-23 09:37:53 (GMT)
commitaa2bdf229959130bac14778c0c999246cff3ac27 (patch)
tree660ba5805d3ba58bac4e7d1701c7036c25e8a52a
parentd0e4936cbce3d7ae213650afad936d555353f40f (diff)
downloadauthentic-adeline-aa2bdf229959130bac14778c0c999246cff3ac27.zip
authentic-adeline-aa2bdf229959130bac14778c0c999246cff3ac27.tar.gz
authentic-adeline-aa2bdf229959130bac14778c0c999246cff3ac27.tar.bz2
* extra/modules/liberty.py:
- add timeout parameter to soap_call function, default = 240s - escape content of SoapFault/Detail relaying python exceptions - handle desynchronization of state of federation: - if asking for creation when on already exist, switch automatically to requesting, - if asking for an existing federation switch to creation. - rework user clicking 'Back' (or MSP refusing to authenticate us): - when user click 'Back' on msp page, return to /login if not logged locally else return to '/'. - replace authentic original soap_call function with the authentic-adeline version - add printing of reponse, destination url and timing of soap calls
-rw-r--r--extra/modules/liberty.py105
1 files changed, 74 insertions, 31 deletions
diff --git a/extra/modules/liberty.py b/extra/modules/liberty.py
index 9e9425d..eab6057 100644
--- a/extra/modules/liberty.py
+++ b/extra/modules/liberty.py
@@ -6,6 +6,8 @@ import Cookie
import StringIO
import cgi
import traceback
+import socket
+import xml.sax.saxutils
import lasso
@@ -116,38 +118,64 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
try:
login.processResponseMsg(soap_answer)
except lasso.Error, error:
+ # Traitement d'une demande de federation existante
+ # apres d├ęsynchro, on recree a la volee
if error[0] == lasso.LOGIN_ERROR_FEDERATION_NOT_FOUND:
t = self.proxy_auth_federation_not_found(login)
if t:
return t
- if error[0] != lasso.LOGIN_ERROR_UNKNOWN_PRINCIPAL:
- try:
- msg = login.response.status.statusMessage
- return template.error_page(_('Response is not Success (%s)') % msg)
- except:
- pass
- if error[0] == lasso.PROFILE_ERROR_INVALID_MSG:
- print 'Received invalid SOAP answer when resolving artifact: \'%s\'' % soap_answer
- raise error
- t = self.proxy_auth_peer_cancelled(login)
- if t:
- return t
- session = get_session()
- if not session.lasso_login_dump:
- # probably user clicked on "back" on MSP (see bug 138)
get_response().expire_cookie('msp-user',
domain = get_publisher().config.session_cookie_domain,
path = '/')
- return redirect('/login')
- login = lasso.Login.newFromDump(authentic.misc.get_lasso_server(),
- session.lasso_login_dump)
- session.lasso_login_dump = None
- return self.sso_after_authentication(login, False, proxied = True)
+ return redirect('/federate_msp')
+ # Traitement particulie pour le cas d'une demande de creation
+ # alors que la federation existe
+ if error[0] == lasso.LOGIN_ERROR_STATUS_NOT_SUCCESS and\
+ login.response.status and\
+ login.response.status.statusCode and\
+ login.response.status.statusCode.statusCode and\
+ login.response.status.statusCode.statusCode.statusCode and\
+ login.response.status.statusCode.statusCode.statusCode.value == 'msp:AlreadyFederated':
+ print 'Interception already federated'
+ return redirect('/login_msp')
+
+ if error[0] == lasso.LOGIN_ERROR_UNKNOWN_PRINCIPAL:
+ get_response().expire_cookie('msp-user',
+ domain = get_publisher().config.session_cookie_domain,
+ path = '/')
+ if not session.lasso_login_dump:
+ # probably user clicked on "back" on MSP (see bug 138)
+ if not session.user:
+ return redirect('/login')
+ else:
+ try:
+ msg = login.response.status.statusMessage
+ return template.error_page(_('Response is not Success (%s)') % msg, continue_to=('/', _('Home')))
+ except:
+ return redirect('/')
+ login = lasso.Login.newFromDump(authentic.misc.get_lasso_server(),
+ session.lasso_login_dump)
+ session.lasso_login_dump = None
+ return self.sso_after_authentication(login, False, proxied = True)
+
+ try:
+ msg = login.response.status.statusMessage
+ return template.error_page(_('Response is not Success (%s)') % msg, continue_to=('/', _('Home')))
+ except:
+ pass
+ if error[0] == lasso.PROFILE_ERROR_INVALID_MSG:
+ print 'Received invalid SOAP answer when resolving artifact: \'%s\'' % soap_answer
+ raise error
+
+ t = self.proxy_auth_peer_cancelled(login)
+ if t:
+ return t
+
else:
self.proxy_auth_ok(login)
else:
login.processAuthnResponseMsg(get_field('LARES'))
- session = get_session()
+
if session.lasso_proxy_session_dump:
login.setSessionFromDump(session.lasso_proxy_session_dump)
ni = login.nameIdentifier.content
@@ -531,7 +559,7 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
<Detail>%s</Detail>
</Fault>
</Body>
- </Envelope>''' % msg
+ </Envelope>''' % xml.sax.saxutils.escape(msg)
return body
msp_oids = {
@@ -822,7 +850,8 @@ class AlternateLibertyDirectory(authentic.liberty.root.RootDirectory):
import urllib
import httplib
-def soap_call(url, msg, client_cert = None, more_headers = None):
+def soap_call(url, msg, client_cert = None, more_headers = None, timeout = 3600):
+ print 'Entering SOAP_CALL for %s' % url
if url.startswith('http://'):
host, query = urllib.splithost(url[5:])
conn = httplib.HTTPConnection(host)
@@ -833,16 +862,30 @@ def soap_call(url, msg, client_cert = None, more_headers = None):
headers = {'Content-Type': 'text/xml'}
if more_headers:
headers.update(more_headers)
- conn.set_debuglevel(1)
- conn.request('POST', query, msg, headers)
- response = conn.getresponse()
- data = response.read()
- conn.close()
- if response.status not in (200, 204): # 204 ok for federation termination
- get_logger().warn('SOAP error (%s) (on %s)' % (response.status, url))
- raise SOAPError()
+ conn.set_debuglevel(3)
+ oldtimeout = socket.getdefaulttimeout()
+ start = time.time()
+ try:
+ try:
+ socket.setdefaulttimeout(timeout)
+ conn.request('POST', query, msg, headers)
+ response = conn.getresponse()
+ data = response.read()
+ print 'reponse: %s' % str(data)
+ if response.status not in (200, 204): # 204 ok for federation termination
+ get_logger().warn('SOAP error (%s) (on %s)' % (response.status, url))
+ raise SOAPError()
+ except Exception, exception:
+ get_logger().warn('SOAP error (%s) (on %s)' % (exception, url))
+ raise SOAPError(str(exception))
+ finally:
+ socket.setdefaulttimeout(oldtimeout)
+ conn.close()
+ print "Temps ecoule: %s" % str(time.time()-start)
return data
+authentic.liberty.root.soap_call = soap_call
+
# import uuid # only in 2.5
import smtplib
try: