219 lines
8.4 KiB
Python
219 lines
8.4 KiB
Python
# -*- coding: iso-8859-15 -*-
|
|
|
|
|
|
# Glasnost
|
|
# By: Odile Bénassy <obenassy@entrouvert.com>
|
|
# Romain Chantereau <rchantereau@entrouvert.com>
|
|
# Nicolas Clapiès <nclapies@easter-eggs.org>
|
|
# Pierre-Antoine Dejace <padejace@entrouvert.be>
|
|
# Thierry Dulieu <tdulieu@easter-eggs.com>
|
|
# Florent Monnier <monnier@codelutin.com>
|
|
# Cédric Musso <cmusso@easter-eggs.org>
|
|
# Frédéric Péters <fpeters@entrouvert.be>
|
|
# Benjamin Poussin <poussin@codelutin.com>
|
|
# Emmanuel Raviart <eraviart@entrouvert.com>
|
|
# Sébastien Régnier <regnier@codelutin.com>
|
|
# Emmanuel Saracco <esaracco@easter-eggs.com>
|
|
#
|
|
# Copyright (C) 2000, 2001 Easter-eggs & Emmanuel Raviart
|
|
# Copyright (C) 2002 Odile Bénassy, Code Lutin, Thierry Dulieu, Easter-eggs,
|
|
# Entr'ouvert, Frédéric Péters, Benjamin Poussin, Emmanuel Raviart,
|
|
# Emmanuel Saracco & Théridion
|
|
# Copyright (C) 2003 Odile Bénassy, Romain Chantereau, Nicolas Clapiès,
|
|
# Code Lutin, Pierre-Antoine Dejace, Thierry Dulieu, Easter-eggs,
|
|
# Entr'ouvert, Florent Monnier, Cédric Musso, Ouvaton, Frédéric Péters,
|
|
# Benjamin Poussin, Rodolphe Quiédeville, Emmanuel Raviart, Sébastien
|
|
# Régnier, Emmanuel Saracco, Théridion & Vecam
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU General Public License
|
|
# as published by the Free Software Foundation; either version 2
|
|
# of the License, or (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program; if not, write to the Free Software
|
|
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
|
|
__doc__ = """Glasnost Authentication (Liberty Alliance) Web"""
|
|
|
|
__version__ = '$Revision$'[11:-2]
|
|
|
|
import sys
|
|
sys.path.append('/home/fred/src/cvs/lvparano/')
|
|
|
|
import glasnost.common.context as context
|
|
import glasnost.common.faults as faults
|
|
from glasnost.common.ObjectsCommon import *
|
|
import glasnost.common.slots as slots
|
|
import glasnost.common.translation as translation
|
|
import glasnost.common.tools_new as commonTools
|
|
|
|
from glasnost.proxy.AuthenticationLibertyAllianceProxy import *
|
|
|
|
from ObjectsWeb import register, AdminWithoutWritersMixin, WebMixin, BaseObjectWebMixin
|
|
from tools import *
|
|
|
|
class AdminAuthenticationLibertyAlliance(AdminWithoutWritersMixin,
|
|
AdminAuthenticationLibertyAlliance):
|
|
pass
|
|
register(AdminAuthenticationLibertyAlliance)
|
|
|
|
|
|
class AccountLibertyAlliance(BaseObjectWebMixin, AccountLibertyAlliance):
|
|
pass
|
|
register(AccountLibertyAlliance)
|
|
|
|
class AuthenticationLibertyAllianceWeb(WebMixin,
|
|
AuthenticationLibertyAllianceProxy):
|
|
|
|
def admin(self):
|
|
context.push(_level = 'admin',
|
|
defaultDispatcherId = context.getVar('dispatcherId'))
|
|
try:
|
|
if not self.canGetAdmin():
|
|
return accessForbidden()
|
|
admin = self.getAdmin()
|
|
|
|
keywords = {}
|
|
admin.makeFieldsFromInstance(keywords)
|
|
admin.repairFields(keywords)
|
|
|
|
layout = X.array()
|
|
layout += admin.getViewLayout(keywords)
|
|
|
|
buttonsBar = X.div(_class = 'buttons-bar')
|
|
layout += buttonsBar
|
|
if self.canModifyAdmin():
|
|
actionButtonsBar = X.span(_class = 'action-buttons-bar')
|
|
buttonsBar += actionButtonsBar
|
|
actionButtonsBar += X.buttonStandalone(
|
|
'edit', X.actionUrl('adminEdit'))
|
|
finally:
|
|
context.pull(_level = 'admin')
|
|
return writePageLayout(layout,
|
|
_('Authentication (Liberty Alliance) Settings'))
|
|
admin.isPublicForWeb = 1
|
|
|
|
def adminEdit(self, again = '', error = '', **keywords):
|
|
context.push(_level = 'adminEdit',
|
|
defaultDispatcherId = context.getVar('dispatcherId'),
|
|
layoutMode = 'edit')
|
|
try:
|
|
if keywords is None:
|
|
keywords = {}
|
|
if not self.isAdmin():
|
|
return accessForbidden()
|
|
admin = self.getAdmin()
|
|
|
|
if not again:
|
|
admin.makeFieldsFromInstance(keywords)
|
|
admin.repairFields(keywords)
|
|
|
|
layout = X.array()
|
|
layout += admin.getErrorLayout(error, keywords)
|
|
form = X.form(
|
|
action = X.actionUrl('adminSubmit'),
|
|
enctype= 'multipart/form-data', method = 'post')
|
|
layout += form
|
|
form += admin.getEditLayout(keywords)
|
|
|
|
buttonsBar = X.div(_class = 'buttons-bar')
|
|
form += buttonsBar
|
|
actionButtonsBar = X.span(_class = 'action-buttons-bar')
|
|
buttonsBar += actionButtonsBar
|
|
actionButtonsBar += X.buttonInForm('modify', 'modifyButton')
|
|
finally:
|
|
context.pull(_level = 'adminEdit')
|
|
return writePageLayout(layout, _('Editing Authentication Settings'))
|
|
adminEdit.isPublicForWeb = 1
|
|
|
|
def adminSubmit(self, **keywords):
|
|
uri = None
|
|
context.push(_level = 'adminSubmit',
|
|
defaultDispatcherId = context.getVar('dispatcherId'))
|
|
try:
|
|
if keywords is None:
|
|
keywords = {}
|
|
if not self.isAdmin():
|
|
return accessForbidden()
|
|
admin = self.getAdmin()
|
|
|
|
if isButtonSelected('applyButton', keywords):
|
|
keywords['again'] = '1'
|
|
keywords['hideErrors'] = '1'
|
|
admin = self.newAdmin(keywords)
|
|
admin.submitFields(keywords)
|
|
if keywords.has_key('again') and keywords['again']:
|
|
uri = X.actionUrl('adminEdit')
|
|
uri.addKeywords(keywords)
|
|
return # The redirect(uri) will be returned by the finally
|
|
# instruction.
|
|
try:
|
|
self.modifyAdmin(admin)
|
|
except faults.WrongVersion:
|
|
keywords['again'] = '1'
|
|
keywords['error'] = '1'
|
|
keywords['versionError'] = '1'
|
|
uri = X.actionUrl('adminEdit')
|
|
uri.addKeywords(keywords)
|
|
return # The redirect(uri) will be returned by the finally
|
|
# instruction.
|
|
except:
|
|
if context.getVar('debug'):
|
|
raise
|
|
return accessForbidden()
|
|
uri = X.actionUrl('admin')
|
|
# The redirect(uri) will be returned by the finally instruction.
|
|
finally:
|
|
context.pull(_level = 'adminSubmit')
|
|
if uri:
|
|
return redirect(uri)
|
|
adminSubmit.isPublicForWeb = 1
|
|
|
|
def idpAnswer(self, **keywords):
|
|
if not keywords:
|
|
keywords = {}
|
|
|
|
if keywords.has_key('tokenId'):
|
|
tokenId = keywords['tokenId']
|
|
del keywords['tokenId']
|
|
|
|
from Provider.ServiceProvider import ServiceProvider
|
|
sp = ServiceProvider('localhost', 8089, 8090,
|
|
SOAPEndpoint = 'http://localhost/soapEndPoint.html')
|
|
authnResponse = sp.getAuthnResponseFromEmbeddedUrl(keywords)
|
|
|
|
authWeb = getWebForServerRole('authentication')
|
|
|
|
authObject = self.newAuthenticationObject()
|
|
authObject.authnResponse = authnResponse.exportToString()
|
|
try:
|
|
return authWeb.loginSubmitted(
|
|
'liberty-alliance', authObject, '')
|
|
except faults.WrongPassword:
|
|
return writePageLayout(X.p('error in liberty alliance auth'), 'error')
|
|
idpAnswer.isPublicForWeb = 1
|
|
|
|
def login(self, nextUri = '', access = '', again = '', error = '', **keywords):
|
|
idpUrl = 'http://localhost:8989/processAuthnRequest.html'
|
|
# TODO: get this from admin
|
|
|
|
if not keywords:
|
|
keywords = {}
|
|
|
|
from Provider.ServiceProvider import ServiceProvider
|
|
sp = ServiceProvider('localhost', 8089, 8090,
|
|
SOAPEndpoint = 'http://localhost/soapEndPoint.html')
|
|
authnRequest = sp.getNewAuthnRequest()
|
|
embeddedAuthnRequest = authnRequest.exportToEmbeddedUrl()
|
|
response = idpUrl+'?'+embeddedAuthnRequest
|
|
return redirect(response)
|
|
login.isPublicForWeb = 1
|
|
|