diff --git a/data/README b/data/README new file mode 100644 index 0000000..8410143 --- /dev/null +++ b/data/README @@ -0,0 +1,2 @@ +Folder where Mandaye files will be stored. +It's only use to store metadata files. diff --git a/mandaye_vincennes/auth/vincennes.py b/mandaye_vincennes/auth/vincennes.py index ded2b32..63afb2a 100644 --- a/mandaye_vincennes/auth/vincennes.py +++ b/mandaye_vincennes/auth/vincennes.py @@ -12,11 +12,13 @@ from urlparse import parse_qs from mandaye.auth.authform import AuthForm from mandaye.log import logger -from mandaye.models import Site, ExtUser, LocalUser +from mandaye.models import ServiceProvider, SPUser, IDPUser from mandaye.db import sql_session from mandaye.response import _502, _302 from mandaye.server import get_response +from mandaye_vincennes import config + class VincennesAuth(AuthForm): """ Specific authentification class for Vincennes """ @@ -44,12 +46,11 @@ class VincennesAuth(AuthForm): def get_current_unique_id(self, env): """ Return the current Vincennes unique id """ - from mandaye import config # TODO: test time validity if not env['QUERY_STRING']: return None query = self._parse_qs(env['QUERY_STRING']) - if query.has_key('token'): + if query.has_key('token') and query['token']: try: token = query['token'] token = base64.b64decode(token) @@ -91,23 +92,23 @@ class VincennesAuth(AuthForm): logger.debug('Trying to auto log user on %s' % self.site_name) env['beaker.session']['auto_login'] = True env['beaker.session'].save() - login = self.get_current_login(env) + unique_id = self.get_current_unique_id(env) if env['beaker.session'].has_key('next_url'): path = env['beaker.session']['next_url'] else: logger.warning('Auto login without mandaye_next_url automatically redirect to /') path = '/' - if not login: + if not unique_id: logger.debug('Auto login failed because the user is not connected on vincennes.fr') return _302(path, request.cookies) env['beaker.session']['unique_id'] = unique_id env['beaker.session'].save() - ext_user = sql_session().query(ExtUser).\ - join(LocalUser).\ - join(Site).\ - filter(LocalUser.login==login).\ - filter(Site.name==self.site_name).\ - order_by(ExtUser.last_connection.desc()).\ + ext_user = sql_session().query(SPUser).\ + join(IDPUser).\ + join(ServiceProvider).\ + filter(IDPUser.unique_id==unique_id).\ + filter(ServiceProvider.name==self.site_name).\ + order_by(SPUser.last_connection.desc()).\ first() if not ext_user: logger.debug("No association found redirect to the association page %s" % values.get('associate_url')) @@ -115,7 +116,7 @@ class VincennesAuth(AuthForm): return _302(values.get('associate_url') + "?type=first&next_url=%s" % path) else: response = self._login_ext_user(ext_user, env, condition, values) - logger.info("User %s has been successfully auto login on %s" % (login, self.site_name)) + logger.info("User %s has been successfully auto login on %s" % (unique_id, self.site_name)) return _302(path, response.cookies) def auto_connection(self, env, values, request, response): diff --git a/mandaye_vincennes/config.py b/mandaye_vincennes/config.py index c7ed9a1..da131c5 100644 --- a/mandaye_vincennes/config.py +++ b/mandaye_vincennes/config.py @@ -1,4 +1,3 @@ - import logging import os @@ -46,11 +45,15 @@ data_dir = os.path.join(_PROJECT_PATH, 'data') # Email notification configuration email_notification = False +email_prefix = '[Mandaye CAM]' smtp_host = 'localhost' smtp_port = 25 email_from = 'traceback@entrouvert.com' email_to = ['admin@localhost'] +# platform : should be prod, recette or dev +platform = "prod" + # Use long traceback with xtraceback use_long_trace = True @@ -81,6 +84,54 @@ ssl = False keyfile = '' certfile = '' +SAML_SIGNATURE_PUBLIC_KEY = '''-----BEGIN CERTIFICATE----- +MIIDIzCCAgugAwIBAgIJANUBoick1pDpMA0GCSqGSIb3DQEBBQUAMBUxEzARBgNV +BAoTCkVudHJvdXZlcnQwHhcNMTAxMjE0MTUzMzAyWhcNMTEwMTEzMTUzMzAyWjAV +MRMwEQYDVQQKEwpFbnRyb3V2ZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAvxFkfPdndlGgQPDZgFGXbrNAc/79PULZBuNdWFHDD9P5hNhZn9Kqm4Cp +06Pe/A6u+g5wLnYvbZQcFCgfQAEzziJtb3J55OOlB7iMEI/T2AX2WzrUH8QT8NGh +ABONKU2Gg4XiyeXNhH5R7zdHlUwcWq3ZwNbtbY0TVc+n665EbrfV/59xihSqsoFr +kmBLH0CoepUXtAzA7WDYn8AzusIuMx3n8844pJwgxhTB7Gjuboptlz9Hri8JRdXi +VT9OS9Wt69ubcNoM6zuKASmtm48UuGnhj8v6XwvbjKZrL9kA+xf8ziazZfvvw/VG +Tm+IVFYB7d1x457jY5zjjXJvNysoowIDAQABo3YwdDAdBgNVHQ4EFgQUeF8ePnu0 +fcAK50iBQDgAhHkOu8kwRQYDVR0jBD4wPIAUeF8ePnu0fcAK50iBQDgAhHkOu8mh +GaQXMBUxEzARBgNVBAoTCkVudHJvdXZlcnSCCQDVAaInJNaQ6TAMBgNVHRMEBTAD +AQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAy8l3GhUtpPHx0FxzbRHVaaUSgMwYKGPhE +IdGhqekKUJIx8et4xpEMFBl5XQjBNq/mp5vO3SPb2h2PVSks7xWnG3cvEkqJSOeo +fEEhkqnM45b2MH1S5uxp4i8UilPG6kmQiXU2rEUBdRk9xnRWos7epVivTSIv1Ncp +lG6l41SXp6YgIb2ToT+rOKdIGIQuGDlzeR88fDxWEU0vEujZv/v1PE1YOV0xKjTT +JumlBc6IViKhJeo1wiBBrVRIIkKKevHKQzteK8pWm9CYWculxT26TZ4VWzGbo06j +o2zbumirrLLqnt1gmBDvDvlOwC/zAAyL4chbz66eQHTiIYZZvYgy +-----END CERTIFICATE-----''' + +SAML_SIGNATURE_PRIVATE_KEY = '''-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAvxFkfPdndlGgQPDZgFGXbrNAc/79PULZBuNdWFHDD9P5hNhZ +n9Kqm4Cp06Pe/A6u+g5wLnYvbZQcFCgfQAEzziJtb3J55OOlB7iMEI/T2AX2WzrU +H8QT8NGhABONKU2Gg4XiyeXNhH5R7zdHlUwcWq3ZwNbtbY0TVc+n665EbrfV/59x +ihSqsoFrkmBLH0CoepUXtAzA7WDYn8AzusIuMx3n8844pJwgxhTB7Gjuboptlz9H +ri8JRdXiVT9OS9Wt69ubcNoM6zuKASmtm48UuGnhj8v6XwvbjKZrL9kA+xf8ziaz +Zfvvw/VGTm+IVFYB7d1x457jY5zjjXJvNysoowIDAQABAoIBAQCj8t2iKXya10HG +V6Saaeih8aftoLBV38VwFqqjPU0+iKqDpk2JSXBhjI6s7uFIsaTNJpR2Ga1qvns1 +hJQEDMQSLhJvXfBgSkHylRWCpJentr4E3D7mnw5pRsd61Ev9U+uHcdv/WHP4K5hM +xsdiwXNXD/RYd1Q1+6bKrCuvnNJVmWe0/RV+r3T8Ni5xdMVFbRWt/VEoE620XX6c +a9TQPiA5i/LRVyie+js7Yv+hVjGOlArtuLs6ECQsivfPrqKLOBRWcofKdcf+4N2e +3cieUqwzC15C31vcMliD9Hax9c1iuTt9Q3Xzo20fOSazAnQ5YBEExyTtrFBwbfQu +ku6hp81pAoGBAN6bc6iJtk5ipYpsaY4ZlbqdjjG9KEXB6G1MExPU7SHXOhOF0cDH +/pgMsv9hF2my863MowsOj3OryVhdQhwA6RrV263LRh+JU8NyHV71BwAIfI0BuVfj +6r24KudwtUcvMr9pJIrJyMAMaw5ZyNoX7YqFpS6fcisSJYdSBSoxzrzVAoGBANu6 +xVeMqGavA/EHSOQP3ipDZ3mnWbkDUDxpNhgJG8Q6lZiwKwLoSceJ8z0PNY3VetGA +RbqtqBGfR2mcxHyzeqVBpLnXZC4vs/Vy7lrzTiHDRZk2SG5EkHMSKFA53jN6S/nJ +JWpYZC8lG8w4OHaUfDHFWbptxdGYCgY4//sjeiuXAoGBANuhurJ99R5PnA8AOgEW +4zD1hLc0b4ir8fvshCIcAj9SUB20+afgayRv2ye3Dted1WkUL4WYPxccVhLWKITi +rRtqB03o8m3pG3kJnUr0LIzu0px5J/o8iH3ZOJOTE3iBa+uI/KHmxygc2H+XPGFa +HGeAxuJCNO2kAN0Losbnz5dlAoGAVsCn94gGWPxSjxA0PC7zpTYVnZdwOjbPr/pO +LDE0cEY9GBq98JjrwEd77KibmVMm+Z4uaaT0jXiYhl8pyJ5IFwUS13juCbo1z/u/ +ldMoDvZ8/R/MexTA/1204u/mBecMJiO/jPw3GdIJ5phv2omHe1MSuSNsDfN8Sbap +gmsgaiMCgYB/nrTk89Fp7050VKCNnIt1mHAcO9cBwDV8qrJ5O3rIVmrg1T6vn0aY +wRiVcNacaP+BivkrMjr4BlsUM6yH4MOBsNhLURiiCL+tLJV7U0DWlCse/doWij4U +TKX6tp6oI+7MIJE6ySZ0cBqOiydAkBePZhu57j6ToBkTa0dbHjn1WA== +-----END RSA PRIVATE KEY-----''' + # Import local config try: from mandaye_vincennes.local_config import * diff --git a/mandaye_vincennes/configs/biblio_vincennes.py b/mandaye_vincennes/configs/biblio_vincennes.py index 4ac7dfe..5d61303 100644 --- a/mandaye_vincennes/configs/biblio_vincennes.py +++ b/mandaye_vincennes/configs/biblio_vincennes.py @@ -1,5 +1,8 @@ -from mandaye_vincennes.auth.vincennes import VincennesAuth +from mandaye.auth.saml2 import SAML2Auth +from mandaye.configs import saml2 as saml2_config + +from mandaye_vincennes import config from mandaye_vincennes.filters import vincennes form_values = { @@ -10,7 +13,12 @@ form_values = { 'password_field': 'password', } -auth = VincennesAuth(form_values, 'biblio', 'https://www.vincennes.fr/comptecitoyen/auth') +saml2_config.IDP_METADATA = "https://sso.vincennes.dev2.entrouvert.org/idp/saml2/metadata" +saml2_config.SAML_SIGNATURE_PUBLIC_KEY = config.SAML_SIGNATURE_PUBLIC_KEY +saml2_config.SAML_SIGNATURE_PRIVATE_KEY = config.SAML_SIGNATURE_PRIVATE_KEY + + +auth = SAML2Auth(form_values, 'biblio', saml2_config) filters = vincennes.Biblio() biblio_mapping = [ @@ -20,15 +28,9 @@ biblio_mapping = [ { 'filter': filters.resp_html, 'content-types': ['application/x-javascript', 'text/html', 'text/css'], + 'decompress': False, }, - { - 'filter': auth.auto_connection, - 'values': { - 'next_url': '/mandaye/auto_login', - 'empty_referer': True, - 'autologin_from': 'www.vincennes.fr' - } - }], + ], }, { 'path': r'/sezhame', diff --git a/mandaye_vincennes/filters/vincennes.py b/mandaye_vincennes/filters/vincennes.py index 91150c4..0c39134 100644 --- a/mandaye_vincennes/filters/vincennes.py +++ b/mandaye_vincennes/filters/vincennes.py @@ -10,7 +10,7 @@ from mandaye.log import logger from mandaye.response import _302, _401 from mandaye.template import serve_template -from mandaye.backend.default import ManagerSPUser +from mandaye.backends.default import ManagerSPUser def get_associate_form(env, values): """ Return association template content @@ -61,7 +61,6 @@ def get_multi_template(env, values, current_account): return template return None - class Biblio: def resp_html_login_page(self, env, values, request, response): diff --git a/mandaye_vincennes/mandaye_mandaye_vincennes.log b/mandaye_vincennes/mandaye_mandaye_vincennes.log deleted file mode 100644 index bf24636..0000000 --- a/mandaye_vincennes/mandaye_mandaye_vincennes.log +++ /dev/null @@ -1,2 +0,0 @@ -2013-10-27 21:51:52 INFO CAM rp start -2013-10-27 21:52:48 INFO CAM rp start diff --git a/mandaye_vincennes_manager b/mandaye_vincennes_manager index 62ddc27..fb28b1e 100755 --- a/mandaye_vincennes_manager +++ b/mandaye_vincennes_manager @@ -5,7 +5,7 @@ """ import os -os.environ['MANDAYE_CONFIG_MODULE'] = 'cam.config' +os.environ['MANDAYE_CONFIG_MODULE'] = 'mandaye_vincennes.config' import base64 @@ -67,11 +67,10 @@ def main(): command.upgrade(alembic_cfg, "head") logger.info("Database upgraded") if options.cryptpwd: - pass - #from mandaye.backends.default import ManagerSPUser - #for user in ManagerSPUser.all(): - # user.password = encrypt_pwd(user.password) - #ManagerSPUser.save() + from mandaye.backends.default import ManagerSPUser + for user in ManagerSPUser.all(): + user.password = encrypt_pwd(user.password) + ManagerSPUser.save() if __name__ == "__main__": main() diff --git a/setup.py b/setup.py index 1e12c1e..e838d88 100644 --- a/setup.py +++ b/setup.py @@ -11,8 +11,8 @@ from setuptools import setup, find_packages from sys import version install_requires=[ - 'gunicorn>=0.13', - 'mandaye>=0.4', + 'gunicorn>=0.17', + 'mandaye>=0.7', 'pycrypto>=2.0', ]