entrouvert
/
mandaye-vincennes
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity

begin port to the last mandaye version

This commit is contained in:
Jérôme Schneider 2014-04-04 11:53:43 +02:00
parent 2d5451f982
commit 368f22e334
8 changed files with 87 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
data/README Normal file
View File

@ -0,0 +1,2 @@
Folder where Mandaye files will be stored.
It's only use to store metadata files.

25
mandaye_vincennes/auth/vincennes.py
View File

@ -12,11 +12,13 @@ from urlparse import parse_qs
from mandaye.auth.authform import AuthForm from mandaye.auth.authform import AuthForm
from mandaye.log import logger from mandaye.log import logger
from mandaye.models import Site, ExtUser, LocalUser from mandaye.models import ServiceProvider, SPUser, IDPUser
from mandaye.db import sql_session from mandaye.db import sql_session
from mandaye.response import _502, _302 from mandaye.response import _502, _302
from mandaye.server import get_response from mandaye.server import get_response
from mandaye_vincennes import config
class VincennesAuth(AuthForm): class VincennesAuth(AuthForm):
""" Specific authentification class for Vincennes """ Specific authentification class for Vincennes
""" """
@ -44,12 +46,11 @@ class VincennesAuth(AuthForm):
def get_current_unique_id(self, env): def get_current_unique_id(self, env):
""" Return the current Vincennes unique id """ Return the current Vincennes unique id
""" """
from mandaye import config
# TODO: test time validity # TODO: test time validity
if not env['QUERY_STRING']: if not env['QUERY_STRING']:
return None return None
query = self._parse_qs(env['QUERY_STRING']) query = self._parse_qs(env['QUERY_STRING'])
if query.has_key('token'): if query.has_key('token') and query['token']:
try: try:
token = query['token'] token = query['token']
token = base64.b64decode(token) token = base64.b64decode(token)
@ -91,23 +92,23 @@ class VincennesAuth(AuthForm):
logger.debug('Trying to auto log user on %s' % self.site_name) logger.debug('Trying to auto log user on %s' % self.site_name)
env['beaker.session']['auto_login'] = True env['beaker.session']['auto_login'] = True
env['beaker.session'].save() env['beaker.session'].save()
login = self.get_current_login(env) unique_id = self.get_current_unique_id(env)
if env['beaker.session'].has_key('next_url'): if env['beaker.session'].has_key('next_url'):
path = env['beaker.session']['next_url'] path = env['beaker.session']['next_url']
else: else:
logger.warning('Auto login without mandaye_next_url automatically redirect to /') logger.warning('Auto login without mandaye_next_url automatically redirect to /')
path = '/' path = '/'
if not login: if not unique_id:
logger.debug('Auto login failed because the user is not connected on vincennes.fr') logger.debug('Auto login failed because the user is not connected on vincennes.fr')
return _302(path, request.cookies) return _302(path, request.cookies)
env['beaker.session']['unique_id'] = unique_id env['beaker.session']['unique_id'] = unique_id
env['beaker.session'].save() env['beaker.session'].save()
ext_user = sql_session().query(ExtUser).\ ext_user = sql_session().query(SPUser).\
join(LocalUser).\ join(IDPUser).\
join(Site).\ join(ServiceProvider).\
filter(LocalUser.login==login).\ filter(IDPUser.unique_id==unique_id).\
filter(Site.name==self.site_name).\ filter(ServiceProvider.name==self.site_name).\
order_by(ExtUser.last_connection.desc()).\ order_by(SPUser.last_connection.desc()).\
first() first()
if not ext_user: if not ext_user:
logger.debug("No association found redirect to the association page %s" % values.get('associate_url')) logger.debug("No association found redirect to the association page %s" % values.get('associate_url'))
@ -115,7 +116,7 @@ class VincennesAuth(AuthForm):
return _302(values.get('associate_url') + "?type=first&next_url=%s" % path) return _302(values.get('associate_url') + "?type=first&next_url=%s" % path)
else: else:
response = self._login_ext_user(ext_user, env, condition, values) response = self._login_ext_user(ext_user, env, condition, values)
logger.info("User %s has been successfully auto login on %s" % (login, self.site_name)) logger.info("User %s has been successfully auto login on %s" % (unique_id, self.site_name))
return _302(path, response.cookies) return _302(path, response.cookies)
def auto_connection(self, env, values, request, response): def auto_connection(self, env, values, request, response):

53
mandaye_vincennes/config.py
View File

@ -1,4 +1,3 @@
import logging import logging
import os import os
@ -46,11 +45,15 @@ data_dir = os.path.join(_PROJECT_PATH, 'data')
# Email notification configuration # Email notification configuration
email_notification = False email_notification = False
email_prefix = '[Mandaye CAM]'
smtp_host = 'localhost' smtp_host = 'localhost'
smtp_port = 25 smtp_port = 25
email_from = 'traceback@entrouvert.com' email_from = 'traceback@entrouvert.com'
email_to = ['admin@localhost'] email_to = ['admin@localhost']
# platform : should be prod, recette or dev
platform = "prod"
# Use long traceback with xtraceback # Use long traceback with xtraceback
use_long_trace = True use_long_trace = True
@ -81,6 +84,54 @@ ssl = False
keyfile = '' keyfile = ''
certfile = '' certfile = ''
SAML_SIGNATURE_PUBLIC_KEY = '''-----BEGIN CERTIFICATE-----
MIIDIzCCAgugAwIBAgIJANUBoick1pDpMA0GCSqGSIb3DQEBBQUAMBUxEzARBgNV
BAoTCkVudHJvdXZlcnQwHhcNMTAxMjE0MTUzMzAyWhcNMTEwMTEzMTUzMzAyWjAV
MRMwEQYDVQQKEwpFbnRyb3V2ZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAvxFkfPdndlGgQPDZgFGXbrNAc/79PULZBuNdWFHDD9P5hNhZn9Kqm4Cp
06Pe/A6u+g5wLnYvbZQcFCgfQAEzziJtb3J55OOlB7iMEI/T2AX2WzrUH8QT8NGh
ABONKU2Gg4XiyeXNhH5R7zdHlUwcWq3ZwNbtbY0TVc+n665EbrfV/59xihSqsoFr
kmBLH0CoepUXtAzA7WDYn8AzusIuMx3n8844pJwgxhTB7Gjuboptlz9Hri8JRdXi
VT9OS9Wt69ubcNoM6zuKASmtm48UuGnhj8v6XwvbjKZrL9kA+xf8ziazZfvvw/VG
Tm+IVFYB7d1x457jY5zjjXJvNysoowIDAQABo3YwdDAdBgNVHQ4EFgQUeF8ePnu0
fcAK50iBQDgAhHkOu8kwRQYDVR0jBD4wPIAUeF8ePnu0fcAK50iBQDgAhHkOu8mh
GaQXMBUxEzARBgNVBAoTCkVudHJvdXZlcnSCCQDVAaInJNaQ6TAMBgNVHRMEBTAD
AQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAy8l3GhUtpPHx0FxzbRHVaaUSgMwYKGPhE
IdGhqekKUJIx8et4xpEMFBl5XQjBNq/mp5vO3SPb2h2PVSks7xWnG3cvEkqJSOeo
fEEhkqnM45b2MH1S5uxp4i8UilPG6kmQiXU2rEUBdRk9xnRWos7epVivTSIv1Ncp
lG6l41SXp6YgIb2ToT+rOKdIGIQuGDlzeR88fDxWEU0vEujZv/v1PE1YOV0xKjTT
JumlBc6IViKhJeo1wiBBrVRIIkKKevHKQzteK8pWm9CYWculxT26TZ4VWzGbo06j
o2zbumirrLLqnt1gmBDvDvlOwC/zAAyL4chbz66eQHTiIYZZvYgy
-----END CERTIFICATE-----'''
SAML_SIGNATURE_PRIVATE_KEY = '''-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAvxFkfPdndlGgQPDZgFGXbrNAc/79PULZBuNdWFHDD9P5hNhZ
n9Kqm4Cp06Pe/A6u+g5wLnYvbZQcFCgfQAEzziJtb3J55OOlB7iMEI/T2AX2WzrU
H8QT8NGhABONKU2Gg4XiyeXNhH5R7zdHlUwcWq3ZwNbtbY0TVc+n665EbrfV/59x
ihSqsoFrkmBLH0CoepUXtAzA7WDYn8AzusIuMx3n8844pJwgxhTB7Gjuboptlz9H
ri8JRdXiVT9OS9Wt69ubcNoM6zuKASmtm48UuGnhj8v6XwvbjKZrL9kA+xf8ziaz
Zfvvw/VGTm+IVFYB7d1x457jY5zjjXJvNysoowIDAQABAoIBAQCj8t2iKXya10HG
V6Saaeih8aftoLBV38VwFqqjPU0+iKqDpk2JSXBhjI6s7uFIsaTNJpR2Ga1qvns1
hJQEDMQSLhJvXfBgSkHylRWCpJentr4E3D7mnw5pRsd61Ev9U+uHcdv/WHP4K5hM
xsdiwXNXD/RYd1Q1+6bKrCuvnNJVmWe0/RV+r3T8Ni5xdMVFbRWt/VEoE620XX6c
a9TQPiA5i/LRVyie+js7Yv+hVjGOlArtuLs6ECQsivfPrqKLOBRWcofKdcf+4N2e
3cieUqwzC15C31vcMliD9Hax9c1iuTt9Q3Xzo20fOSazAnQ5YBEExyTtrFBwbfQu
ku6hp81pAoGBAN6bc6iJtk5ipYpsaY4ZlbqdjjG9KEXB6G1MExPU7SHXOhOF0cDH
/pgMsv9hF2my863MowsOj3OryVhdQhwA6RrV263LRh+JU8NyHV71BwAIfI0BuVfj
6r24KudwtUcvMr9pJIrJyMAMaw5ZyNoX7YqFpS6fcisSJYdSBSoxzrzVAoGBANu6
xVeMqGavA/EHSOQP3ipDZ3mnWbkDUDxpNhgJG8Q6lZiwKwLoSceJ8z0PNY3VetGA
RbqtqBGfR2mcxHyzeqVBpLnXZC4vs/Vy7lrzTiHDRZk2SG5EkHMSKFA53jN6S/nJ
JWpYZC8lG8w4OHaUfDHFWbptxdGYCgY4//sjeiuXAoGBANuhurJ99R5PnA8AOgEW
4zD1hLc0b4ir8fvshCIcAj9SUB20+afgayRv2ye3Dted1WkUL4WYPxccVhLWKITi
rRtqB03o8m3pG3kJnUr0LIzu0px5J/o8iH3ZOJOTE3iBa+uI/KHmxygc2H+XPGFa
HGeAxuJCNO2kAN0Losbnz5dlAoGAVsCn94gGWPxSjxA0PC7zpTYVnZdwOjbPr/pO
LDE0cEY9GBq98JjrwEd77KibmVMm+Z4uaaT0jXiYhl8pyJ5IFwUS13juCbo1z/u/
ldMoDvZ8/R/MexTA/1204u/mBecMJiO/jPw3GdIJ5phv2omHe1MSuSNsDfN8Sbap
gmsgaiMCgYB/nrTk89Fp7050VKCNnIt1mHAcO9cBwDV8qrJ5O3rIVmrg1T6vn0aY
wRiVcNacaP+BivkrMjr4BlsUM6yH4MOBsNhLURiiCL+tLJV7U0DWlCse/doWij4U
TKX6tp6oI+7MIJE6ySZ0cBqOiydAkBePZhu57j6ToBkTa0dbHjn1WA==
-----END RSA PRIVATE KEY-----'''
# Import local config # Import local config
try: try:
from mandaye_vincennes.local_config import * from mandaye_vincennes.local_config import *

22
mandaye_vincennes/configs/biblio_vincennes.py
View File

@ -1,5 +1,8 @@
from mandaye_vincennes.auth.vincennes import VincennesAuth from mandaye.auth.saml2 import SAML2Auth
from mandaye.configs import saml2 as saml2_config
from mandaye_vincennes import config
from mandaye_vincennes.filters import vincennes from mandaye_vincennes.filters import vincennes
form_values = { form_values = {
@ -10,7 +13,12 @@ form_values = {
'password_field': 'password', 'password_field': 'password',
} }
auth = VincennesAuth(form_values, 'biblio', 'https://www.vincennes.fr/comptecitoyen/auth') saml2_config.IDP_METADATA = "https://sso.vincennes.dev2.entrouvert.org/idp/saml2/metadata"
saml2_config.SAML_SIGNATURE_PUBLIC_KEY = config.SAML_SIGNATURE_PUBLIC_KEY
saml2_config.SAML_SIGNATURE_PRIVATE_KEY = config.SAML_SIGNATURE_PRIVATE_KEY
auth = SAML2Auth(form_values, 'biblio', saml2_config)
filters = vincennes.Biblio() filters = vincennes.Biblio()
biblio_mapping = [ biblio_mapping = [
@ -20,15 +28,9 @@ biblio_mapping = [
{ {
'filter': filters.resp_html, 'filter': filters.resp_html,
'content-types': ['application/x-javascript', 'text/html', 'text/css'], 'content-types': ['application/x-javascript', 'text/html', 'text/css'],
'decompress': False,
}, },
{ ],
'filter': auth.auto_connection,
'values': {
'next_url': '/mandaye/auto_login',
'empty_referer': True,
'autologin_from': 'www.vincennes.fr'
}
}],
}, },
{ {
'path': r'/sezhame', 'path': r'/sezhame',

3
mandaye_vincennes/filters/vincennes.py
View File

@ -10,7 +10,7 @@ from mandaye.log import logger
from mandaye.response import _302, _401 from mandaye.response import _302, _401
from mandaye.template import serve_template from mandaye.template import serve_template
from mandaye.backend.default import ManagerSPUser from mandaye.backends.default import ManagerSPUser
def get_associate_form(env, values): def get_associate_form(env, values):
""" Return association template content """ Return association template content
@ -61,7 +61,6 @@ def get_multi_template(env, values, current_account):
return template return template
return None return None
class Biblio: class Biblio:
def resp_html_login_page(self, env, values, request, response): def resp_html_login_page(self, env, values, request, response):

2
mandaye_vincennes/mandaye_mandaye_vincennes.log
View File

@ -1,2 +0,0 @@
2013-10-27 21:51:52 INFO CAM rp start
2013-10-27 21:52:48 INFO CAM rp start

11
mandaye_vincennes_manager
View File

@ -5,7 +5,7 @@
""" """
import os import os
os.environ['MANDAYE_CONFIG_MODULE'] = 'cam.config' os.environ['MANDAYE_CONFIG_MODULE'] = 'mandaye_vincennes.config'
import base64 import base64
@ -67,11 +67,10 @@ def main():
command.upgrade(alembic_cfg, "head") command.upgrade(alembic_cfg, "head")
logger.info("Database upgraded") logger.info("Database upgraded")
if options.cryptpwd: if options.cryptpwd:
pass from mandaye.backends.default import ManagerSPUser
#from mandaye.backends.default import ManagerSPUser for user in ManagerSPUser.all():
#for user in ManagerSPUser.all(): user.password = encrypt_pwd(user.password)
# user.password = encrypt_pwd(user.password) ManagerSPUser.save()
#ManagerSPUser.save()
if __name__ == "__main__": if __name__ == "__main__":
main() main()

4
setup.py
View File

@ -11,8 +11,8 @@ from setuptools import setup, find_packages
from sys import version from sys import version
install_requires=[ install_requires=[
'gunicorn>=0.13', 'gunicorn>=0.17',
'mandaye>=0.4', 'mandaye>=0.7',
'pycrypto>=2.0', 'pycrypto>=2.0',
] ]