2014-06-17 17:04:40 +02:00
|
|
|
# w.c.s. - web application for online forms
|
|
|
|
# Copyright (C) 2005-2014 Entr'ouvert
|
|
|
|
#
|
|
|
|
# This program is free software; you can redistribute it and/or modify
|
|
|
|
# it under the terms of the GNU General Public License as published by
|
|
|
|
# the Free Software Foundation; either version 2 of the License, or
|
|
|
|
# (at your option) any later version.
|
|
|
|
#
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
|
|
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
2014-07-08 11:14:42 +02:00
|
|
|
import ConfigParser
|
2014-06-23 17:40:58 +02:00
|
|
|
import fnmatch
|
2014-06-17 17:04:40 +02:00
|
|
|
import json
|
|
|
|
import os
|
|
|
|
import sys
|
2014-06-23 17:21:02 +02:00
|
|
|
import tempfile
|
2014-06-17 17:04:40 +02:00
|
|
|
import urllib2
|
|
|
|
|
|
|
|
from qommon.ctl import Command, make_option
|
2014-06-23 17:21:02 +02:00
|
|
|
from qommon.storage import atomic_write
|
2014-06-17 17:04:40 +02:00
|
|
|
|
|
|
|
|
|
|
|
class CmdCheckHobos(Command):
|
|
|
|
name = 'check-hobos'
|
|
|
|
|
2014-06-23 17:40:58 +02:00
|
|
|
def __init__(self):
|
|
|
|
Command.__init__(self, [
|
2014-08-18 10:53:23 +02:00
|
|
|
make_option('--site-url', metavar='URL', dest='site_url'),
|
2014-06-23 17:40:58 +02:00
|
|
|
])
|
|
|
|
|
|
|
|
|
2014-06-17 17:04:40 +02:00
|
|
|
def execute(self, base_options, sub_options, args):
|
|
|
|
import publisher
|
|
|
|
|
|
|
|
publisher.WcsPublisher.configure(self.config, sub_options.extra)
|
|
|
|
pub = publisher.WcsPublisher.create_publisher()
|
2014-08-18 10:53:23 +02:00
|
|
|
if sub_options.site_url:
|
|
|
|
self.site_url = sub_options.site_url
|
2014-06-17 17:04:40 +02:00
|
|
|
|
|
|
|
global_app_dir = pub.app_dir
|
2014-08-18 10:53:23 +02:00
|
|
|
hobos_services = []
|
2014-06-17 17:04:40 +02:00
|
|
|
|
2014-08-18 10:53:23 +02:00
|
|
|
if args:
|
|
|
|
hobos = []
|
|
|
|
for arg in args:
|
|
|
|
try:
|
|
|
|
hobos.extend(json.load(urllib2.urlopen(arg.strip('/') + '/hobos.json')))
|
|
|
|
except (urllib2.URLError, urllib2.HTTPError), e:
|
|
|
|
print >> sys.stderr, 'failed to get URL', arg, e
|
|
|
|
continue
|
|
|
|
|
|
|
|
for hobo in hobos:
|
|
|
|
try:
|
|
|
|
hobos_services.append(json.load(
|
|
|
|
urllib2.urlopen(hobo + 'environment/installed_services.json')))
|
|
|
|
except (urllib2.URLError, urllib2.HTTPError), e:
|
|
|
|
print >> sys.stderr, 'failed to get URL', hobo, e
|
|
|
|
continue
|
|
|
|
else:
|
|
|
|
# get environment definition from stdin
|
|
|
|
hobos_services = [json.load(sys.stdin)]
|
|
|
|
|
|
|
|
for all_services in hobos_services:
|
2014-07-08 11:14:42 +02:00
|
|
|
services = [x for x in all_services.get('services', []) if \
|
2014-08-18 10:53:23 +02:00
|
|
|
x.get('service-id') == 'wcs']
|
|
|
|
|
|
|
|
if self.site_url:
|
|
|
|
services = [x for x in services if x.get('base_url') == self.site_url]
|
|
|
|
if not services:
|
|
|
|
continue
|
|
|
|
|
|
|
|
hobo_timestamp = all_services.get('timestamp')
|
2014-06-23 17:21:02 +02:00
|
|
|
|
|
|
|
# initialize all instances of w.c.s.
|
|
|
|
for service in services:
|
|
|
|
parsed_url = urllib2.urlparse.urlsplit(service.get('base_url'))
|
|
|
|
instance_path = parsed_url.netloc
|
|
|
|
if parsed_url.path:
|
|
|
|
instance_path = '%s+' % parsed_url.path.replace('/', '+')
|
|
|
|
pub.app_dir = os.path.join(global_app_dir, instance_path)
|
|
|
|
if not os.path.exists(pub.app_dir):
|
|
|
|
print 'initializing instance in', pub.app_dir
|
|
|
|
os.mkdir(pub.app_dir)
|
|
|
|
pub.initialize_app_dir()
|
|
|
|
else:
|
2014-07-08 11:14:42 +02:00
|
|
|
print 'updating instance in', pub.app_dir
|
2014-06-23 17:21:02 +02:00
|
|
|
pub.set_config()
|
2014-06-17 17:04:40 +02:00
|
|
|
|
2014-07-08 11:14:42 +02:00
|
|
|
# configure site-options.cfg
|
|
|
|
config = ConfigParser.RawConfigParser()
|
|
|
|
site_options_filepath = os.path.join(pub.app_dir, 'site-options.cfg')
|
|
|
|
if os.path.exists(site_options_filepath):
|
|
|
|
config.read(site_options_filepath)
|
2014-08-18 10:53:23 +02:00
|
|
|
try:
|
|
|
|
if config.getint('hobo', 'timestamp') == hobo_timestamp:
|
|
|
|
print >> sys.stderr, ' same timestamp, skip'
|
|
|
|
continue
|
|
|
|
except ConfigParser.NoSectionError:
|
|
|
|
pass
|
|
|
|
|
|
|
|
if not 'hobo' in config.sections():
|
|
|
|
config.add_section('hobo')
|
|
|
|
config.set('hobo', 'timestamp', hobo_timestamp)
|
2014-07-08 11:14:42 +02:00
|
|
|
|
|
|
|
if all_services.get('variables'):
|
|
|
|
if not 'variables' in config.sections():
|
|
|
|
config.add_section('variables')
|
|
|
|
for key, value in all_services.get('variables').items():
|
|
|
|
config.set('variables', key, value)
|
|
|
|
|
|
|
|
with open(site_options_filepath, 'wb') as site_options:
|
|
|
|
config.write(site_options)
|
|
|
|
|
|
|
|
# update configuration
|
2014-06-17 17:04:40 +02:00
|
|
|
if not pub.cfg.get('misc'):
|
|
|
|
pub.cfg['misc'] = {}
|
|
|
|
pub.cfg['misc']['sitename'] = service.get('title').encode('utf-8')
|
2014-06-23 17:21:02 +02:00
|
|
|
|
|
|
|
# configure authentication methods
|
2014-07-08 11:14:42 +02:00
|
|
|
idps = [x for x in all_services.get('services', []) if x.get('service-id') == 'authentic']
|
2014-06-23 17:21:02 +02:00
|
|
|
if not pub.cfg.get('identification'):
|
|
|
|
pub.cfg['identification'] = {}
|
|
|
|
methods = pub.cfg['identification'].get('methods', [])
|
|
|
|
if not methods:
|
|
|
|
methods = ['idp']
|
|
|
|
elif not 'idp' in methods:
|
|
|
|
methods.append('idp')
|
|
|
|
pub.cfg['identification']['methods'] = methods
|
|
|
|
pub.write_cfg()
|
|
|
|
|
|
|
|
if idps and not pub.cfg.get('sp', {}).get('publickey'):
|
|
|
|
from qommon.ident.idp import MethodAdminDirectory
|
|
|
|
if not pub.cfg.get('sp'):
|
|
|
|
pub.cfg['sp'] = {}
|
|
|
|
spconfig = pub.cfg['sp']
|
|
|
|
spconfig['base_url'] = str(service.get('base_url')) + '/liberty'
|
|
|
|
spconfig['saml2_base_url'] = str(service.get('base_url')) + '/saml'
|
|
|
|
spconfig['providerid'] = spconfig['base_url'] + '/metadata'
|
|
|
|
spconfig['saml2_providerid'] = spconfig['saml2_base_url'] + '/metadata'
|
|
|
|
MethodAdminDirectory().generate_rsa_keypair()
|
|
|
|
|
|
|
|
for idp in idps:
|
|
|
|
metadata_url = '%s/idp/saml2/metadata' % idp['base_url']
|
|
|
|
try:
|
|
|
|
rfd = urllib2.urlopen(metadata_url)
|
|
|
|
except (urllib2.HTTPError, urllib2.URLError), e:
|
|
|
|
print >> sys.stderr, 'failed to get metadata URL', metadata_url, e
|
|
|
|
continue
|
|
|
|
except Exception, e:
|
|
|
|
print >> sys.stderr, 'failed to get metadata URL', metadata_url, e
|
|
|
|
continue
|
|
|
|
|
|
|
|
s = rfd.read()
|
|
|
|
(bfd, metadata_pathname) = tempfile.mkstemp('.metadata')
|
|
|
|
atomic_write(metadata_pathname, s)
|
|
|
|
|
|
|
|
from qommon.ident.idp import AdminIDPDir
|
|
|
|
admin_dir = AdminIDPDir()
|
|
|
|
key_provider_id = admin_dir.submit_new_remote(
|
|
|
|
metadata_pathname, None, metadata_url, None)
|
|
|
|
pub.cfg['idp'][key_provider_id]['admin-attributes'] = \
|
|
|
|
{'role': 'admin::%s' % str(service.get('slug'))}
|
|
|
|
pub.write_cfg()
|
|
|
|
|
2014-06-17 17:04:40 +02:00
|
|
|
pub.write_cfg()
|
|
|
|
|
|
|
|
CmdCheckHobos.register()
|