initial commit

MANIFEST.in

@@ -0,0 +1,3 @@
+include COPYING MANIFEST.in VERSION
+recursive-include mandaye_cud/templates *.html
+recursive-include mandaye_cud/static *

conf.d/certs/saml.crt

@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxdbs+ZLkuz0DISpAKhHn
+WvNBSW4G0xmlUyZcjUWDQlJH7wC3yxhjioQ2oFpxqcuNf5ft/E1E5KUTqZhcKyX9
+i7XCmhPoea/fmYH3Egxbucv7++sM+TyZpUWbA0TZHBYAjcUPR/1HTcEz3bl0SqB0
+EdjhN5PpXPu1p4pGDPXc4aIkEpFU3mlK+TlV5SrivEqNS/SI14VA9g2WWdJk4+CK
+PgozCfeiFtaiu2zem4uQSmd5AG0f0Av4jzxgut22owFYi9PV+Yl0cWoMOUphAwsR
+RE4gckEqbhLYluAy+VglgzfT4YCXBQ6o23EH0Z0tW28KnIYEY4dQkLca9YRAKhHc
+ywIDAQAB
+-----END PUBLIC KEY-----

conf.d/certs/saml.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAxdbs+ZLkuz0DISpAKhHnWvNBSW4G0xmlUyZcjUWDQlJH7wC3
+yxhjioQ2oFpxqcuNf5ft/E1E5KUTqZhcKyX9i7XCmhPoea/fmYH3Egxbucv7++sM
++TyZpUWbA0TZHBYAjcUPR/1HTcEz3bl0SqB0EdjhN5PpXPu1p4pGDPXc4aIkEpFU
+3mlK+TlV5SrivEqNS/SI14VA9g2WWdJk4+CKPgozCfeiFtaiu2zem4uQSmd5AG0f
+0Av4jzxgut22owFYi9PV+Yl0cWoMOUphAwsRRE4gckEqbhLYluAy+VglgzfT4YCX
+BQ6o23EH0Z0tW28KnIYEY4dQkLca9YRAKhHcywIDAQABAoIBAHS7XPXhW36zAD64
+XEW2bKj4cOQvvG0ga7EFKITeqBUg0XrPFKMMD+eyHT0+QGSsSyAm9+/vc5/pWxGt
+aWy4LMMbiug4qOnsAOXljm+ixRh6qIK67Nu+ivW+fTlPjT8KKGd+B4c1hbX2MnE4
+NMq3o+TH8BNH/eC0UDm715tcEmk6pUSBH3lq3CG7W1TyVjC3FGJcjBAj/X6J45lE
+skJHt9d67KG/MwmzuyoI+U9q2b3jSzoIGzzQQaOItGx3OefRjqWeUyDlUWobuFNV
+Lky+XjmOFJC0voQsUiV2mBSJejHmfuLjJfE+W/HrRc3YwftxCp+emaFshs56U4Ob
+UWu2F9kCgYEA7livJ1nYhHVyYueX6kWKTkBCzcwQO0agLsuYpspDjKGqgUOlFHXW
+9CS+DPi/r086iRYLwmGuaFAnNQJqS3ofjowj9/iZCGD/qe6jj9zMmokWDl1FALYe
+jT3Eg1HLfhe8hddA815yheL5uIVw3t34TTaQuokN86nkcv/bJ53SW4UCgYEA1H4v
+jk88pCNnADqmAnXNbuhPK+w6llre159vtStgKaJrcCZiTejFVpffpdp1b8hU21S2
+lg/FgXHgvrdfwq+uZ+lRNJGyCX3mqe3uXWn6d42A/7tgmRDW4NXtxwelV8MTpwHw
+nS4hwmDyLyYMupyBlw5Iv7N3XmDBJu/tsEPMgA8CgYBP5MpRlnxNalD9dkQl80l5
+EXFTKqQGOpZXGUgCIKqj6U0OJ26efSGglPBfyMH4McadTRaEAdpEfRmnWzfmNPl+
+/trPtDUX6evJOoT5JDoxUuJhzkHjCykSjzHgEvrzOWGoO486BN6+omayw4giLKWe
+vDunS2mx07EQG1OK5AwvQQKBgCZY21YwQH5SkTz+WIUrIza3n8oKaIxHu91nvW4R
+dNouoHrtwmHS9wHoiIjSwsy4d2/ZetXb5MW2eluQlix5Ld08wtXc0SdbXCwgbxrW
+jEfU9omwE/+rhUuv76gyXglXgA1skTKcZ6U/f5U4paVrpwtOnZxS0+DpTxIqzFc5
+9QbLAoGAeqLr0vm4SKnvtwK9F/Q784Rc8Ygq56vUcQIZ81yL4BsE0h6fuTHcSq+H
+NhO5mQFr+CcitGDE48/CRxfw1HYpk+KOtRzY+EdKGAKEu26sUSh7GNCw3TkOvPTo
+E/RgydWsPwjJBDp03z87cITfaoyqoIWLtEmUTeDY8m5dGu0EBzk=
+-----END RSA PRIVATE KEY-----

conf.d/linuxfr_saml_example

@@ -0,0 +1,11 @@
+{
+   "site_name": "linuxfr",
+   "server_name": ["linuxfrsaml.local:8000"],
+   "location": "/",
+   "target": "https://linuxfr.org",
+   "mapper": "linuxfr",
+   "auth_type": "saml2",
+   "saml2_idp_metadata": "http://www.identity-hub.com/idp/saml2/metadata",
+   "saml2_signature_public_key": "certs/saml.crt",
+   "saml2_signature_private_key": "certs/saml.key"
+}

data/README

@@ -0,0 +1,2 @@
+Folder where Mandaye files will be stored.
+It's only use to store metadata files.

local_config.py.example

@@ -0,0 +1,20 @@
+## Virtual hosts configuration
+hosts = {
+        'linuxfrsaml.local:8000': [
+            {
+                'path': r'/',
+                'target': 'http://linuxfr.org',
+                'mapping': 'mandaye_cud.configs.linuxfr_saml_example.linuxfr_mapping'
+                },
+            ],
+
+        }
+
+## SQL Backend config
+# http://docs.sqlalchemy.org/en/rel_0_7/core/engines.html
+# rfc 1738 https://tools.ietf.org/html/rfc1738
+# dialect+driver://username:password@host:port/database
+db_url = 'sqlite:///test.db'
+
+## Logging configuration
+debug = False

manager.py

@@ -0,0 +1,77 @@
+#! /usr/bin/python
+# -*- coding: utf-8 -*-
+
+""" Script to administrate mandaye server
+"""
+
+import os
+os.environ['MANDAYE_CONFIG_MODULE'] = 'mandaye_cud.config'
+
+import base64
+
+from optparse import OptionParser
+
+from mandaye import config
+from mandaye.log import logger
+
+def get_cmd_options():
+    usage = "usage: %prog --createdb|--upgradedb|--cryptpwd"
+    parser = OptionParser(usage=usage)
+    parser.add_option("--createdb",
+            dest="createdb",
+            default=False,
+            action="store_true",
+            help="Create Mandaye database"
+            )
+    parser.add_option("--upgradedb",
+            dest="upgradedb",
+            default=False,
+            action="store_true",
+            help="Upgrade Mandaye database"
+            )
+    parser.add_option("--cryptpwd",
+            dest="cryptpwd",
+            default=False,
+            action="store_true",
+            help="Crypt external password in Mandaye's database"
+            )
+    (options, args) = parser.parse_args()
+    return options
+
+def encrypt_pwd(pwd):
+    from Crypto.Cipher import AES
+    logger.debug("Encrypt password")
+    enc_pwd = pwd
+    if config.encrypt_secret:
+        try:
+            cipher = AES.new(config.encrypt_secret, AES.MODE_CFB)
+            enc_pwd = cipher.encrypt(pwd)
+            enc_pwd = base64.b64encode(enc_pwd)
+        except Exception, e:
+            if config.debug:
+                traceback.print_exc()
+            logger.warning('Password encrypting failed %s' % e)
+    else:
+        logger.warning("You must set a secret to use pwd encryption")
+    return enc_pwd
+
+def main():
+    options = get_cmd_options()
+    if options.createdb or options.upgradedb:
+        logger.info("Creating or upgrading database...")
+        from alembic.config import Config
+        from alembic import command
+        from mandaye import global_config
+        alembic_cfg = Config(global_config.alembic_cfg)
+        alembic_cfg.set_main_option("script_location", global_config.alembic_script_path)
+        command.upgrade(alembic_cfg, "head")
+        logger.info("Database upgraded")
+    if options.cryptpwd:
+        from mandaye.backends.default import ManagerSPUser
+        for user in ManagerSPUser.all():
+            user.password = encrypt_pwd(user.password)
+        ManagerSPUser.save()
+
+if __name__ == "__main__":
+    main()
+

mandaye_cud/__init__.py

@@ -0,0 +1 @@
+__version__="0.1.0"

mandaye_cud/auth/example.py

@@ -0,0 +1,18 @@
+"""
+Here you can overload Mandaye default authentification
+method like SAML2Auth or AuthForm
+"""
+
+from mandaye.auth.authform import AuthForm
+from mandaye.auth.saml2 import SAML2Auth
+
+class MyAuthSAML(SAML2Auth):
+    """ Overload Mandaye SAML2Auth authentification
+    """
+    pass
+
+class MyAuth(AuthForm):
+    """ Overload Mandaye AuthForm authentification
+    """
+    pass
+

mandaye_cud/config.py

@@ -0,0 +1,126 @@
+import logging
+import os
+
+_PROJECT_PATH = os.path.join(os.path.dirname(__file__), '..')
+
+## SQL Backend config
+# Database configuration
+# http://docs.sqlalchemy.org/en/rel_0_7/core/engines.html
+# rfc 1738 https://tools.ietf.org/html/rfc1738
+# dialect+driver://username:password@host:port/database
+db_url = 'sqlite:///' + os.path.join(_PROJECT_PATH, 'mandaye_cud.db')
+
+debug = False
+
+# Log configuration
+LOGGING = {
+        'version': 1,
+        'disable_existing_loggers': True,
+
+        'formatters': {
+            'console': {
+                'format': '%(asctime)s %(levelname)s %(message)s',
+                'datefmt': '%H:%M:%S',
+                },
+            'syslog': {
+                'format': '%(name)s %(levelname)s %(uuid)s %(message)s',
+                }
+            },
+        'handlers': {
+            'console': {
+                'level': 'DEBUG',
+                'class': 'logging.StreamHandler',
+                'formatter': 'console'
+                },
+            'syslog': {
+                'level': 'INFO',
+                'class': 'entrouvert.logging.handlers.SysLogHandler',
+                'formatter': 'syslog',
+                'address': '/dev/log'
+                },
+            },
+            'loggers': {
+                '': {
+                    'handlers': ['console'],
+                    'level': 'DEBUG',
+                    'propagate': False,
+                    },
+                'mandaye': {
+                    'handlers': ['console', 'syslog'],
+                    'level': 'DEBUG',
+                    'propagate': False,
+                    },
+                'mandaye_cud': {
+                    'handlers': ['console', 'syslog'],
+                    'level': 'DEBUG',
+                    'propagate': False,
+                    },
+                },
+            }
+
+
+## PATH
+# Template directory
+template_directory = os.path.join(_PROJECT_PATH, 'mandaye_cud/templates')
+# Configuration directory
+config_root = os.path.join(_PROJECT_PATH, 'conf.d')
+# Static url
+static_url = '/mandaye/static'
+# Static folder
+static_root = os.path.join(_PROJECT_PATH, 'mandaye_cud/static')
+# Data dir
+data_dir = os.path.join(_PROJECT_PATH, 'data')
+
+# Raven Sentry configuration
+raven_dsn = None
+
+# Email notification configuration
+email_notification = False
+email_prefix = '[Mandaye mandaye_cud]'
+smtp_host = 'localhost'
+smtp_port = 25
+email_from = 'traceback@entrouvert.com'
+email_to = ['admin@localhost']
+
+# Use long traceback with xtraceback
+use_long_trace = True
+
+# Ask Mandaye to auto decompress a response message
+# Decompress response only if you load a filter
+auto_decompress = True
+
+# Encrypt service provider passwords with a secret
+# You should install pycypto to use this feature
+encrypt_sp_password = False
+# Must be a 16, 24, or 32 bytes long
+encrypt_secret = ''
+
+# Supported authentification
+authentifications = {
+    'saml2': 'mandaye.auth.saml2.SAML2Auth'
+}
+
+# sp mappers
+mappers = {
+    'linuxfr': 'mandaye_cud.mappers.linuxfr_example'
+}
+
+# Beaker session configuration
+session_opts = {
+    'session.type': 'file',
+    'session.cookie_expires': True,
+    'session.timeout': 3600,
+    'session.data_dir': '/var/tmp/beaker'
+}
+
+# Choose storage
+# Only mandaye.backends.sql at the moment
+storage_backend = "mandaye.backends.sql"
+
+# Import local config
+try:
+    from local_config import *
+except ImportError, e:
+    if 'local_config' in e.args[0]:
+        pass
+

mandaye_cud/filters/example.py

@@ -0,0 +1,11 @@
+
+from mandaye.template import serve_template
+
+class ReplayFilter:
+
+    @staticmethod
+    def associate(env, values, request, response):
+        associate = serve_template(values.get('template'), **values)
+        response.msg = associate
+        return response
+

mandaye_cud/mappers/linuxfr_example.py

@@ -0,0 +1,108 @@
+
+"""
+You need to defined 3 variables :
+
+* form_values (defined the login form values):
+form_values = {
+    'login_url': '/login',
+    'post_url': '/login',
+    'form_attrs': { 'name': 'form40', },
+    'username_field': 'user',
+    'password_field': 'pass',
+    'post_fields': ['birthdate', 'card_number']
+}
+login_url, form_attrs, post_fields and username_field are obligatory
+* urls (a dictionnary with urls) :
+ urls = {
+       'associate_url': '/mandaye/associate',
+       'connection_url': '/mandaye/sso',
+       'login_url': '/mandaye/login'
+       }
+* mapping
+"""
+
+from mandaye.auth.saml2 import END_POINTS_PATH
+from mandaye_cud.filters.example import ReplayFilter
+
+form_values = {
+        'login_url': '/compte/connexion',
+        'form_attrs': { 'id': 'new_account' },
+        'post_fields': ['account[login]', 'account[password]'],
+        'username_field': 'account[login]',
+        'password_field': 'account[password]',
+}
+
+urls = {
+    'associate_url': '/mandaye/associate',
+    'connection_url': '/mandaye/sso',
+    'login_url': '/mandaye/login'
+}
+
+mapping = [
+        {
+            'path': r'/mandaye/login$',
+            'method': 'GET',
+            'response': [{
+                'auth': 'login',
+                'condition': 'response.code==302',
+                },]
+            },  
+        {   
+            'path': r'/mandaye/sso$',
+            'method': 'GET',
+            'response': [{
+                'auth': 'sso',
+                }]
+            },  
+        {   
+            'path': r'/mandaye/slo$',
+            'method': 'GET',
+            'response': [{
+                'auth': 'slo',
+                }]
+            }, 
+        {
+            'path': r'/mandaye/associate$',
+            'method': 'GET',
+            'on_response': [{
+                'filter': ReplayFilter.associate,
+                'values': {
+                    'action': urls['associate_url'],
+                    'template': 'associate.html',
+                    'sp_name': 'Linux FR',
+                    'login_name': form_values['username_field'],
+                    'password_name': form_values['password_field'],
+                    },
+                },]
+            },
+        {
+            'path':  r'/mandaye/associate$',
+            'method': 'POST',
+            'response': [
+                {
+                    'auth': 'associate_submit',
+                    'condition': "response.code==302"
+                    },
+                ]
+            },
+        {
+            'path': r'%s$' % END_POINTS_PATH['single_sign_on_post'],
+            'method': 'POST',
+            'response': [{'auth': 'single_sign_on_post'}]
+            },
+        {
+            'path': r'%s$' % END_POINTS_PATH['single_logout'],
+            'method': 'GET',
+            'response': [{
+                'auth': 'single_logout',
+                }]
+            },
+        {
+            'path': r'%s$' % END_POINTS_PATH['single_logout_return'],
+            'method': 'GET',
+            'response': [{
+                'auth': 'single_logout_return',
+                }]
+            },
+        ]
+

mandaye_cud/static/css/style.css

@@ -0,0 +1,498 @@
+/* theme derived and inspired by TerraFirma
+ * <http://www.oswd.org/design/information/id/3557/>
+ */
+
+html, body {
+	margin: 0;
+	font-family: sans-serif;
+	font-size: 12px;
+}
+
+body#iframe {
+    background: white;
+}
+
+html {
+	background: #F9F9F7 url(../images/a1.gif) repeat-x;
+	color: #44b2cb;
+}
+
+a
+{
+	color: #44b2cb;
+	text-decoration: underline;
+}
+
+a:hover
+{
+	text-decoration: none;
+}
+
+
+div#wrap {
+	background: white;
+	width: 640px;
+	margin: 5em auto;
+	padding: 15px;
+	-moz-border-radius: 6px;
+	-webkit-border-radius:6px;
+	-moz-box-shadow: 0 0 4px rgba(0,0,0,0.75);
+	-webkit-box-shadow: 0 0 4px rgba(0,0,0,0.75);
+	position: relative;
+}
+
+#header
+{
+	position: absolute;
+	background: url(../images/a8.png) repeat-x;
+	-moz-border-radius: 6px 0 0 6px;
+	-webkit-border-radius: 6px 0 0 6px;
+	width: 450px;
+	height: 92px;
+	color: #fff;
+	padding-left: 20px;
+}
+
+#header h1
+{
+	font-size: 23px;
+	letter-spacing: -1px;
+	padding-top: 30px;
+	margin: 0;
+}
+
+#header span
+{
+	margin: 0;
+	font-size: 13px;
+	font-weight: normal;
+	color: #FCE2CA;
+}
+
+#splash
+{
+	position: absolute;
+	right: 20px;
+	background: url(../images/eo.png) no-repeat;
+	width: 153px;
+	height: 92px;
+	-moz-border-radius: 0 6px 6px 0;
+	-webkit-border-radius: 0 6px 6px 0;
+}
+
+div#content {
+	margin: 1em 1ex;
+	margin-top: 130px;
+	padding: 1ex;
+}
+
+div#content h2 {
+	margin-top: 0;
+	font-weight: normal;
+	color: #656551;
+	font-size: 18px;
+	letter-spacing: -1px;
+	line-height: 25px;
+	margin-bottom: 20px;
+	padding: 0 0 10px 15px;
+	position: relative;
+	top: 4px;
+	background: url(../images/a22.gif) bottom repeat-x;
+}
+
+#footer
+{
+	font-size: 70%;
+	position: relative;
+	clear: both;
+	height: 66px;
+	text-align: center;
+	line-height: 66px;
+	background-image: url(../images/a8.png);
+	color: #fff;
+}
+
+#footer a
+{
+	color: #8C8C73;
+}
+
+
+form#login-form p {
+	float: left;
+	width: 40%;
+}
+
+form#login-form input.submit {
+	float: right;
+	width: 18%;
+	margin-top: 30px;
+}
+
+div.login-actions {
+	clear: both;
+	padding-top: 1em;
+}
+
+div.login-actions p {
+	margin: 0;
+}
+
+form p {
+	margin: 0 0 1em 0;
+}
+
+form p label {
+	display: block;
+}
+
+form p input,
+form p textarea {
+	margin-left: 10px;
+}
+
+ul.messages {
+	margin: 0;
+	padding: 0;
+	list-style: none;
+}
+
+ul.messages li.error {
+	color: #e80404;
+}
+
+ul.errorlist {
+	margin: 0;
+	padding: 0;
+	color: #e80404;
+	list-style: none;
+}
+
+input, textarea {
+	padding: 5px;
+	border: 1px solid #cccccc;
+	color:#666666;
+	background: white;
+	color: black;
+}
+
+textarea:focus, input[type="text"]:focus, input[type="password"]:focus {
+	border: 1px solid #4690d6;
+	color:#333333;
+}
+
+input[type=submit] {
+	color: #ffffff;
+	background:#4690d6;
+	border: 1px solid #2a567f;
+	font-weight: bold;
+	padding: 2px 8px 2px 8px;
+	margin: 0;
+	cursor: pointer;
+}
+
+
+input[type=submit]:hover {
+	border-color: #0e1d2b;
+}
+
+form#login-form ul.errorlist {
+	margin-bottom: 1em;
+	width: 80%;
+	font-weight: normal;
+}
+
+/* OpenID Stuff */
+
+#openid_btns, #openid_btns br {
+	clear: both;
+}
+
+#openid_highlight a {
+	border: 1px solid #888;
+}
+
+#openid_input_area input[type=submit] {
+	padding-top: 0;
+	margin-top: 0;
+	margin-left: 1em;
+}
+
+.openid_large_btn {
+	width: 100px;
+	height: 60px;
+	border: 1px solid #DDD;
+	margin: 3px;
+	float: left;
+}
+.openid_small_btn {
+	width: 24px;
+	height: 24px;
+	border: 1px solid #DDD;
+	margin: 3px;
+	float: left;
+}
+
+a.openid_large_btn:focus {
+	outline: none;
+}
+a.openid_large_btn:focus {
+	-moz-outline-style: none;
+}
+.openid_selected {
+	border: 4px solid #DDD;
+}
+
+#openid_input_area {
+	clear: both;
+	padding-top: 2.5em;
+}
+
+li.indented {
+	margin-left: 50px;
+}
+
+ul.NoBullet {
+	list-style-type: none;
+}
+
+div#content h4 {
+	margin-bottom: 5px;
+	margin-top: 30px;
+}
+
+div#content p {
+        margin-top: 0;
+}
+
+div.errors {
+	margin: 0;
+	padding: 0;
+	color: #e80404;
+	list-style: none;
+}
+
+div#breadcrumb {
+	font-size: 80%;
+	margin-bottom: 1em;
+}
+
+div#user {
+	position: absolute;
+	top: 115px;
+	right: 12px;
+}
+
+a#logout {
+	font-size: 100%;
+}
+
+
+.ui-tabs .ui-tabs-hide {
+     display: none;
+}
+
+h4 {
+	padding-left: 0.5em;
+}
+
+h4 + div, div#profile {
+	padding-left: 1em;
+}
+
+
+div#menu {
+position: relative;
+background: #46461F url(../images/a17.gif) repeat-x;
+height: 67px;
+padding: 0px 20px 0px 5px;
+margin: 136px 0px 0px 0px;
+}
+
+#menu ul
+{
+        padding: 0;
+        margin: 0;
+}
+
+#menu ul li
+{
+display: inline;
+line-height: 52px;
+padding-left: 3px;
+}
+
+#menu ul li.first
+{
+border-left: 0px;
+}
+
+#menu ul li a
+{
+background-color: transparent;
+background-repeat: repeat-x;
+padding: 8px 12px 8px 12px;
+font-size: 12px;
+color: #fff;
+font-weight: bold;
+}
+#menu ul li a:hover
+{
+background: #fff url(../images/a18.gif) repeat-x top;
+color: #4A4A24;
+text-decoration: none;
+}
+
+#eo
+{
+position: absolute;
+top: 0px;
+line-height: 52px;
+color: #BDBDA2;
+right: 30px;
+font-weight: bold;
+font-size: 12px;
+letter-spacing: -1px;
+}
+
+#eo a {
+        color: inherit;
+        text-decoration: none;
+}
+
+ul#tab-nav {
+        list-style: none;
+        padding: 0;
+        width: 160px;
+        float: left;
+}
+
+ul#tab-nav li {
+        line-height: 300%;
+        position: relative;
+        right: -1px;
+        border: 1px solid transparent;
+}
+
+ul#tab-nav li.ui-tabs-selected {
+        border: 1px solid #ccc;
+        border-right: 1px solid white;
+}
+
+ul#tab-nav a {
+        display: block;
+        padding-left: 1ex;
+        outline: none;
+        -moz-user-focus:ignore;
+}
+
+ul#tab-nav a:hover {
+}
+
+ul#tab-nav a:active {
+}
+
+/* XXX: add a class to divs, so it works in IE */
+div#tabs > div {
+        border: 1px solid #ccc;
+        float: left;
+        width: 420px;
+        padding: 10px;
+        min-height: 26em;
+}
+
+a.bigbutton {
+	display: block;
+	-moz-border-radius: 6px;
+	-webkit-border-radius:6px;
+	border: 1px solid black;
+	margin: 2em 0;
+	line-height: 300%;
+	text-align: center;
+	text-decoration: none;
+	font-weight: bold;
+	-webkit-box-shadow: 0 0 4px rgba(0,0,0,0.75);
+	-moz-box-shadow: 0 0 4px rgba(0,0,0,0.75);
+}
+
+a.bigbutton:hover {
+	background: #eee;
+}
+
+div#providers {
+	display: none;
+}
+
+#modalOverlay {
+	height:100%;
+	width:100%;
+	position:fixed;
+	left:0;
+	top:0;
+	z-index:3000;
+	background-color: rgba(0, 0, 0, 0.8);
+	cursor:wait;
+}
+
+div#popup {
+	display: none;
+	position:fixed;
+	width:500px;
+	left:50%;
+	margin-left:-250px;
+	z-index:3100;
+	top: 10%;
+}
+
+div#popup div {
+	position: relative;
+	margin: 0;
+	background: white;
+	border: 1px solid black;
+	border-color: #333 black black #333;
+}
+
+div#popup h2 {
+	text-align: center;
+}
+
+div#popup ul {
+	max-height: 70px;
+	overflow: auto;
+	margin: 0 1em 1em 1em;
+	padding: 0 1em 1em 1em;
+}
+
+div#popup h3 {
+	margin-bottom: 4px;
+	padding-left: 10px;
+}
+
+div#popup p {
+	margin: 5px;
+}
+
+div#popup a#close {
+	float: right;
+	padding: 1ex;
+}
+
+a.roleid_button {
+    -moz-border-radius: 5px;
+    -webkit-border-radius: 5px;
+    border-radius: 5px;
+    background: #5C5C5C;
+    color: #44b2cb;
+    font-weight: bold;
+    padding-top: 5px;
+    padding-bottom: 5px;
+    padding-right: 10px;
+    padding-left: 10px;
+    margin: 0;
+    cursor: pointer;
+    text-decoration: none;
+}
+
+a.roleid_button:hover {
+    background: black;
+}

mandaye_cud/templates/associate.html

@@ -0,0 +1,34 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
+<html>
+  <head>
+  <link rel="stylesheet" href="${static_url}/css/style.css" />
+    <title>1er connexion</title>
+  </head>
+  <body>
+    <div id="wrap">
+      <div id="header">
+        <h1>Première connexion</h1>
+        <span>Associer un compte</span>
+      </div>
+      <div id="splash"></div>
+      <div id="content">
+        <h1>Association</h1>
+        <p>Associer ${sp_name} avec votre compte citoyen</p>
+        <form action="${action}" method="post" accept-charset="utf-8">
+          <div>
+            <label for="username">Utilisateur</label>
+            <input type="text" name="${login_name}" value="" id="username" />
+          </div>
+          <div>
+            <label for="password">Mot de passe</label>
+            <input type="password" name="${password_name}" value="" id="password" />
+          </div>
+          <p><input type="submit" value="Associer"></p>
+        </form>
+      </div>
+      <div id="footer">
+        Copyright &copy; 2013 Entr'ouvert
+      </div>
+    </div>
+  </body>
+</html>

mandaye_cud/wsgi.py

@@ -0,0 +1,15 @@
+
+import os
+
+os.environ.setdefault("MANDAYE_CONFIG_MODULE", "mandaye_cud.config")
+
+from beaker.middleware import SessionMiddleware
+from whitenoise import WhiteNoise
+
+from mandaye_cud import config
+from mandaye.server import MandayeApp
+
+application = SessionMiddleware(MandayeApp(), config.session_opts)
+application_dev = WhiteNoise(application, root=config.static_root, prefix=config.static_url)
+
+

requirements.txt

@@ -0,0 +1,3 @@
+gunicorn>=0.17
+mandaye>=0.8.0
+whitenoise>=1.0

server.py

@@ -0,0 +1,30 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+""" Script to launch mandaye with gunicorn server
+"""
+
+import os
+os.environ.setdefault("MANDAYE_CONFIG_MODULE", "mandaye_cud.config")
+
+import sys
+
+from mandaye.log import logger
+from gunicorn.app.wsgiapp import WSGIApplication
+
+class MandayeWSGIApplication(WSGIApplication):
+
+    def init(self, parser, opts, args):
+        self.cfg.set("default_proc_name", "mandaye_cud.wsgi:application_dev")
+        self.app_uri = "mandaye_cud.wsgi:application_dev"
+
+def main():
+    """ The ``gunicorn`` command line runner for launcing Gunicorn with
+    generic WSGI applications.
+    """
+    logger.info('mandaye_cud reverse-proxy start')
+    MandayeWSGIApplication("%(prog)s [OPTIONS]").run()
+
+if __name__ == "__main__":
+    main()
+

setup.py

@@ -0,0 +1,49 @@
+#! /usr/bin/env python
+
+'''
+   Setup script for mandaye_cud RP
+'''
+
+import os
+import subprocess
+
+from setuptools import setup, find_packages
+from sys import version
+
+import mandaye_cud
+
+install_requires=[
+        'gunicorn>=0.17',
+        'mandaye>=0.8.0',
+        'whitenoise>=1.0'
+]
+
+def get_version():
+    if os.path.exists('VERSION'):
+        version_file = open('VERSION', 'r')
+        version = version_file.read()
+        version_file.close()
+        return version
+    if os.path.exists('.git'):
+        p = subprocess.Popen(['git','describe','--match=v*'],
+                stdout=subprocess.PIPE)
+        result = p.communicate()[0]
+        version = result.split()[0][1:]
+        return version.replace('-','.')
+    return mandaye_cud.__version__
+
+setup(name="mandaye_cud",
+      version=get_version(),
+      license="AGPLv3 or later",
+      description="mandaye_cud rp is a Mandaye project, modular reverse proxy to authenticate",
+      url="http://dev.entrouvert.org/projects/reverse-proxy/",
+      author="Author",
+      author_email="author@example.com",
+      maintainer="Maintainer",
+      maintainer_email="maintainer@exmaple.com",
+      scripts=['mandaye_cud_manager', 'mandaye_cud_server'],
+      packages=find_packages(),
+      include_package_data=True,
+      install_requires=install_requires
+)
+