entrouvert
/
pyoidc-ozwillo
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity

Refactored according to PEP8 and optimized imports

This commit is contained in:
Manuel Jeckelmann 2014-11-07 14:49:22 +01:00
parent e443a16742
commit 57cd46ad23
47 changed files with 14915 additions and 5123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.gitignore vendored
View File

@ -23,10 +23,7 @@ doc/_build
# Remaining stuff
oidc_example/op2/client_db.db
oidc_example/op2/config.py
oidc_example/op2/modules/base.mako.py
oidc_example/op2/modules/login.mako.py
oidc_example/op2/modules/root.mako.py
oidc_example/op2/modules/unauthorized.mako.py
oidc_example/op2/modules
oidc_example/op2/sp.xml
oidc_example/op2/sp_cert/tmp_mycert.pem
oidc_example/op2/sp_cert/tmp_mykey.pem

51
oidc_example/rp3/htdocs/opchoice.mako
View File

@ -1,5 +1,5 @@
<%!
def op_choice(op_list):
def op_choice(op_list):
"""
Creates a dropdown list of OpenID Connect providers
"""
@ -13,47 +13,50 @@ def op_choice(op_list):
<!DOCTYPE html>
<html>
<head>
<head>
<title>pyoidc RP</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<!-- Bootstrap -->
<link href="static/bootstrap/css/bootstrap.min.css" rel="stylesheet" media="screen">
<link href="static/style.css" rel="stylesheet" media="all">
<link href="static/style.css" rel="stylesheet" media="all">
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
<script src="../../assets/js/html5shiv.js"></script>
<script src="../../assets/js/respond.min.js"></script>
<script src="../../assets/js/html5shiv.js"></script>
<script src="../../assets/js/respond.min.js"></script>
<![endif]-->
</head>
<body>
</head>
<body>
<!-- Static navbar -->
<div class="navbar navbar-default navbar-fixed-top">
<div class="navbar-header">
<a class="navbar-brand" href="#">pyoidc RP</a>
</div>
<!-- Static navbar -->
<div class="navbar navbar-default navbar-fixed-top">
<div class="navbar-header">
<a class="navbar-brand" href="#">pyoidc RP</a>
</div>
</div>
<div class="container">
<!-- Main component for a primary marketing message or call to action -->
<div class="jumbotron">
<div class="container">
<!-- Main component for a primary marketing message or call to action -->
<div class="jumbotron">
<form class="form-signin" action="rp" method="get">
<h1>OP by UID</h1>
<h3>Chose the OpenID Connect Provider: </h3>
<h1>OP by UID</h1>
<h3>Chose the OpenID Connect Provider: </h3>
<p>From this list</p>
${op_choice(op_list)}
<p> OR by providing your unique identifier at the OP. </p>
<input type="text" id="uid" name="uid" class="form-control" placeholder="UID" autofocus>
<button class="btn btn-lg btn-primary btn-block" type="submit">Start</button>
</form>
</div>
</div>
</div> <!-- /container -->
<!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
<script src="/static/jquery.min.1.9.1.js"></script>
<!-- Include all compiled plugins (below), or include individual files as needed -->
<script src="/static/bootstrap/js/bootstrap.min.js"></script>
</div>
<!-- /container -->
<!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
<script src="/static/jquery.min.1.9.1.js"></script>
<!-- Include all compiled plugins (below), or include individual files as needed -->
<script src="/static/bootstrap/js/bootstrap.min.js"></script>
</body>
</body>
</html>

70
oidc_example/rp3/htdocs/operror.mako
View File

@ -1,53 +1,57 @@
<!DOCTYPE html>
<html>
<head>
<head>
<title>pyoidc RP</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<!-- Bootstrap -->
<link href="static/bootstrap/css/bootstrap.min.css" rel="stylesheet" media="screen">
<link href="static/style.css" rel="stylesheet" media="all">
<link href="static/style.css" rel="stylesheet" media="all">
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
<script src="../../assets/js/html5shiv.js"></script>
<script src="../../assets/js/respond.min.js"></script>
<script src="../../assets/js/html5shiv.js"></script>
<script src="../../assets/js/respond.min.js"></script>
<![endif]-->
</head>
<body>
</head>
<body>
<!-- Static navbar -->
<div class="navbar navbar-default navbar-fixed-top">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<!-- Static navbar -->
<div class="navbar navbar-default navbar-fixed-top">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="#">pyoidc RP</a>
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav">
</ul>
<ul class="nav navbar-nav navbar-right">
</button>
<a class="navbar-brand" href="#">pyoidc RP</a>
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav">
</ul>
<ul class="nav navbar-nav navbar-right">
<li><a href="logout">Logout</a></li>
</ul>
</div><!--/.nav-collapse -->
</ul>
</div>
<!--/.nav-collapse -->
</div>
<div class="container">
<!-- Main component for a primary marketing message or call to action -->
<div class="jumbotron">
<h1>OP result</h1>
<p>You have failed to connect to the designated OP with the message:</p>
<p>${error}</p>
</div>
<div class="container">
<!-- Main component for a primary marketing message or call to action -->
<div class="jumbotron">
<h1>OP result</h1>
<p>You have failed to connect to the designated OP with the message:</p>
<p>${error}</p>
</div>
</div>
<!-- /container -->
<!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
<script src="/static/jquery.min.1.9.1.js"></script>
<!-- Include all compiled plugins (below), or include individual files as needed -->
<script src="/static/bootstrap/js/bootstrap.min.js"></script>
</div> <!-- /container -->
<!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
<script src="/static/jquery.min.1.9.1.js"></script>
<!-- Include all compiled plugins (below), or include individual files as needed -->
<script src="/static/bootstrap/js/bootstrap.min.js"></script>
</body>
</body>
</html>

88
oidc_example/rp3/htdocs/opresult.mako
View File

@ -1,29 +1,29 @@
<!DOCTYPE html>
<%!
import htmlentitydefs
import re, string
<%!
import htmlentitydefs
import re, string
# this pattern matches substrings of reserved and non-ASCII characters
pattern = re.compile(r"[&<>\"\x80-\xff]+")
# this pattern matches substrings of reserved and non-ASCII characters
pattern = re.compile(r"[&<>\"\x80-\xff]+")
# create character map
entity_map = {}
# create character map
entity_map = {}
for i in range(256):
for i in range(256):
entity_map[chr(i)] = "&#%d;" % i
for entity, char in htmlentitydefs.entitydefs.items():
for entity, char in htmlentitydefs.entitydefs.items():
if entity_map.has_key(char):
entity_map[char] = "&%s;" % entity
def escape_entity(m, get=entity_map.get):
def escape_entity(m, get=entity_map.get):
return string.join(map(get, m.group()), "")
def escape(string):
def escape(string):
return pattern.sub(escape_entity, string)
def create_result(userinfo):
def create_result(userinfo):
"""
Creates a display of user information.
"""
@ -35,56 +35,58 @@
element += "<div class='col-md-7'>" + escape(unicode(value).encode("utf-8")) + "</div>"
element += "</div>"
return element
%>
%>
<html>
<head>
<head>
<title>pyoidc RP</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<!-- Bootstrap -->
<link href="static/bootstrap/css/bootstrap.min.css" rel="stylesheet" media="screen">
<link href="static/style.css" rel="stylesheet" media="all">
<link href="static/style.css" rel="stylesheet" media="all">
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!--[if lt IE 9]>
<script src="../../assets/js/html5shiv.js"></script>
<script src="../../assets/js/respond.min.js"></script>
<script src="../../assets/js/html5shiv.js"></script>
<script src="../../assets/js/respond.min.js"></script>
<![endif]-->
</head>
<body>
</head>
<body>
<!-- Static navbar -->
<div class="navbar navbar-default navbar-fixed-top">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<!-- Static navbar -->
<div class="navbar navbar-default navbar-fixed-top">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="#">pyoidc RP</a>
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav">
</ul>
<ul class="nav navbar-nav navbar-right">
<li><a href="logout">Logout</a></li>
</ul>
</div><!--/.nav-collapse -->
</button>
<a class="navbar-brand" href="#">pyoidc RP</a>
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav">
</ul>
<ul class="nav navbar-nav navbar-right">
<li><a href="logout">Logout</a></li>
</ul>
</div>
<!--/.nav-collapse -->
</div>
<div class="container">
<!-- Main component for a primary marketing message or call to action -->
<div class="jumbotron">
<div class="container">
<!-- Main component for a primary marketing message or call to action -->
<div class="jumbotron">
<h1>OP result</h1>
${create_result(userinfo)}
</div>
</div>
</div> <!-- /container -->
<!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
<script src="/static/jquery.min.1.9.1.js"></script>
<!-- Include all compiled plugins (below), or include individual files as needed -->
<script src="/static/bootstrap/js/bootstrap.min.js"></script>
</div>
<!-- /container -->
<!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
<script src="/static/jquery.min.1.9.1.js"></script>
<!-- Include all compiled plugins (below), or include individual files as needed -->
<script src="/static/bootstrap/js/bootstrap.min.js"></script>
</body>
</body>
</html>

11
oidc_example/rp3/modules/opchoice.mako.py
View File

@ -1,5 +1,6 @@
# -*- coding:utf-8 -*-
from mako import runtime, filters, cache
from mako import runtime
UNDEFINED = runtime.UNDEFINED
__M_dict_builtin = dict
__M_locals_builtin = locals
@ -25,17 +26,19 @@ def op_choice(op_list):
return element
def render_body(context,**pageargs):
def render_body(context, **pageargs):
__M_caller = context.caller_stack._push_frame()
try:
__M_locals = __M_dict_builtin(pageargs=pageargs)
op_list = context.get('op_list', UNDEFINED)
__M_writer = context.writer()
# SOURCE LINE 11
__M_writer(u'\n\n<!DOCTYPE html>\n\n<html>\n <head>\n <title>pyoidc RP</title>\n <meta name="viewport" content="width=device-width, initial-scale=1.0">\n <!-- Bootstrap -->\n <link href="static/bootstrap/css/bootstrap.min.css" rel="stylesheet" media="screen">\n <link href="static/style.css" rel="stylesheet" media="all">\n\n <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->\n <!--[if lt IE 9]>\n <script src="../../assets/js/html5shiv.js"></script>\n <script src="../../assets/js/respond.min.js"></script>\n <![endif]-->\n </head>\n <body>\n\n <!-- Static navbar -->\n <div class="navbar navbar-default navbar-fixed-top">\n <div class="navbar-header">\n <a class="navbar-brand" href="#">pyoidc RP</a>\n </div>\n </div>\n\n <div class="container">\n <!-- Main component for a primary marketing message or call to action -->\n <div class="jumbotron">\n <form class="form-signin" action="rp" method="get">\n <h1>OP by UID</h1>\n <h3>Chose the OpenID Connect Provider: </h3>\n <p>From this list</p>\n ')
__M_writer(
u'\n\n<!DOCTYPE html>\n\n<html>\n <head>\n <title>pyoidc RP</title>\n <meta name="viewport" content="width=device-width, initial-scale=1.0">\n <!-- Bootstrap -->\n <link href="static/bootstrap/css/bootstrap.min.css" rel="stylesheet" media="screen">\n <link href="static/style.css" rel="stylesheet" media="all">\n\n <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->\n <!--[if lt IE 9]>\n <script src="../../assets/js/html5shiv.js"></script>\n <script src="../../assets/js/respond.min.js"></script>\n <![endif]-->\n </head>\n <body>\n\n <!-- Static navbar -->\n <div class="navbar navbar-default navbar-fixed-top">\n <div class="navbar-header">\n <a class="navbar-brand" href="#">pyoidc RP</a>\n </div>\n </div>\n\n <div class="container">\n <!-- Main component for a primary marketing message or call to action -->\n <div class="jumbotron">\n <form class="form-signin" action="rp" method="get">\n <h1>OP by UID</h1>\n <h3>Chose the OpenID Connect Provider: </h3>\n <p>From this list</p>\n ')
# SOURCE LINE 45
__M_writer(unicode(op_choice(op_list)))
__M_writer(u'\n <p> OR by providing your unique identifier at the OP. </p>\n <input type="text" id="uid" name="uid" class="form-control" placeholder="UID" autofocus>\n <button class="btn btn-lg btn-primary btn-block" type="submit">Start</button>\n </form>\n </div>\n\n </div> <!-- /container -->\n <!-- jQuery (necessary for Bootstrap\'s JavaScript plugins) -->\n <script src="/static/jquery.min.1.9.1.js"></script>\n <!-- Include all compiled plugins (below), or include individual files as needed -->\n <script src="/static/bootstrap/js/bootstrap.min.js"></script>\n\n </body>\n</html>')
__M_writer(
u'\n <p> OR by providing your unique identifier at the OP. </p>\n <input type="text" id="uid" name="uid" class="form-control" placeholder="UID" autofocus>\n <button class="btn btn-lg btn-primary btn-block" type="submit">Start</button>\n </form>\n </div>\n\n </div> <!-- /container -->\n <!-- jQuery (necessary for Bootstrap\'s JavaScript plugins) -->\n <script src="/static/jquery.min.1.9.1.js"></script>\n <!-- Include all compiled plugins (below), or include individual files as needed -->\n <script src="/static/bootstrap/js/bootstrap.min.js"></script>\n\n </body>\n</html>')
return ''
finally:
context.caller_stack._pop_frame()

6
oidc_example/rp3/oidc.py
View File

@ -22,7 +22,7 @@ class Client(oic.Client):
def __init__(self, client_id=None, ca_certs=None,
client_prefs=None, client_authn_method=None, keyjar=None,
verify_ssl=True, behaviour=None):
oic.Client.__init__(self, client_id, ca_certs, client_prefs,
super(Client, self).__init__(self, client_id, ca_certs, client_prefs,
client_authn_method, keyjar, verify_ssl)
if behaviour:
self.behaviour = behaviour
@ -191,7 +191,7 @@ class OIDCClients(object):
ProviderConfigurationResponse(**kwargs["provider_info"]),
kwargs["provider_info"]["issuer"])
client.store_registration_info(RegistrationResponse(
**kwargs["client_registration"]))
**kwargs["client_registration"]))
elif _key_set == set(["srv_discovery_url", "client_registration"]):
_ = client.provider_config(kwargs["srv_discovery_url"])
client.store_registration_info(RegistrationResponse(
@ -232,4 +232,4 @@ class OIDCClients(object):
return self.dynamic_client(item)
def keys(self):
return self.client.keys()
return self.client.keys()

5
oidc_example/rp3/rp.py
View File

@ -5,12 +5,12 @@ import urllib
from jwkest.jws import alg2keytype
from mako.lookup import TemplateLookup
from urlparse import parse_qs
import logging
from oic.utils.http_util import NotFound
from oic.utils.http_util import Response
from oic.utils.http_util import Redirect
import logging
LOGGER = logging.getLogger("")
LOGFILE_NAME = 'rp.log'
@ -34,7 +34,7 @@ LOOKUP = TemplateLookup(directories=['templates', 'htdocs'],
SERVER_ENV = {}
#noinspection PyUnresolvedReferences
# noinspection PyUnresolvedReferences
def static(environ, start_response, logger, path):
logger.info("[static]sending: %s" % (path,))
@ -168,6 +168,7 @@ def application(environ, start_response):
return opchoice(environ, start_response, CLIENTS)
if __name__ == '__main__':
from oidc import OIDCClients
from oidc import OIDCError

432
oidc_example/rp3/static/bootstrap/css/bootstrap-theme.css vendored
View File

@ -4,9 +4,9 @@
.btn-info,
.btn-warning,
.btn-danger {
text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.2);
-webkit-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.15), 0 1px 1px rgba(0, 0, 0, 0.075);
box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.15), 0 1px 1px rgba(0, 0, 0, 0.075);
text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.2);
-webkit-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.15), 0 1px 1px rgba(0, 0, 0, 0.075);
box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.15), 0 1px 1px rgba(0, 0, 0, 0.075);
}
.btn-default:active,
@ -21,117 +21,117 @@
.btn-info.active,
.btn-warning.active,
.btn-danger.active {
-webkit-box-shadow: inset 0 3px 5px rgba(0, 0, 0, 0.125);
box-shadow: inset 0 3px 5px rgba(0, 0, 0, 0.125);
-webkit-box-shadow: inset 0 3px 5px rgba(0, 0, 0, 0.125);
box-shadow: inset 0 3px 5px rgba(0, 0, 0, 0.125);
}
.btn:active,
.btn.active {
background-image: none;
background-image: none;
}
.btn-default {
text-shadow: 0 1px 0 #fff;
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#ffffff), to(#e6e6e6));
background-image: -webkit-linear-gradient(top, #ffffff, 0%, #e6e6e6, 100%);
background-image: -moz-linear-gradient(top, #ffffff 0%, #e6e6e6 100%);
background-image: linear-gradient(to bottom, #ffffff 0%, #e6e6e6 100%);
background-repeat: repeat-x;
border-color: #e0e0e0;
border-color: #ccc;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff', endColorstr='#ffe6e6e6', GradientType=0);
text-shadow: 0 1px 0 #fff;
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#ffffff), to(#e6e6e6));
background-image: -webkit-linear-gradient(top, #ffffff, 0%, #e6e6e6, 100%);
background-image: -moz-linear-gradient(top, #ffffff 0%, #e6e6e6 100%);
background-image: linear-gradient(to bottom, #ffffff 0%, #e6e6e6 100%);
background-repeat: repeat-x;
border-color: #e0e0e0;
border-color: #ccc;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff', endColorstr='#ffe6e6e6', GradientType=0);
}
.btn-default:active,
.btn-default.active {
background-color: #e6e6e6;
border-color: #e0e0e0;
background-color: #e6e6e6;
border-color: #e0e0e0;
}
.btn-primary {
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#428bca), to(#3071a9));
background-image: -webkit-linear-gradient(top, #428bca, 0%, #3071a9, 100%);
background-image: -moz-linear-gradient(top, #428bca 0%, #3071a9 100%);
background-image: linear-gradient(to bottom, #428bca 0%, #3071a9 100%);
background-repeat: repeat-x;
border-color: #2d6ca2;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff428bca', endColorstr='#ff3071a9', GradientType=0);
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#428bca), to(#3071a9));
background-image: -webkit-linear-gradient(top, #428bca, 0%, #3071a9, 100%);
background-image: -moz-linear-gradient(top, #428bca 0%, #3071a9 100%);
background-image: linear-gradient(to bottom, #428bca 0%, #3071a9 100%);
background-repeat: repeat-x;
border-color: #2d6ca2;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff428bca', endColorstr='#ff3071a9', GradientType=0);
}
.btn-primary:active,
.btn-primary.active {
background-color: #3071a9;
border-color: #2d6ca2;
background-color: #3071a9;
border-color: #2d6ca2;
}
.btn-success {
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#5cb85c), to(#449d44));
background-image: -webkit-linear-gradient(top, #5cb85c, 0%, #449d44, 100%);
background-image: -moz-linear-gradient(top, #5cb85c 0%, #449d44 100%);
background-image: linear-gradient(to bottom, #5cb85c 0%, #449d44 100%);
background-repeat: repeat-x;
border-color: #419641;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5cb85c', endColorstr='#ff449d44', GradientType=0);
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#5cb85c), to(#449d44));
background-image: -webkit-linear-gradient(top, #5cb85c, 0%, #449d44, 100%);
background-image: -moz-linear-gradient(top, #5cb85c 0%, #449d44 100%);
background-image: linear-gradient(to bottom, #5cb85c 0%, #449d44 100%);
background-repeat: repeat-x;
border-color: #419641;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5cb85c', endColorstr='#ff449d44', GradientType=0);
}
.btn-success:active,
.btn-success.active {
background-color: #449d44;
border-color: #419641;
background-color: #449d44;
border-color: #419641;
}
.btn-warning {
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#f0ad4e), to(#ec971f));
background-image: -webkit-linear-gradient(top, #f0ad4e, 0%, #ec971f, 100%);
background-image: -moz-linear-gradient(top, #f0ad4e 0%, #ec971f 100%);
background-image: linear-gradient(to bottom, #f0ad4e 0%, #ec971f 100%);
background-repeat: repeat-x;
border-color: #eb9316;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff0ad4e', endColorstr='#ffec971f', GradientType=0);
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#f0ad4e), to(#ec971f));
background-image: -webkit-linear-gradient(top, #f0ad4e, 0%, #ec971f, 100%);
background-image: -moz-linear-gradient(top, #f0ad4e 0%, #ec971f 100%);
background-image: linear-gradient(to bottom, #f0ad4e 0%, #ec971f 100%);
background-repeat: repeat-x;
border-color: #eb9316;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff0ad4e', endColorstr='#ffec971f', GradientType=0);
}
.btn-warning:active,
.btn-warning.active {
background-color: #ec971f;
border-color: #eb9316;
background-color: #ec971f;
border-color: #eb9316;
}
.btn-danger {
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#d9534f), to(#c9302c));
background-image: -webkit-linear-gradient(top, #d9534f, 0%, #c9302c, 100%);
background-image: -moz-linear-gradient(top, #d9534f 0%, #c9302c 100%);
background-image: linear-gradient(to bottom, #d9534f 0%, #c9302c 100%);
background-repeat: repeat-x;
border-color: #c12e2a;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffd9534f', endColorstr='#ffc9302c', GradientType=0);
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#d9534f), to(#c9302c));
background-image: -webkit-linear-gradient(top, #d9534f, 0%, #c9302c, 100%);
background-image: -moz-linear-gradient(top, #d9534f 0%, #c9302c 100%);
background-image: linear-gradient(to bottom, #d9534f 0%, #c9302c 100%);
background-repeat: repeat-x;
border-color: #c12e2a;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffd9534f', endColorstr='#ffc9302c', GradientType=0);
}
.btn-danger:active,
.btn-danger.active {
background-color: #c9302c;
border-color: #c12e2a;
background-color: #c9302c;
border-color: #c12e2a;
}
.btn-info {
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#5bc0de), to(#31b0d5));
background-image: -webkit-linear-gradient(top, #5bc0de, 0%, #31b0d5, 100%);
background-image: -moz-linear-gradient(top, #5bc0de 0%, #31b0d5 100%);
background-image: linear-gradient(to bottom, #5bc0de 0%, #31b0d5 100%);
background-repeat: repeat-x;
border-color: #2aabd2;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de', endColorstr='#ff31b0d5', GradientType=0);
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#5bc0de), to(#31b0d5));
background-image: -webkit-linear-gradient(top, #5bc0de, 0%, #31b0d5, 100%);
background-image: -moz-linear-gradient(top, #5bc0de 0%, #31b0d5 100%);
background-image: linear-gradient(to bottom, #5bc0de 0%, #31b0d5 100%);
background-repeat: repeat-x;
border-color: #2aabd2;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de', endColorstr='#ff31b0d5', GradientType=0);
}
.btn-info:active,
.btn-info.active {
background-color: #31b0d5;
border-color: #2aabd2;
background-color: #31b0d5;
border-color: #2aabd2;
}
.thumbnail,
.img-thumbnail {
-webkit-box-shadow: 0 1px 2px rgba(0, 0, 0, 0.075);
box-shadow: 0 1px 2px rgba(0, 0, 0, 0.075);
-webkit-box-shadow: 0 1px 2px rgba(0, 0, 0, 0.075);
box-shadow: 0 1px 2px rgba(0, 0, 0, 0.075);
}
.dropdown-menu > li > a:hover,
@ -139,246 +139,246 @@
.dropdown-menu > .active > a,
.dropdown-menu > .active > a:hover,
.dropdown-menu > .active > a:focus {
background-color: #357ebd;
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#428bca), to(#357ebd));
background-image: -webkit-linear-gradient(top, #428bca, 0%, #357ebd, 100%);
background-image: -moz-linear-gradient(top, #428bca 0%, #357ebd 100%);
background-image: linear-gradient(to bottom, #428bca 0%, #357ebd 100%);
background-repeat: repeat-x;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff428bca', endColorstr='#ff357ebd', GradientType=0);
background-color: #357ebd;
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#428bca), to(#357ebd));
background-image: -webkit-linear-gradient(top, #428bca, 0%, #357ebd, 100%);
background-image: -moz-linear-gradient(top, #428bca 0%, #357ebd 100%);
background-image: linear-gradient(to bottom, #428bca 0%, #357ebd 100%);
background-repeat: repeat-x;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff428bca', endColorstr='#ff357ebd', GradientType=0);
}
.navbar {
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#ffffff), to(#f8f8f8));
background-image: -webkit-linear-gradient(top, #ffffff, 0%, #f8f8f8, 100%);
background-image: -moz-linear-gradient(top, #ffffff 0%, #f8f8f8 100%);
background-image: linear-gradient(to bottom, #ffffff 0%, #f8f8f8 100%);
background-repeat: repeat-x;
border-radius: 4px;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff', endColorstr='#fff8f8f8', GradientType=0);
-webkit-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.15), 0 1px 5px rgba(0, 0, 0, 0.075);
box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.15), 0 1px 5px rgba(0, 0, 0, 0.075);
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#ffffff), to(#f8f8f8));
background-image: -webkit-linear-gradient(top, #ffffff, 0%, #f8f8f8, 100%);
background-image: -moz-linear-gradient(top, #ffffff 0%, #f8f8f8 100%);
background-image: linear-gradient(to bottom, #ffffff 0%, #f8f8f8 100%);
background-repeat: repeat-x;
border-radius: 4px;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff', endColorstr='#fff8f8f8', GradientType=0);
-webkit-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.15), 0 1px 5px rgba(0, 0, 0, 0.075);
box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.15), 0 1px 5px rgba(0, 0, 0, 0.075);
}
.navbar .navbar-nav > .active > a {
background-color: #f8f8f8;
background-color: #f8f8f8;
}
.navbar-brand,
.navbar-nav > li > a {
text-shadow: 0 1px 0 rgba(255, 255, 255, 0.25);
text-shadow: 0 1px 0 rgba(255, 255, 255, 0.25);
}
.navbar-inverse {
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#3c3c3c), to(#222222));
background-image: -webkit-linear-gradient(top, #3c3c3c, 0%, #222222, 100%);
background-image: -moz-linear-gradient(top, #3c3c3c 0%, #222222 100%);
background-image: linear-gradient(to bottom, #3c3c3c 0%, #222222 100%);
background-repeat: repeat-x;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff3c3c3c', endColorstr='#ff222222', GradientType=0);
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#3c3c3c), to(#222222));
background-image: -webkit-linear-gradient(top, #3c3c3c, 0%, #222222, 100%);
background-image: -moz-linear-gradient(top, #3c3c3c 0%, #222222 100%);
background-image: linear-gradient(to bottom, #3c3c3c 0%, #222222 100%);
background-repeat: repeat-x;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff3c3c3c', endColorstr='#ff222222', GradientType=0);
}
.navbar-inverse .navbar-nav > .active > a {
background-color: #222222;
background-color: #222222;
}
.navbar-inverse .navbar-brand,
.navbar-inverse .navbar-nav > li > a {
text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.25);
text-shadow: 0 -1px 0 rgba(0, 0, 0, 0.25);
}
.navbar-static-top,
.navbar-fixed-top,
.navbar-fixed-bottom {
border-radius: 0;
border-radius: 0;
}
.alert {
text-shadow: 0 1px 0 rgba(255, 255, 255, 0.2);
-webkit-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.25), 0 1px 2px rgba(0, 0, 0, 0.05);
box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.25), 0 1px 2px rgba(0, 0, 0, 0.05);
text-shadow: 0 1px 0 rgba(255, 255, 255, 0.2);
-webkit-box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.25), 0 1px 2px rgba(0, 0, 0, 0.05);
box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.25), 0 1px 2px rgba(0, 0, 0, 0.05);
}
.alert-success {
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#dff0d8), to(#c8e5bc));
background-image: -webkit-linear-gradient(top, #dff0d8, 0%, #c8e5bc, 100%);
background-image: -moz-linear-gradient(top, #dff0d8 0%, #c8e5bc 100%);
background-image: linear-gradient(to bottom, #dff0d8 0%, #c8e5bc 100%);
background-repeat: repeat-x;
border-color: #b2dba1;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdff0d8', endColorstr='#ffc8e5bc', GradientType=0);
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#dff0d8), to(#c8e5bc));
background-image: -webkit-linear-gradient(top, #dff0d8, 0%, #c8e5bc, 100%);
background-image: -moz-linear-gradient(top, #dff0d8 0%, #c8e5bc 100%);
background-image: linear-gradient(to bottom, #dff0d8 0%, #c8e5bc 100%);
background-repeat: repeat-x;
border-color: #b2dba1;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdff0d8', endColorstr='#ffc8e5bc', GradientType=0);
}
.alert-info {
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#d9edf7), to(#b9def0));
background-image: -webkit-linear-gradient(top, #d9edf7, 0%, #b9def0, 100%);
background-image: -moz-linear-gradient(top, #d9edf7 0%, #b9def0 100%);
background-image: linear-gradient(to bottom, #d9edf7 0%, #b9def0 100%);
background-repeat: repeat-x;
border-color: #9acfea;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffd9edf7', endColorstr='#ffb9def0', GradientType=0);
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#d9edf7), to(#b9def0));
background-image: -webkit-linear-gradient(top, #d9edf7, 0%, #b9def0, 100%);
background-image: -moz-linear-gradient(top, #d9edf7 0%, #b9def0 100%);
background-image: linear-gradient(to bottom, #d9edf7 0%, #b9def0 100%);
background-repeat: repeat-x;
border-color: #9acfea;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffd9edf7', endColorstr='#ffb9def0', GradientType=0);
}
.alert-warning {
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#fcf8e3), to(#f8efc0));
background-image: -webkit-linear-gradient(top, #fcf8e3, 0%, #f8efc0, 100%);
background-image: -moz-linear-gradient(top, #fcf8e3 0%, #f8efc0 100%);
background-image: linear-gradient(to bottom, #fcf8e3 0%, #f8efc0 100%);
background-repeat: repeat-x;
border-color: #f5e79e;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffcf8e3', endColorstr='#fff8efc0', GradientType=0);
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#fcf8e3), to(#f8efc0));
background-image: -webkit-linear-gradient(top, #fcf8e3, 0%, #f8efc0, 100%);
background-image: -moz-linear-gradient(top, #fcf8e3 0%, #f8efc0 100%);
background-image: linear-gradient(to bottom, #fcf8e3 0%, #f8efc0 100%);
background-repeat: repeat-x;
border-color: #f5e79e;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffcf8e3', endColorstr='#fff8efc0', GradientType=0);
}
.alert-danger {
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#f2dede), to(#e7c3c3));
background-image: -webkit-linear-gradient(top, #f2dede, 0%, #e7c3c3, 100%);
background-image: -moz-linear-gradient(top, #f2dede 0%, #e7c3c3 100%);
background-image: linear-gradient(to bottom, #f2dede 0%, #e7c3c3 100%);
background-repeat: repeat-x;
border-color: #dca7a7;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff2dede', endColorstr='#ffe7c3c3', GradientType=0);
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#f2dede), to(#e7c3c3));
background-image: -webkit-linear-gradient(top, #f2dede, 0%, #e7c3c3, 100%);
background-image: -moz-linear-gradient(top, #f2dede 0%, #e7c3c3 100%);
background-image: linear-gradient(to bottom, #f2dede 0%, #e7c3c3 100%);
background-repeat: repeat-x;
border-color: #dca7a7;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff2dede', endColorstr='#ffe7c3c3', GradientType=0);
}
.progress {
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#ebebeb), to(#f5f5f5));
background-image: -webkit-linear-gradient(top, #ebebeb, 0%, #f5f5f5, 100%);
background-image: -moz-linear-gradient(top, #ebebeb 0%, #f5f5f5 100%);
background-image: linear-gradient(to bottom, #ebebeb 0%, #f5f5f5 100%);
background-repeat: repeat-x;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffebebeb', endColorstr='#fff5f5f5', GradientType=0);
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#ebebeb), to(#f5f5f5));
background-image: -webkit-linear-gradient(top, #ebebeb, 0%, #f5f5f5, 100%);
background-image: -moz-linear-gradient(top, #ebebeb 0%, #f5f5f5 100%);
background-image: linear-gradient(to bottom, #ebebeb 0%, #f5f5f5 100%);
background-repeat: repeat-x;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffebebeb', endColorstr='#fff5f5f5', GradientType=0);
}
.progress-bar {
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#428bca), to(#3071a9));
background-image: -webkit-linear-gradient(top, #428bca, 0%, #3071a9, 100%);
background-image: -moz-linear-gradient(top, #428bca 0%, #3071a9 100%);
background-image: linear-gradient(to bottom, #428bca 0%, #3071a9 100%);
background-repeat: repeat-x;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff428bca', endColorstr='#ff3071a9', GradientType=0);
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#428bca), to(#3071a9));
background-image: -webkit-linear-gradient(top, #428bca, 0%, #3071a9, 100%);
background-image: -moz-linear-gradient(top, #428bca 0%, #3071a9 100%);
background-image: linear-gradient(to bottom, #428bca 0%, #3071a9 100%);
background-repeat: repeat-x;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff428bca', endColorstr='#ff3071a9', GradientType=0);
}
.progress-bar-success {
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#5cb85c), to(#449d44));
background-image: -webkit-linear-gradient(top, #5cb85c, 0%, #449d44, 100%);
background-image: -moz-linear-gradient(top, #5cb85c 0%, #449d44 100%);
background-image: linear-gradient(to bottom, #5cb85c 0%, #449d44 100%);
background-repeat: repeat-x;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5cb85c', endColorstr='#ff449d44', GradientType=0);
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#5cb85c), to(#449d44));
background-image: -webkit-linear-gradient(top, #5cb85c, 0%, #449d44, 100%);
background-image: -moz-linear-gradient(top, #5cb85c 0%, #449d44 100%);
background-image: linear-gradient(to bottom, #5cb85c 0%, #449d44 100%);
background-repeat: repeat-x;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5cb85c', endColorstr='#ff449d44', GradientType=0);
}
.progress-bar-info {
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#5bc0de), to(#31b0d5));
background-image: -webkit-linear-gradient(top, #5bc0de, 0%, #31b0d5, 100%);
background-image: -moz-linear-gradient(top, #5bc0de 0%, #31b0d5 100%);
background-image: linear-gradient(to bottom, #5bc0de 0%, #31b0d5 100%);
background-repeat: repeat-x;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de', endColorstr='#ff31b0d5', GradientType=0);
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#5bc0de), to(#31b0d5));
background-image: -webkit-linear-gradient(top, #5bc0de, 0%, #31b0d5, 100%);
background-image: -moz-linear-gradient(top, #5bc0de 0%, #31b0d5 100%);
background-image: linear-gradient(to bottom, #5bc0de 0%, #31b0d5 100%);
background-repeat: repeat-x;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de', endColorstr='#ff31b0d5', GradientType=0);
}
.progress-bar-warning {
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#f0ad4e), to(#ec971f));
background-image: -webkit-linear-gradient(top, #f0ad4e, 0%, #ec971f, 100%);
background-image: -moz-linear-gradient(top, #f0ad4e 0%, #ec971f 100%);
background-image: linear-gradient(to bottom, #f0ad4e 0%, #ec971f 100%);
background-repeat: repeat-x;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff0ad4e', endColorstr='#ffec971f', GradientType=0);
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#f0ad4e), to(#ec971f));
background-image: -webkit-linear-gradient(top, #f0ad4e, 0%, #ec971f, 100%);
background-image: -moz-linear-gradient(top, #f0ad4e 0%, #ec971f 100%);
background-image: linear-gradient(to bottom, #f0ad4e 0%, #ec971f 100%);
background-repeat: repeat-x;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff0ad4e', endColorstr='#ffec971f', GradientType=0);
}
.progress-bar-danger {
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#d9534f), to(#c9302c));
background-image: -webkit-linear-gradient(top, #d9534f, 0%, #c9302c, 100%);
background-image: -moz-linear-gradient(top, #d9534f 0%, #c9302c 100%);
background-image: linear-gradient(to bottom, #d9534f 0%, #c9302c 100%);
background-repeat: repeat-x;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffd9534f', endColorstr='#ffc9302c', GradientType=0);
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#d9534f), to(#c9302c));
background-image: -webkit-linear-gradient(top, #d9534f, 0%, #c9302c, 100%);
background-image: -moz-linear-gradient(top, #d9534f 0%, #c9302c 100%);
background-image: linear-gradient(to bottom, #d9534f 0%, #c9302c 100%);
background-repeat: repeat-x;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffd9534f', endColorstr='#ffc9302c', GradientType=0);
}
.list-group {
border-radius: 4px;
-webkit-box-shadow: 0 1px 2px rgba(0, 0, 0, 0.075);
box-shadow: 0 1px 2px rgba(0, 0, 0, 0.075);
border-radius: 4px;
-webkit-box-shadow: 0 1px 2px rgba(0, 0, 0, 0.075);
box-shadow: 0 1px 2px rgba(0, 0, 0, 0.075);
}
.list-group-item.active,
.list-group-item.active:hover,
.list-group-item.active:focus {
text-shadow: 0 -1px 0 #3071a9;
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#428bca), to(#3278b3));
background-image: -webkit-linear-gradient(top, #428bca, 0%, #3278b3, 100%);
background-image: -moz-linear-gradient(top, #428bca 0%, #3278b3 100%);
background-image: linear-gradient(to bottom, #428bca 0%, #3278b3 100%);
background-repeat: repeat-x;
border-color: #3278b3;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff428bca', endColorstr='#ff3278b3', GradientType=0);
text-shadow: 0 -1px 0 #3071a9;
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#428bca), to(#3278b3));
background-image: -webkit-linear-gradient(top, #428bca, 0%, #3278b3, 100%);
background-image: -moz-linear-gradient(top, #428bca 0%, #3278b3 100%);
background-image: linear-gradient(to bottom, #428bca 0%, #3278b3 100%);
background-repeat: repeat-x;
border-color: #3278b3;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff428bca', endColorstr='#ff3278b3', GradientType=0);
}
.panel {
-webkit-box-shadow: 0 1px 2px rgba(0, 0, 0, 0.05);
box-shadow: 0 1px 2px rgba(0, 0, 0, 0.05);
-webkit-box-shadow: 0 1px 2px rgba(0, 0, 0, 0.05);
box-shadow: 0 1px 2px rgba(0, 0, 0, 0.05);
}
.panel-default > .panel-heading {
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#f5f5f5), to(#e8e8e8));
background-image: -webkit-linear-gradient(top, #f5f5f5, 0%, #e8e8e8, 100%);
background-image: -moz-linear-gradient(top, #f5f5f5 0%, #e8e8e8 100%);
background-image: linear-gradient(to bottom, #f5f5f5 0%, #e8e8e8 100%);
background-repeat: repeat-x;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff5f5f5', endColorstr='#ffe8e8e8', GradientType=0);
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#f5f5f5), to(#e8e8e8));
background-image: -webkit-linear-gradient(top, #f5f5f5, 0%, #e8e8e8, 100%);
background-image: -moz-linear-gradient(top, #f5f5f5 0%, #e8e8e8 100%);
background-image: linear-gradient(to bottom, #f5f5f5 0%, #e8e8e8 100%);
background-repeat: repeat-x;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff5f5f5', endColorstr='#ffe8e8e8', GradientType=0);
}
.panel-primary > .panel-heading {
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#428bca), to(#357ebd));
background-image: -webkit-linear-gradient(top, #428bca, 0%, #357ebd, 100%);
background-image: -moz-linear-gradient(top, #428bca 0%, #357ebd 100%);
background-image: linear-gradient(to bottom, #428bca 0%, #357ebd 100%);
background-repeat: repeat-x;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff428bca', endColorstr='#ff357ebd', GradientType=0);
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#428bca), to(#357ebd));
background-image: -webkit-linear-gradient(top, #428bca, 0%, #357ebd, 100%);
background-image: -moz-linear-gradient(top, #428bca 0%, #357ebd 100%);
background-image: linear-gradient(to bottom, #428bca 0%, #357ebd 100%);
background-repeat: repeat-x;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff428bca', endColorstr='#ff357ebd', GradientType=0);
}
.panel-success > .panel-heading {
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#dff0d8), to(#d0e9c6));
background-image: -webkit-linear-gradient(top, #dff0d8, 0%, #d0e9c6, 100%);
background-image: -moz-linear-gradient(top, #dff0d8 0%, #d0e9c6 100%);
background-image: linear-gradient(to bottom, #dff0d8 0%, #d0e9c6 100%);
background-repeat: repeat-x;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdff0d8', endColorstr='#ffd0e9c6', GradientType=0);
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#dff0d8), to(#d0e9c6));
background-image: -webkit-linear-gradient(top, #dff0d8, 0%, #d0e9c6, 100%);
background-image: -moz-linear-gradient(top, #dff0d8 0%, #d0e9c6 100%);
background-image: linear-gradient(to bottom, #dff0d8 0%, #d0e9c6 100%);
background-repeat: repeat-x;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffdff0d8', endColorstr='#ffd0e9c6', GradientType=0);
}
.panel-info > .panel-heading {
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#d9edf7), to(#c4e3f3));
background-image: -webkit-linear-gradient(top, #d9edf7, 0%, #c4e3f3, 100%);
background-image: -moz-linear-gradient(top, #d9edf7 0%, #c4e3f3 100%);
background-image: linear-gradient(to bottom, #d9edf7 0%, #c4e3f3 100%);
background-repeat: repeat-x;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffd9edf7', endColorstr='#ffc4e3f3', GradientType=0);
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#d9edf7), to(#c4e3f3));
background-image: -webkit-linear-gradient(top, #d9edf7, 0%, #c4e3f3, 100%);
background-image: -moz-linear-gradient(top, #d9edf7 0%, #c4e3f3 100%);
background-image: linear-gradient(to bottom, #d9edf7 0%, #c4e3f3 100%);
background-repeat: repeat-x;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffd9edf7', endColorstr='#ffc4e3f3', GradientType=0);
}
.panel-warning > .panel-heading {
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#fcf8e3), to(#faf2cc));
background-image: -webkit-linear-gradient(top, #fcf8e3, 0%, #faf2cc, 100%);
background-image: -moz-linear-gradient(top, #fcf8e3 0%, #faf2cc 100%);
background-image: linear-gradient(to bottom, #fcf8e3 0%, #faf2cc 100%);
background-repeat: repeat-x;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffcf8e3', endColorstr='#fffaf2cc', GradientType=0);
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#fcf8e3), to(#faf2cc));
background-image: -webkit-linear-gradient(top, #fcf8e3, 0%, #faf2cc, 100%);
background-image: -moz-linear-gradient(top, #fcf8e3 0%, #faf2cc 100%);
background-image: linear-gradient(to bottom, #fcf8e3 0%, #faf2cc 100%);
background-repeat: repeat-x;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffcf8e3', endColorstr='#fffaf2cc', GradientType=0);
}
.panel-danger > .panel-heading {
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#f2dede), to(#ebcccc));
background-image: -webkit-linear-gradient(top, #f2dede, 0%, #ebcccc, 100%);
background-image: -moz-linear-gradient(top, #f2dede 0%, #ebcccc 100%);
background-image: linear-gradient(to bottom, #f2dede 0%, #ebcccc 100%);
background-repeat: repeat-x;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff2dede', endColorstr='#ffebcccc', GradientType=0);
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#f2dede), to(#ebcccc));
background-image: -webkit-linear-gradient(top, #f2dede, 0%, #ebcccc, 100%);
background-image: -moz-linear-gradient(top, #f2dede 0%, #ebcccc 100%);
background-image: linear-gradient(to bottom, #f2dede 0%, #ebcccc 100%);
background-repeat: repeat-x;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff2dede', endColorstr='#ffebcccc', GradientType=0);
}
.well {
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#e8e8e8), to(#f5f5f5));
background-image: -webkit-linear-gradient(top, #e8e8e8, 0%, #f5f5f5, 100%);
background-image: -moz-linear-gradient(top, #e8e8e8 0%, #f5f5f5 100%);
background-image: linear-gradient(to bottom, #e8e8e8 0%, #f5f5f5 100%);
background-repeat: repeat-x;
border-color: #dcdcdc;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffe8e8e8', endColorstr='#fff5f5f5', GradientType=0);
-webkit-box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.05), 0 1px 0 rgba(255, 255, 255, 0.1);
box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.05), 0 1px 0 rgba(255, 255, 255, 0.1);
background-image: -webkit-gradient(linear, left 0%, left 100%, from(#e8e8e8), to(#f5f5f5));
background-image: -webkit-linear-gradient(top, #e8e8e8, 0%, #f5f5f5, 100%);
background-image: -moz-linear-gradient(top, #e8e8e8 0%, #f5f5f5 100%);
background-image: linear-gradient(to bottom, #e8e8e8 0%, #f5f5f5 100%);
background-repeat: repeat-x;
border-color: #dcdcdc;
filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffe8e8e8', endColorstr='#fff5f5f5', GradientType=0);
-webkit-box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.05), 0 1px 0 rgba(255, 255, 255, 0.1);
box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.05), 0 1px 0 rgba(255, 255, 255, 0.1);
}

351
oidc_example/rp3/static/bootstrap/css/bootstrap-theme.min.css vendored
View File

File diff suppressed because one or more lines are too long

6598
oidc_example/rp3/static/bootstrap/css/bootstrap.css vendored
View File

File diff suppressed because it is too large Load Diff

6354
oidc_example/rp3/static/bootstrap/css/bootstrap.min.css vendored
View File

File diff suppressed because one or more lines are too long

2897
oidc_example/rp3/static/bootstrap/js/bootstrap.js vendored
View File

File diff suppressed because it is too large Load Diff

567
oidc_example/rp3/static/bootstrap/js/bootstrap.min.js vendored
View File

File diff suppressed because one or more lines are too long

2205
oidc_example/rp3/static/jquery.min.1.9.1.js
View File

File diff suppressed because one or more lines are too long

4
oidc_example/rp3/static/style.css
View File

@ -1,4 +1,4 @@
body {
min-height: 2000px;
padding-top: 70px;
min-height: 2000px;
padding-top: 70px;
}

36
src/oic/oauth2/__init__.py
View File

@ -6,14 +6,12 @@ __author__ = 'rohe0002'
import requests
import random
import string
import copy
import cookielib
import logging
from Cookie import SimpleCookie
from oic.utils.keyio import KeyJar
from oic.utils.time_util import utc_time_sans_frac
from oic.utils.time_util import utc_now
from oic.exception import UnSupported
logger = logging.getLogger(__name__)
@ -33,7 +31,7 @@ DEFAULT_POST_CONTENT_TYPE = URL_ENCODED
REQUEST2ENDPOINT = {
"AuthorizationRequest": "authorization_endpoint",
"AccessTokenRequest": "token_endpoint",
# ROPCAccessTokenRequest: "authorization_endpoint",
# ROPCAccessTokenRequest: "authorization_endpoint",
# CCAccessTokenRequest: "authorization_endpoint",
"RefreshAccessTokenRequest": "token_endpoint",
"TokenRevocationRequest": "token_endpoint"}
@ -88,6 +86,7 @@ def rndstr(size=16):
class ExpiredToken(PyoidcError):
pass
# -----------------------------------------------------------------------------
@ -274,7 +273,7 @@ class PBase(object):
self.keyjar = KeyJar(verify_ssl=verify_ssl)
self.request_args = {"allow_redirects": False}
#self.cookies = {}
# self.cookies = {}
self.cookiejar = cookielib.FileCookieJar()
self.ca_certs = ca_certs
if ca_certs:
@ -352,12 +351,12 @@ class PBase(object):
std_attr["version"] = std_attr["version"].split(",")[0]
except (TypeError, AttributeError):
pass
new_cookie = cookielib.Cookie(**std_attr)
self.cookiejar.set_cookie(new_cookie)
#return cookiejar
# return cookiejar
def http_request(self, url, method="GET", **kwargs):
_kwargs = copy.copy(self.request_args)
@ -371,15 +370,16 @@ class PBase(object):
try:
r = requests.request(method, url, **_kwargs)
except Exception as err:
logger.error("http_request failed: %s, url: %s, htargs: %s" % (
err, url, _kwargs))
logger.error(
"http_request failed: %s, url: %s, htargs: %s, method: %s" % (
err, url, _kwargs, method))
raise
try:
set_cookie = r.headers["set-cookie"]
# Telekom fix
# set_cookie = set_cookie.replace(
# "=;Path=/;Expires=Thu, 01-Jan-1970 00:00:01 GMT;HttpOnly,", "")
# "=;Path=/;Expires=Thu, 01-Jan-1970 00:00:01 GMT;HttpOnly,", "")
logger.debug("RECEIVED COOKIEs: %s" % set_cookie)
self.set_cookie(SimpleCookie(set_cookie))
except (AttributeError, KeyError), err:
@ -422,7 +422,7 @@ class Client(PBase):
self.client_authn_method = client_authn_method
self.keyjar = keyjar or KeyJar(verify_ssl=verify_ssl)
self.verify_ssl = verify_ssl
#self.secret_type = "basic "
# self.secret_type = "basic "
#self.state = None
self.nonce = None
@ -464,7 +464,7 @@ class Client(PBase):
client_secret = property(get_client_secret, set_client_secret)
def reset(self):
#self.state = None
# self.state = None
self.nonce = None
self.grant = {}
@ -519,7 +519,7 @@ class Client(PBase):
def get_grant(self, state, **kwargs):
# try:
# _state = kwargs["state"]
# _state = kwargs["state"]
# if not _state:
# _state = self.state
# except KeyError:
@ -560,7 +560,7 @@ class Client(PBase):
if request_args is None:
request_args = {}
#logger.debug("request_args: %s" % request_args)
# logger.debug("request_args: %s" % request_args)
kwargs = self._parse_args(request, **request_args)
if extra_args:
@ -574,7 +574,7 @@ class Client(PBase):
return self.construct_request(request, request_args, extra_args)
#noinspection PyUnusedLocal
# noinspection PyUnusedLocal
def construct_AuthorizationRequest(self, request=AuthorizationRequest,
request_args=None, extra_args=None,
**kwargs):
@ -689,7 +689,7 @@ class Client(PBase):
header_ext = {"Content-type": content_type}
if (accept):
header_ext = {"Accept": accept}
if "headers" in kwargs.keys():
kwargs["headers"].update(header_ext)
else:
@ -804,7 +804,7 @@ class Client(PBase):
if not verf:
raise PyoidcError("Verification of the response failed")
if resp.type() == "AuthorizationResponse" and \
"scope" not in resp:
"scope" not in resp:
try:
resp["scope"] = kwargs["scope"]
except KeyError:
@ -1111,14 +1111,14 @@ class Server(PBase):
if not keyjar:
keyjar = self.keyjar
#areq = message().from_(txt, keys, verify)
# areq = message().from_(txt, keys, verify)
areq = request().deserialize(txt, "jwt", keyjar=keyjar,
verify=verify)
areq.verify()
return areq
def parse_body_request(self, request=AccessTokenRequest, body=None):
#req = message(reqmsg).from_urlencoded(body)
# req = message(reqmsg).from_urlencoded(body)
req = request().deserialize(body, "urlencoded")
req.verify()
return req

3
src/oic/oauth2/consumer.py
View File

@ -2,7 +2,6 @@
__author__ = 'rohe0002'
import time
from hashlib import md5
from oic.utils import http_util
@ -77,7 +76,7 @@ class Consumer(Client):
""" An OAuth2 consumer implementation
"""
#noinspection PyUnusedLocal
# noinspection PyUnusedLocal
def __init__(self, session_db, client_config=None,
server_info=None, authz_page="", response_type="",
scope="", flow_type="", password=None):

16
src/oic/oauth2/dynreg.py
View File

@ -1,15 +1,15 @@
import logging
import urllib
import urlparse
import requests
from oic.oic import OIDCONF_PATTERN
from oic.oic.message import ProviderConfigurationResponse, AuthorizationResponse
import requests
from oic.utils.keyio import KeyJar
from oic.utils.time_util import utc_time_sans_frac
from oic.oic.provider import secret
from oic.oic.provider import RegistrationEndpoint
from oic.oic.provider import Endpoint
from oic import oauth2
from oic.oauth2 import provider
from oic.oauth2 import VerificationError
@ -27,13 +27,13 @@ from oic.oauth2 import SINGLE_OPTIONAL_INT
from oic.exception import UnknownAssertionType
from oic.exception import PyoidcError
from oic.exception import AuthzError
from oic.utils.authn.client import AuthnFailure
from oic.utils.http_util import Unauthorized, NoContent
from oic.utils.http_util import Response
from oic.utils.http_util import BadRequest
from oic.utils.http_util import Forbidden
logger = logging.getLogger(__name__)
__author__ = 'roland'
@ -180,7 +180,7 @@ class Provider(provider.Provider):
# @staticmethod
# def _uris_to_dict(uris):
# ruri = {}
# ruri = {}
# for uri in uris:
# base, query = urllib.splitquery(uri)
# if query:
@ -211,7 +211,7 @@ class Provider(provider.Provider):
if query:
tup.append((base, query))
else:
tup.append((base,""))
tup.append((base, ""))
return tup
@staticmethod
@ -242,7 +242,7 @@ class Provider(provider.Provider):
_cinfo["client_secret"] = secret(self.seed, _id)
_cinfo["client_id_issued_at"] = utc_time_sans_frac()
_cinfo["client_secret_expires_at"] = utc_time_sans_frac() + \
self.secret_lifetime
self.secret_lifetime
# If I support client info endpoint
if ClientInfoEndpoint in self.endp:
@ -289,7 +289,7 @@ class Provider(provider.Provider):
for key in _cinfo.keys():
if key in ["client_id_issued_at", "client_secret_expires_at",
"registration_access_token","registration_client_uri"]:
"registration_access_token", "registration_client_uri"]:
continue
if key not in request:
del _cinfo[key]
@ -352,7 +352,7 @@ class Provider(provider.Provider):
return self.client_info(client_id)
def client_info_endpoint(self, request, environ,
method="GET", query="", **kwargs):
method="GET", query="", **kwargs):
"""
Operations on this endpoint are switched through the use of different
HTTP methods

28
src/oic/oauth2/message.py
View File

@ -3,15 +3,16 @@ import logging
import urllib
import urlparse
import json
from jwkest import b64d
import jwkest
from jwkest.jwe import JWE
from jwkest.jwk import keyitems2keyreps
from jwkest.jws import JWS
from oic.exception import PyoidcError
from oic.exception import MessageException
logger = logging.getLogger(__name__)
@ -149,7 +150,7 @@ class Message(object):
elif isinstance(val, Message):
try:
params.append((key, str(_ser(val, sformat="urlencoded",
lev=lev))))
lev=lev))))
except TypeError:
params.append((key, val))
elif val is None:
@ -191,7 +192,7 @@ class Message(object):
:return: An instance of the cls class
"""
#parse_qs returns a dictionary with keys and values. The values are
# parse_qs returns a dictionary with keys and values. The values are
#always lists even if there is only one value in the list.
#keys only appears once.
@ -327,8 +328,8 @@ class Message(object):
return self
def _add_value(self, skey, vtyp, key, val, _deser, null_allowed):
# if not val:
# return
# if not val:
# return
if isinstance(val, list):
if (len(val) == 0 or val[0] is None) and null_allowed is False:
@ -528,14 +529,14 @@ class Message(object):
raise ValueError("Not allowed value '%s'" % val)
elif isinstance(typ, list):
if isinstance(val, list):
#_typ = typ[0]
# _typ = typ[0]
for item in val:
if item not in _allowed:
raise ValueError("Not allowed value '%s'" % val)
elif val is None and na is False:
raise ValueError("Not allowed value '%s'" % val)
#noinspection PyUnusedLocal
# noinspection PyUnusedLocal
def verify(self, **kwargs):
"""
Make sure all the required values are there and that the values are
@ -622,8 +623,8 @@ class Message(object):
return True
# def __getattr__(self, item):
# return self._dict[item]
# def __getattr__(self, item):
# return self._dict[item]
def __delitem__(self, key):
del self._dict[key]
@ -668,7 +669,8 @@ class Message(object):
return self.from_json(_res[0])
def copy(self):
return copy.deepcopy(self)
return copy.deepcopy(self)
# =============================================================================
@ -682,10 +684,11 @@ def add_non_standard(msg1, msg2):
if key not in msg1.c_param:
msg1[key] = val
# =============================================================================
#noinspection PyUnusedLocal
# noinspection PyUnusedLocal
def list_serializer(vals, sformat="urlencoded", lev=0):
if isinstance(vals, basestring) or not isinstance(vals, list):
raise ValueError("Expected list: %s" % vals)
@ -733,6 +736,7 @@ def json_serializer(obj, sformat="urlencoded", lev=0):
def json_deserializer(txt, sformat="urlencoded"):
return json.loads(txt)
VTYPE = 0
VREQUIRED = 1
VSER = 2
@ -867,6 +871,7 @@ class TokenRevocationRequest(Message):
class ResourceRequest(Message):
c_param = {"access_token": SINGLE_OPTIONAL_STRING}
MSG = {
"Message": Message,
"ErrorResponse": ErrorResponse,
@ -891,6 +896,7 @@ def factory(msgtype):
except KeyError:
raise Exception("Unknown message type: %s" % msgtype)
if __name__ == "__main__":
foo = AccessTokenRequest(grant_type="authorization_code",
code="foo",

13
src/oic/oauth2/provider.py
View File

@ -3,8 +3,10 @@ import traceback
import sys
import urllib
import urlparse
from oic.utils.sdb import AccessCodeUsed
__author__ = 'rohe0002'
import base64
@ -94,7 +96,7 @@ def token_response(**kwargs):
return aresp
#noinspection PyUnusedLocal
# noinspection PyUnusedLocal
def none_response(**kwargs):
_areq = kwargs["areq"]
aresp = NoneResponse()
@ -372,7 +374,7 @@ class Provider(object):
try:
if len(self.authn_broker) == 1:
return self.authn_broker[0]
return self.authn_broker[0]
else:
try:
_values = areq["acr_values"]
@ -533,8 +535,8 @@ class Provider(object):
pass
if "response_type" in areq and \
len(areq["response_type"]) == 1 and \
"none" in areq["response_type"]:
len(areq["response_type"]) == 1 and \
"none" in areq["response_type"]:
pass
else:
#if self.sdb.is_revoked(sinfo):
@ -648,9 +650,8 @@ class Provider(object):
return Response(err.to_json(), content="application/json",
status="401 Unauthorized")
LOG_DEBUG("_tinfo: %s" % _tinfo)
atr = AccessTokenResponse(**by_schema(AccessTokenResponse, **_tinfo))
LOG_DEBUG("AccessTokenResponse: %s" % atr)

13
src/oic/oic/__init__.py
View File

@ -1,3 +1,4 @@
from jwkest.jwe import JWE
from oic.utils.keyio import KeyJar
__author__ = 'rohe0002'
@ -163,7 +164,7 @@ def make_openid_request(arq, keys=None, userinfo_claims=None,
c_args["userinfo"] = Claims(**userinfo_claims)
if idtoken_claims is not None:
#IdTokenClaims
# IdTokenClaims
c_args["id_token"] = Claims(**idtoken_claims)
if c_args:
@ -194,7 +195,7 @@ class Grant(oauth2.Grant):
PREFERENCE2PROVIDER = {
#"require_signed_request_object": "request_object_algs_supported",
# "require_signed_request_object": "request_object_algs_supported",
"request_object_signing_alg": "request_object_signing_alg_values_supported",
"request_object_encryption_alg":
"request_object_encryption_alg_values_supported",
@ -220,7 +221,7 @@ PREFERENCE2PROVIDER = {
#"request_object_signing_alg": "request_object_signing_alg_values_supported
}
PROVIDER2PREFERENCE = dict([(v,k) for k,v in PREFERENCE2PROVIDER.items()])
PROVIDER2PREFERENCE = dict([(v, k) for k, v in PREFERENCE2PROVIDER.items()])
PROVIDER_DEFAULT = {
"token_endpoint_auth_method": "client_secret_basic",
@ -228,7 +229,7 @@ PROVIDER_DEFAULT = {
}
#noinspection PyMethodOverriding
# noinspection PyMethodOverriding
class Client(oauth2.Client):
_endpoints = ENDPOINTS
@ -261,7 +262,7 @@ class Client(oauth2.Client):
self.behaviour = {
"request_object_signing_alg":
DEF_SIGN_ALG["openid_request_object"]}
DEF_SIGN_ALG["openid_request_object"]}
self.wf = WebFinger(OIC_ISSUER)
self.wf.httpd = self
@ -1129,7 +1130,7 @@ class Server(oauth2.Server):
"""
param = self._parse_urlencoded(url, query)
assert "access_token" in param # ignore the rest
assert "access_token" in param # ignore the rest
return deser_id_token(self, param["access_token"][0])
def _parse_request(self, request, data, sformat, client_id=None):

10
src/oic/oic/claims_provider.py
View File

@ -25,7 +25,7 @@ from oic.utils.http_util import Response
from oic.utils.authn.client import bearer_auth
# Used in claims.py
#from oic.oic.message import RegistrationRequest
# from oic.oic.message import RegistrationRequest
#from oic.oic.message import RegistrationResponse
logger = logging.getLogger(__name__)
@ -44,6 +44,7 @@ class UserClaimsResponse(Message):
"endpoint": SINGLE_OPTIONAL_STRING,
"access_token": SINGLE_OPTIONAL_STRING}
# def verify(self, **kwargs):
# if "jwt" in self:
# # Try to decode the JWT, checks the signature
@ -65,7 +66,6 @@ class UserInfoClaimsRequest(Message):
class OICCServer(OicServer):
def parse_user_claims_request(self, info, sformat="urlencoded"):
return self._parse_request(UserClaimsRequest, info, sformat)
@ -74,7 +74,6 @@ class OICCServer(OicServer):
class ClaimsServer(Provider):
def __init__(self, name, sdb, cdb, userinfo, client_authn, urlmap=None,
ca_certs="", keyjar=None, hostname="", dist_claims_mode=None):
Provider.__init__(self, name, sdb, cdb, None, userinfo, None,
@ -176,7 +175,6 @@ class ClaimsServer(Provider):
class ClaimsClient(Client):
def __init__(self, client_id=None, ca_certs=""):
Client.__init__(self, client_id, ca_certs)
@ -208,8 +206,8 @@ class ClaimsClient(Client):
else:
http_args.update(http_args)
# http_args = self.init_authentication_method(csi, "bearer_header",
# request_args)
# http_args = self.init_authentication_method(csi, "bearer_header",
# request_args)
return self.request_and_return(url, request_resp, method, body,
body_type, extended=False,

7
src/oic/oic/consumer.py
View File

@ -95,6 +95,7 @@ def clean_response(aresp):
return atr
IGNORE = ["request2endpoint", "response2error", "grant_class", "token_class"]
CONSUMER_PREF_ARGS = [
@ -122,7 +123,7 @@ class Consumer(Client):
""" An OpenID Connect consumer implementation
"""
#noinspection PyUnusedLocal
# noinspection PyUnusedLocal
def __init__(self, session_db, config, client_config=None,
server_info=None, debug=False, client_prefs=None):
""" Initializes a Consumer instance.
@ -326,7 +327,7 @@ class Consumer(Client):
return http_util.BadRequest("Missing query")
_log_info("response: %s" % query)
if "code" in self.config["response_type"]:
# Might be an error response
_log_info("Expect Authorization Response")
@ -410,7 +411,7 @@ class Consumer(Client):
def refresh_token(self):
pass
#noinspection PyUnusedLocal
def get_user_info(self, state):
uinfo = self.do_user_info_request(state=state, schema="openid")

21
src/oic/oic/message.py
View File

@ -29,7 +29,7 @@ from jwkest import jws
logger = logging.getLogger(__name__)
#noinspection PyUnusedLocal
# noinspection PyUnusedLocal
def json_ser(val, sformat=None, lev=0):
return json.dumps(val)
@ -247,7 +247,6 @@ class UserInfoRequest(Message):
class AuthorizationResponse(message.AuthorizationResponse,
message.AccessTokenResponse):
c_param = message.AuthorizationResponse.c_param.copy()
c_param.update(message.AccessTokenResponse.c_param)
c_param.update({
@ -557,12 +556,12 @@ class RegistrationResponse(Message):
if "registration_client_uri" in self:
if not "registration_access_token":
raise VerificationError((
"Only one of registration_client_uri"
" and registration_access_token present"), self)
"Only one of registration_client_uri"
" and registration_access_token present"), self)
elif "registration_access_token" in self:
raise VerificationError((
"Only one of registration_client_uri"
" and registration_access_token present"), self)
"Only one of registration_client_uri"
" and registration_access_token present"), self)
return super(RegistrationResponse, self).verify(**kwargs)
@ -599,7 +598,7 @@ class IdToken(OpenIDSchema):
raise NotForMe("", self)
if len(self["aud"]) > 1: # Then azr has to be present and be one of
# the values
# the values
try:
assert "azr" in self
except AssertionError:
@ -696,12 +695,12 @@ class ProviderConfigurationResponse(Message):
"userinfo_encryption_enc_values_supported": OPTIONAL_LIST_OF_STRINGS,
"request_object_signing_alg_values_supported": OPTIONAL_LIST_OF_STRINGS,
"request_object_encryption_alg_values_supported":
OPTIONAL_LIST_OF_STRINGS,
OPTIONAL_LIST_OF_STRINGS,
"request_object_encryption_enc_values_supported":
OPTIONAL_LIST_OF_STRINGS,
OPTIONAL_LIST_OF_STRINGS,
"token_endpoint_auth_methods_supported": OPTIONAL_LIST_OF_STRINGS,
"token_endpoint_auth_signing_alg_values_supported":
OPTIONAL_LIST_OF_STRINGS,
OPTIONAL_LIST_OF_STRINGS,
"display_values_supported": OPTIONAL_LIST_OF_STRINGS,
"claim_types_supported": OPTIONAL_LIST_OF_STRINGS,
"claims_supported": OPTIONAL_LIST_OF_STRINGS,
@ -773,6 +772,7 @@ class DiscoveryResponse(Message):
class ResourceRequest(Message):
c_param = {"access_token": SINGLE_OPTIONAL_STRING}
SCOPE2CLAIMS = {
"openid": ["sub"],
"profile": ["name", "given_name", "family_name", "middle_name",
@ -830,6 +830,7 @@ def factory(msgtype):
else:
raise PyoidcError("Unknown message type: %s" % msgtype)
if __name__ == "__main__":
atr = AccessTokenResponse(access_token="access_token",
token_type="token_type")

47
src/oic/oic/provider.py
View File

@ -1,10 +1,13 @@
#!/usr/bin/env python
import copy
import json
import traceback
import urllib
import sys
from jwkest.jwe import JWE
from requests import ConnectionError
from jwkest import jws, jwe
from jwkest.jws import alg2keytype
from oic.utils import time_util
from oic.utils.authn.user import NoSuchAuthentication
from oic.utils.authn.user import ToOld
@ -12,9 +15,6 @@ from oic.utils.authn.user import TamperAllert
from oic.utils.time_util import utc_time_sans_frac
from oic.utils.keyio import KeyBundle
from oic.utils.keyio import key_export
from requests import ConnectionError
from oic.oauth2.message import by_schema
from oic.oic.message import RefreshAccessTokenRequest
from oic.oic.message import EndSessionRequest
@ -35,8 +35,6 @@ from oic.oic.message import DiscoveryRequest
from oic.oic.message import ProviderConfigurationResponse
from oic.oic.message import DiscoveryResponse
from jwkest import jws, jwe
from jwkest.jws import alg2keytype
__author__ = 'rohe0002'
@ -70,7 +68,7 @@ SWD_ISSUER = "http://openid.net/specs/connect/1.0/issuer"
STR = 5 * "_"
#noinspection PyUnusedLocal
# noinspection PyUnusedLocal
def devnull(txt):
pass
@ -87,6 +85,7 @@ def secret(seed, sid):
csum.update(sid)
return csum.hexdigest()
#def update_info(aresp, sdict):
# for prop in aresp._schema["param"].keys():
# try:
@ -138,6 +137,7 @@ def construct_uri(item):
class AuthorizationEndpoint(Endpoint):
etype = "authorization"
class TokenEndpoint(Endpoint):
etype = "token"
@ -146,11 +146,11 @@ class UserinfoEndpoint(Endpoint):
etype = "userinfo"
class RegistrationEndpoint(Endpoint) :
class RegistrationEndpoint(Endpoint):
etype = "registration"
class EndSessionEndpoint(Endpoint) :
class EndSessionEndpoint(Endpoint):
etype = "endsession"
@ -226,8 +226,8 @@ class Provider(AProvider):
except KeyError:
pass
else:
# make sure id_token_signed_response_alg is set in client register
# response. This will make it happen in match_preferences()
# make sure id_token_signed_response_alg is set in client register
# response. This will make it happen in match_preferences()
for val in PREFERENCE2PROVIDER.values():
if val.endswith("signing_alg_values_supported"):
self.capabilities[val] = [mode["sign"]]
@ -238,8 +238,8 @@ class Provider(AProvider):
except KeyError:
pass
else:
# make sure id_token_signed_response_alg is set in client register
# response. This will make it happen in match_preferences()
# make sure id_token_signed_response_alg is set in client register
# response. This will make it happen in match_preferences()
for val in PREFERENCE2PROVIDER.values():
if val.endswith("encryption_alg_values_supported"):
self.capabilities[val] = [_enc_alg]
@ -250,8 +250,8 @@ class Provider(AProvider):
except KeyError:
pass
else:
# make sure id_token_signed_response_alg is set in client register
# response. This will make it happen in match_preferences()
# make sure id_token_signed_response_alg is set in client register
# response. This will make it happen in match_preferences()
for val in PREFERENCE2PROVIDER.values():
if val.endswith("encryption_enc_values_supported"):
self.capabilities[val] = [_enc_enc]
@ -397,7 +397,7 @@ class Provider(AProvider):
try:
if len(self.authn_broker) == 1:
return self.authn_broker[0]
return self.authn_broker[0]
else:
if "acr_values" in areq:
if not comparision_type:
@ -452,7 +452,7 @@ class Provider(AProvider):
"post_logout_redirect_uri": esr["post_logout_redirect_uri"],
"key": self.sdb.get_verify_logout(uid),
"redirect": redirect,
"action": "/"+EndSessionEndpoint("").etype
"action": "/" + EndSessionEndpoint("").etype
}
return Response(mte.render(**argv), headers=[])
@ -467,7 +467,7 @@ class Provider(AProvider):
if "id_token_hint" in esr:
id_token_hint = OpenIDRequest().from_jwt(esr["id_token_hint"],
keyjar=self.keyjar,
verify=True)
verify=True)
uid = id_token_hint["sub"]
else:
identity = authn.authenticated_as(cookie)
@ -676,7 +676,7 @@ class Provider(AProvider):
keys = self.keyjar.get_encrypt_key(owner=cid)
logger.debug("keys for %s: %s" % (
cid, "["+", ".join([str(x) for x in self.keyjar[cid]]))+"]")
cid, "[" + ", ".join([str(x) for x in self.keyjar[cid]])) + "]")
logger.debug("alg=%s, enc=%s, val_type=%s" % (alg, enc, val_type))
logger.debug("Encryption keys for %s: %s" % (cid, keys))
@ -999,7 +999,7 @@ class Provider(AProvider):
for reg, qp in urlset:
_part = urlparse.urlparse(reg)
if part.scheme == _part.scheme and part.netloc == _part.netloc:
return True
return True
return False
@ -1178,7 +1178,7 @@ class Provider(AProvider):
request.verify()
except MessageException, err:
if "type" not in request:
return self._error(error="invalid_type",
return self._error(error="invalid_type",
descr="%s" % err)
else:
return self._error(error="invalid_configuration_parameter",
@ -1486,8 +1486,8 @@ class Provider(AProvider):
pass
if "response_type" in areq and \
len(areq["response_type"]) == 1 and \
"none" in areq["response_type"]:
len(areq["response_type"]) == 1 and \
"none" in areq["response_type"]:
fragment_enc = False
else:
if self.sdb.is_revoked(sid):
@ -1625,6 +1625,7 @@ class Provider(AProvider):
"""
return self.end_session_endpoint(request, **kwargs)
# -----------------------------------------------------------------------------

3
src/oic/utils/aes.py
View File

@ -64,7 +64,7 @@ def encrypt(key, msg, iv=None, alg="aes_128_cbc", padding="PKCS#7",
if _block_size:
plen = _block_size - (len(msg) % _block_size)
c = chr(plen)
msg += c*plen
msg += c * plen
cipher, iv = build_cipher(key, iv, alg)
cmsg = iv + cipher.encrypt(msg)
@ -95,6 +95,7 @@ def decrypt(key, msg, iv=None, padding="PKCS#7", b64dec=True):
res = res[:-ord(res[-1])]
return res
if __name__ == "__main__":
key_ = "1234523451234545" # 16 byte key
# Iff padded the message doesn't have to be multiple of 16 in length

3
src/oic/utils/authn/authn_context.py
View File

@ -77,7 +77,7 @@ class AuthnBroker(object):
if level and level != item["level"]:
_remain.append(_ref)
if authn_authority and \
authn_authority != item["authn_authority"]:
authn_authority != item["authn_authority"]:
_remain.append(_ref)
if _remain:
self.db[acr] = _remain
@ -204,6 +204,7 @@ def make_auth_verify(callback, next_module_instance=None):
setup_multi_auth (in multi_auth.py)
:return: function encapsulating the specified callback which properly handles a multi auth chain.
"""
def auth_verify(environ, start_response, logger):
kwargs = extract_from_request(environ)

12
src/oic/utils/authn/client.py
View File

@ -3,6 +3,7 @@ import base64
from jwkest import Invalid
from jwkest import MissingKey
from jwkest.jws import alg2keytype
from oic.exception import UnknownAssertionType
from oic.exception import NotForMe
from oic.oauth2 import rndstr, VREQUIRED
@ -65,6 +66,7 @@ class ClientSecretBasic(ClientAuthnMethod):
Server, authenticate with the Authorization Server in accordance with
Section 3.2.1 of OAuth 2.0 [RFC6749] using HTTP Basic authentication scheme.
"""
def construct(self, cis, request_args=None, http_args=None, **kwargs):
"""
:param cis: Request class instance
@ -125,6 +127,7 @@ class ClientSecretPost(ClientSecretBasic):
Section 3.2.1 of OAuth 2.0 [RFC6749] by including the Client Credentials in
the request body.
"""
def construct(self, cis, request_args=None, http_args=None, **kwargs):
if "client_secret" not in cis:
try:
@ -177,7 +180,7 @@ class BearerHeader(ClientAuthnMethod):
_acc_token = request_args["access_token"]
# Do I need to base64 encode the access token ? Probably !
#_bearer = "Bearer %s" % base64.b64encode(_acc_token)
# _bearer = "Bearer %s" % base64.b64encode(_acc_token)
_bearer = "Bearer %s" % _acc_token
if http_args is None:
http_args = {"headers": {}}
@ -246,7 +249,6 @@ def bearer_auth(req, authn):
class JWSAuthnMethod(ClientAuthnMethod):
def choose_algorithm(self, entity, **kwargs):
try:
algorithm = kwargs["algorithm"]
@ -324,7 +326,7 @@ class JWSAuthnMethod(ClientAuthnMethod):
return False
logger.debug("authntoken: %s" % bjwt.to_dict())
#logger.debug("known clients: %s" % self.cli.cdb.keys())
# logger.debug("known clients: %s" % self.cli.cdb.keys())
try:
# There might not be a client_id in the request
assert str(bjwt["iss"]) in self.cli.cdb # It's a client I know
@ -355,6 +357,7 @@ class ClientSecretJWT(JWSAuthnMethod):
The HMAC (Hash-based Message Authentication Code) is calculated using the
bytes of the UTF-8 representation of the client_secret as the shared key.
"""
def choose_algorithm(self, entity="client_secret_jwt", **kwargs):
return JWSAuthnMethod.choose_algorithm(self, entity, **kwargs)
@ -366,6 +369,7 @@ class PrivateKeyJWT(JWSAuthnMethod):
"""
Clients that have registered a public key sign a JWT using that key.
"""
def choose_algorithm(self, entity="private_key_jwt", **kwargs):
return JWSAuthnMethod.choose_algorithm(self, entity, **kwargs)
@ -373,7 +377,7 @@ class PrivateKeyJWT(JWSAuthnMethod):
return self.cli.keyjar.get_signing_key(alg2keytype(algorithm), "")
#from oic.utils.authn.client_saml import SAML2_BEARER_ASSERTION_TYPE
# from oic.utils.authn.client_saml import SAML2_BEARER_ASSERTION_TYPE
CLIENT_AUTHN_METHOD = {

5
src/oic/utils/authn/client_saml.py
View File

@ -1,7 +1,9 @@
import base64
from oic.utils.authn.client import ClientAuthnMethod
from oic.utils.authn.client import CLIENT_AUTHN_METHOD
__author__ = 'rolandh'
SAML2_BEARER_ASSERTION_TYPE = \
@ -16,6 +18,7 @@ else:
"""
Authenticating clients using the SAML2 assertion profile
"""
def construct(self, cis, assertion=None, **kwargs):
"""
@ -38,7 +41,7 @@ else:
def _verify_saml2_assertion(self, assertion):
subject = assertion.subject
#client_id = subject.name_id.text
# client_id = subject.name_id.text
#who_ever_issued_it = assertion.issuer.text
audience = []

8
src/oic/utils/authn/javascript_login.py
View File

@ -1,10 +1,12 @@
import urlparse
from urlparse import parse_qs
from oic.utils.authn.user import UserAuthnMethod, logger, UsernamePasswordMako
from oic.utils.http_util import Response, Unauthorized, Redirect
from oic.utils.authn.user import logger, UsernamePasswordMako
from oic.utils.http_util import Unauthorized, Redirect
__author__ = 'danielevertsson'
class JavascriptFormMako(UsernamePasswordMako):
"""Do user authentication using the normal username password form in a
WSGI environment using Mako as template system"""

3
src/oic/utils/authn/ldap_member.py
View File

@ -1,13 +1,14 @@
import logging
from oic.utils.userinfo.ldap_info import UserInfoLDAP
__author__ = 'haho0032'
logger = logging.getLogger(__name__)
class UserLDAPMemberValidation(UserInfoLDAP):
def __init__(self, verify_attr=None, verify_attr_valid=None, **kwargs):
UserInfoLDAP.__init__(self, **kwargs)
self.verify_attr = verify_attr

2
src/oic/utils/authn/ldapc.py
View File

@ -1,6 +1,8 @@
import ldap
from oic.utils.authn.user import UsernamePasswordMako
SCOPE_MAP = {
"base": ldap.SCOPE_BASE,
"onelevel": ldap.SCOPE_ONELEVEL,

2
src/oic/utils/authn/multi_auth.py
View File

@ -9,6 +9,7 @@ class MultiAuthnMethod(UserAuthnMethod):
Small auth module just to kick off multi auth chains (it must be the first module in the chain).
Do no instantiate this object, use setup_multi_auth instead!
"""
def __init__(self, auth_module):
UserAuthnMethod.__init__(self, None)
self.auth_module = auth_module
@ -49,6 +50,7 @@ class AuthnIndexedEndpointWrapper(UserAuthnMethod):
Wrapper class for using an authn module with multiple endpoints.
Encapsulates the desired index of the endpoint.
"""
def __init__(self, authn_instance, end_point_index):
UserAuthnMethod.__init__(self, None)

41
src/oic/utils/authn/saml.py
View File

@ -4,21 +4,24 @@ from tempfile import NamedTemporaryFile
from urllib import urlencode
import logging
import base64
from urlparse import parse_qs
from oic.oauth2 import VerificationError
from oic.utils.authn.user import UserAuthnMethod
from oic.utils.authn.user import create_return_url
from urlparse import parse_qs
from oic.utils.http_util import Redirect
from oic.utils.http_util import SeeOther
from oic.utils.http_util import Response
from oic.utils.http_util import Unauthorized
logger = logging.getLogger(__name__)
class ServiceErrorException(Exception):
pass
try:
import saml2
except ImportError:
@ -36,7 +39,7 @@ else:
from saml2.s_utils import UnknownPrincipal
from saml2.s_utils import UnsupportedBinding
#This class handles user authentication with CAS.
# This class handles user authentication with CAS.
class SAMLAuthnMethod(UserAuthnMethod):
CONST_QUERY = "query"
CONST_SAML_COOKIE = "samlauthc"
@ -348,22 +351,22 @@ else:
return self.response(binding, ht_args, query)
def response(self, binding, http_args, query):
cookie = self.create_cookie(
'{"' + self.CONST_QUERY + '": "' + base64.b64encode(query) +
'" , "' + self.CONST_HASIDP + '": "True" }',
self.CONST_SAML_COOKIE, self.CONST_SAML_COOKIE)
if binding == BINDING_HTTP_ARTIFACT:
resp = Redirect()
elif binding == BINDING_HTTP_REDIRECT:
for param, value in http_args["headers"]:
if param == "Location":
resp = SeeOther(str(value), headers=[cookie])
break
else:
raise ServiceErrorException("Parameter error")
cookie = self.create_cookie(
'{"' + self.CONST_QUERY + '": "' + base64.b64encode(query) +
'" , "' + self.CONST_HASIDP + '": "True" }',
self.CONST_SAML_COOKIE, self.CONST_SAML_COOKIE)
if binding == BINDING_HTTP_ARTIFACT:
resp = Redirect()
elif binding == BINDING_HTTP_REDIRECT:
for param, value in http_args["headers"]:
if param == "Location":
resp = SeeOther(str(value), headers=[cookie])
break
else:
http_args["headers"].append(cookie)
resp = Response(http_args["data"],
headers=http_args["headers"])
raise ServiceErrorException("Parameter error")
else:
http_args["headers"].append(cookie)
resp = Response(http_args["data"],
headers=http_args["headers"])
return resp
return resp

5
src/oic/utils/authn/user.py
View File

@ -7,7 +7,7 @@ from urlparse import parse_qs
from urlparse import urlsplit
import urlparse
#from oic.utils.aes_m2c import AES_decrypt
# from oic.utils.aes_m2c import AES_decrypt
from oic.utils import aes
from oic.utils.http_util import Response
from oic.utils.http_util import CookieDealer
@ -91,6 +91,7 @@ class UserAuthnMethod(CookieDealer):
return rp_query_cookie[0]
return ""
def url_encode_params(params=None):
if not isinstance(params, dict):
raise Exception("You must pass in a dictionary!")
@ -280,7 +281,6 @@ class UsernamePasswordMako(UserAuthnMethod):
class BasicAuthn(UserAuthnMethod):
def __init__(self, srv, pwd, ttl=5):
UserAuthnMethod.__init__(self, srv, ttl)
self.passwd = pwd
@ -310,7 +310,6 @@ class BasicAuthn(UserAuthnMethod):
class SymKeyAuthn(UserAuthnMethod):
def __init__(self, srv, ttl, symkey):
UserAuthnMethod.__init__(self, srv, ttl)
self.symkey = symkey

8
src/oic/utils/authn/user_cas.py
View File

@ -6,15 +6,17 @@ import logging
import requests
import base64
import xml.etree.ElementTree as ET
from oic.utils.authn.user import UserAuthnMethod
from urlparse import parse_qs
from oic.utils.authn.user import UserAuthnMethod
from oic.utils.http_util import Redirect
from oic.utils.http_util import Unauthorized
logger = logging.getLogger(__name__)
#This class handles user authentication with CAS.
# This class handles user authentication with CAS.
class CasAuthnMethod(UserAuthnMethod):
#Standard login url for a CAS server.
CONST_CASLOGIN = "/cas/login?"
@ -122,7 +124,7 @@ class CasAuthnMethod(UserAuthnMethod):
if acr is None:
acr = ""
return self.service_url + "?" + self.CONST_NONCE + "=" + nonce + \
"&acr_values=" + acr
"&acr_values=" + acr
def verify(self, request, cookie, **kwargs):
"""

2
src/oic/utils/authz.py
View File

@ -1,8 +1,10 @@
import logging
import time
from oic.utils.http_util import CookieDealer
from oic.utils.authn.user import ToOld
logger = logging.getLogger(__name__)

2
src/oic/utils/claims.py
View File

@ -1,7 +1,7 @@
__author__ = 'rolandh'
#noinspection PyUnusedLocal
# noinspection PyUnusedLocal
class ClaimsMode(object):
def __init__(self, user2mode):
self.user2mode = user2mode

17
src/oic/utils/http_util.py
View File

@ -4,8 +4,8 @@ import cgi
import time
import hashlib
import hmac
from urllib import quote
from Cookie import SimpleCookie
from oic.oauth2 import rndstr
from oic.exception import UnsupportedMethod
@ -13,8 +13,6 @@ from oic.utils import time_util
from oic.utils.aes import encrypt
from oic.utils.aes import decrypt
from Cookie import SimpleCookie
class Response(object):
_template = None
@ -73,8 +71,8 @@ class NoContent(Response):
class Redirect(Response):
_template = '<html>\n<head><title>Redirecting to %s</title></head>\n' \
'<body>\nYou are being redirected to <a href="%s">%s</a>\n' \
'</body>\n</html>'
'<body>\nYou are being redirected to <a href="%s">%s</a>\n' \
'</body>\n</html>'
_status = '302 Found'
def __call__(self, environ, start_response, **kwargs):
@ -86,8 +84,8 @@ class Redirect(Response):
class SeeOther(Response):
_template = '<html>\n<head><title>Redirecting to %s</title></head>\n' \
'<body>\nYou are being redirected to <a href="%s">%s</a>\n' \
'</body>\n</html>'
'<body>\nYou are being redirected to <a href="%s">%s</a>\n' \
'</body>\n</html>'
_status = '303 See Other'
def __call__(self, environ, start_response, **kwargs):
@ -216,7 +214,7 @@ def cookie_signature(seed, *parts):
return sha1.hexdigest()
def make_cookie(name, load, seed, expire=0, domain="", path="", timestamp=""):
def make_cookie(name, load, seed, expire=0, domain="", path="", timestamp=""):
"""
Create and return a cookie
@ -351,12 +349,11 @@ def wsgi_wrapper(environ, start_response, func, **kwargs):
resp = args
return resp(environ, start_response)
except Exception as err:
#logger.error("%s" % err)
# logger.error("%s" % err)
raise
class CookieDealer(object):
def getServer(self):
return self._srv

18
src/oic/utils/keyio.py
View File

@ -1,8 +1,10 @@
import json
import time
from Crypto.PublicKey import RSA
from oic.exception import MessageException
__author__ = 'rohe0002'
import logging
@ -37,7 +39,7 @@ K2C = {
"RSA": RSAKey,
"EC": ECKey,
"oct": SYMKey,
# "pkix": PKIX_key
# "pkix": PKIX_key
}
@ -546,7 +548,7 @@ class KeyJar(object):
try:
self.add(issuer, pcr["jwks_uri"])
except KeyError:
# jwks should only be considered if no jwks_uri is present
# jwks should only be considered if no jwks_uri is present
try:
_keys = pcr["jwks"]["keys"]
self.issuer_keys[issuer].append(KeyBundle(_keys))
@ -586,6 +588,7 @@ class KeyJar(object):
for issuer, keys in info.items():
self.issuer_keys[issuer] = [KeyBundle(keys)]
# =============================================================================
@ -596,12 +599,14 @@ class RedirectStdStreams(object):
def __enter__(self):
self.old_stdout, self.old_stderr = sys.stdout, sys.stderr
self.old_stdout.flush(); self.old_stderr.flush()
self.old_stdout.flush();
self.old_stderr.flush()
sys.stdout, sys.stderr = self._stdout, self._stderr
#noinspection PyUnusedLocal
# noinspection PyUnusedLocal
def __exit__(self, exc_type, exc_value, traceback):
self._stdout.flush(); self._stderr.flush()
self._stdout.flush();
self._stderr.flush()
sys.stdout = self.old_stdout
sys.stderr = self.old_stderr
@ -684,6 +689,7 @@ def key_export(baseurl, local_path, vault, keyjar, **kwargs):
return _url
# ================= create RSA key ======================
@ -741,7 +747,7 @@ def proper_path(path):
#
#
# def make_req(bits, fqdn="example.com", rsa=None):
# pk = EVP.PKey()
# pk = EVP.PKey()
# x = X509.Request()
# if not rsa:
# rsa = RSA.gen_key(bits, 65537, lambda: None)

18
src/oic/utils/sdb.py
View File

@ -1,7 +1,9 @@
import copy
import uuid
from oic.oic import AuthorizationRequest
__author__ = 'rohe0002'
import hmac
@ -168,7 +170,7 @@ class SessionDB(object):
sid = self.token.get_key(key)
except Exception:
raise KeyError
if sid not in self._db:
raise KeyError
else:
@ -321,7 +323,7 @@ class SessionDB(object):
access_token = self.token("T", prev=rtoken)
dic["token_expires_at"] = utc_time_sans_frac() + self.token_expires_in
#dic["client_id_issued_at"] = utc_time_sans_frac()
# dic["client_id_issued_at"] = utc_time_sans_frac()
dic["access_token"] = access_token
self._db[sid] = dic
#self._db[dic["xxxx"]] = dic
@ -362,17 +364,17 @@ class SessionDB(object):
return True
def is_revoked(self, sid):
#typ, sid = self.token.type_and_key(token)
# typ, sid = self.token.type_and_key(token)
try:
return self[sid]["revoked"]
except KeyError:
return False
# def set_oir(self, key, oir):
# self._db[key] = oir.dictionary()
#
# def get_oir(self, key):
# return OpenIDRequest(**self._db[key])
# def set_oir(self, key, oir):
# self._db[key] = oir.dictionary()
#
# def get_oir(self, key):
# return OpenIDRequest(**self._db[key])
def revoke_token(self, token):
# revokes either the refresh token or the access token

8
src/oic/utils/stateless.py
View File

@ -1,10 +1,12 @@
import time
from oic.oic.message import SINGLE_REQUIRED_INT
from oic.oauth2 import Message
from oic.oauth2 import SINGLE_REQUIRED_STRING
from oic.oauth2 import SINGLE_OPTIONAL_STRING
from oic.utils.time_util import epoch_in_a_while
__author__ = 'roland'
@ -14,8 +16,8 @@ class Content(Message):
"sub": SINGLE_REQUIRED_STRING, # Which subject that authenticated
"auz": SINGLE_OPTIONAL_STRING, # Authorization information
"aud": SINGLE_OPTIONAL_STRING, # The intended receiver
"val": SINGLE_REQUIRED_INT, # Valid until
"ref": SINGLE_OPTIONAL_STRING # Refresh token
"val": SINGLE_REQUIRED_INT, # Valid until
"ref": SINGLE_OPTIONAL_STRING # Refresh token
}
c_allowed_values = {"type": ["code", "access", "refresh"]}
@ -51,7 +53,7 @@ class StateLess(object):
_cont = Content(typ="code", sub=sub, aud=areq["redirect_uri"],
val=epoch_in_a_while(self.validity["grant"]))
#return _cont.to_jwe(self.keys, self.enc, self.alg)
# return _cont.to_jwe(self.keys, self.enc, self.alg)
return _cont
def upgrade_to_token(self, cont, issue_refresh=False):

9
src/oic/utils/time_util.py
View File

@ -7,7 +7,7 @@
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@ -119,7 +119,6 @@ def parse_duration(duration):
def add_duration(tid, duration):
(sign, dur) = parse_duration(duration)
if sign == '+':
@ -166,6 +165,7 @@ def add_duration(tid, duration):
else:
pass
# ---------------------------------------------------------------------------
@ -214,6 +214,7 @@ def a_while_ago(days=0, seconds=0, microseconds=0, milliseconds=0,
return time_a_while_ago(days, seconds, microseconds, milliseconds,
minutes, hours, weeks).strftime(time_format)
# ---------------------------------------------------------------------------
@ -226,6 +227,7 @@ def shift_time(dtime, shift):
"""
return dtime + timedelta(seconds=shift)
# ---------------------------------------------------------------------------
@ -254,12 +256,14 @@ def str_to_time(timestr, time_format=TIME_FORMAT):
def instant(time_format=TIME_FORMAT):
return time.strftime(time_format, time.gmtime())
# ---------------------------------------------------------------------------
def utc_now():
return calendar.timegm(time.gmtime())
# ---------------------------------------------------------------------------
@ -316,6 +320,7 @@ def utc_time_sans_frac():
def time_sans_frac():
return int("%d" % time.time())
def epoch_in_a_while(days=0, seconds=0, microseconds=0, milliseconds=0,
minutes=0, hours=0, weeks=0):
"""

12
src/oic/utils/userinfo/aa_info.py
View File

@ -1,19 +1,19 @@
import importlib
from tempfile import NamedTemporaryFile
from oic.utils.userinfo import UserInfo
from saml2 import saml, samlp
from saml2.client import Saml2Client
from saml2 import config
from oic.utils.userinfo import UserInfo
__author__ = 'danielevertsson'
class AaUserInfo(UserInfo):
class AaUserInfo(UserInfo):
def __init__(self, spconf, url, db=None):
UserInfo.__init__(self, db)
#Configurations for the SP handler. (pyOpSamlProxy.client.sp.conf)
# Configurations for the SP handler. (pyOpSamlProxy.client.sp.conf)
self.sp_conf = importlib.import_module(spconf)
ntf = NamedTemporaryFile(suffix="pyoidc.py", delete=True)
ntf.write("CONFIG = " + str(self.sp_conf.CONFIG).replace("%s", url))
@ -27,7 +27,7 @@ class AaUserInfo(UserInfo):
entity_id = self.sp_conf.AA_ENTITY_ID
if entity_id is None:
entity_id = self.samlcache["AA_ENTITYID"]
response = self.sp.do_attribute_query(entity_id ,
response = self.sp.do_attribute_query(entity_id,
ava[self.sp_conf.AA_NAMEID_ATTRIBUTE][0],
nameid_format=self.sp_conf.AA_NAMEID_FORMAT,
attribute=self.sp_conf.AA_REQUEST_ATTRIBUTES)

5
src/oic/utils/userinfo/distaggr.py
View File

@ -1,16 +1,17 @@
import copy
import logging
from oic.oic import OpenIDSchema
from oic.oic.claims_provider import ClaimsClient
from oic.utils.userinfo import UserInfo
__author__ = 'rolandh'
logger = logging.getLogger(__name__)
class DistributedAggregatedUserInfo(UserInfo):
def __init__(self, db, oidcsrv, client_info=None):
UserInfo.__init__(self, db)
self.oidcsrv = oidcsrv
@ -130,7 +131,7 @@ class DistributedAggregatedUserInfo(UserInfo):
else:
# default is what "openid" demands which is sub
#result = identity
# result = identity
result = {"sub": userid}
return OpenIDSchema(**result)

15
src/oic/utils/userinfo/ldap_info.py
View File

@ -1,32 +1,31 @@
import logging
import ldap
from ldap import SCOPE_SUBTREE
from oic.utils.userinfo import UserInfo
__author__ = 'rolandh'
logger = logging.getLogger(__name__)
OPENID2LDAP = {
"sub": "uid",
"name": "displayName",
"given_name": "givenname",
"family_name": "sn",
"middle_name": "",
"nickname": "eduPersonNickname",
"nickname": "eduPersonNickname",
"preferred_username": "uid",
"profile": "labeledURI",
"picture": "jpegPhoto",
"website": "labeledURI",
"email": "mail",
#"email_verified":
# "email_verified":
"gender": "schacGender",
"birthdate": "schacDateOfBirth",
#zoneinfo
"locale": "preferredLanguage",
"phone_number": "telephoneNumber",
"phone_number": "telephoneNumber",
#phone_number_verified
"address": "postalAddress",
"updated_at": "" # Nothing equivalent
@ -36,9 +35,9 @@ LDAP2USERINFO = dict([(v, k) for k, v in OPENID2LDAP.items()])
class UserInfoLDAP(UserInfo):
def __init__(self, uri, base, filter_pattern, scope=SCOPE_SUBTREE,
def __init__(self, uri, base, filter_pattern, scope=ldap.SCOPE_SUBTREE,
tls=False, user="", passwd="", attr=None, attrsonly=False):
UserInfo.__init__(self, None)
super(UserInfoLDAP, self).__init__(self, None)
self.ldapuri = uri
self.base = base
self.filter_pattern = filter_pattern
@ -104,4 +103,4 @@ class UserInfoLDAP(UserInfo):
newres[key] = val
return newres
else:
return {}
return {}

2
src/oic/utils/webfinger.py
View File

@ -5,8 +5,10 @@ import re
from urllib import urlencode
import urlparse
import requests
from oic.utils.time_util import in_a_while
__author__ = 'rolandh'
logger = logging.getLogger(__name__)