source: TI05-delivery/ows_framework/trunk/ows_server/ows_server/controllers/login.py @ 3056

import sys,cgi
from urlparse import urlsplit, urlunsplit
import base64

from ows_server.lib.base import *
from ows_server.lib.security_util import setSecuritySession, LoginServiceQuery
from ows_common.exception_report import OwsError
from paste.request import parse_querystring
import logging
log = logging.getLogger(__name__)

from ndg.security.common.AttAuthority import AttAuthorityClient
from ndg.security.common.SessionMgr import SessionMgrClient, SessionExpired, \
    AttributeRequestDenied
from ndg.security.common.m2CryptoSSLUtility import HTTPSConnection, \
    HostCheck, InvalidCertSignature, InvalidCertDN


class LoginController(BaseController):
    ''' Provides the pylons controller for local login '''
    
    def __before__(self, action): 
        """For each action, get 'r' return to URL argument from current URL 
        query string.  c.returnTo is used in some of the .kid files"""
        c.returnTo = request.params.get('r', '')
        
        # Check return to address - getCredentials should NOT be returned to
        # with its query args intact
        b64decReturnTo = base64.urlsafe_b64decode(c.returnTo)
        scheme, netloc, pathInfo, query, frag = urlsplit(b64decReturnTo)
        if 'getCredentials' in pathInfo:
            # Swap to discovery and remove sensitive creds query args
            #
            # TODO: re-write to be more robust and modular.  Nb. 
            # BaseController.__call__ should filter out 'getCredentials'
            # calls from c.requestURL so this code should never need to be 
            # executed.
            filteredReturnTo = urlunsplit((scheme,netloc,'/discovery','',''))
            c.returnTo = base64.urlsafe_b64encode(filteredReturnTo)
        
        # Check return to address - getCredentials should NOT be returned to
        # with its query args intact
        log.debug("LoginController.__before__: Decoded c.returnTo = %s" % \
                                      base64.urlsafe_b64decode(c.returnTo))
    
    
    def index(self):
        ''' Ok, you really want to login here '''
        log.debug("LoginController.index ...")   

        if 'ndgSec' not in session: 
            log.debug('No security session details found - offering login...')
            return render_response('login')
        
        # Session is set in this domain - check it 
        try:    
            smClnt = SessionMgrClient(uri=session['ndgSec']['h'],
                    sslCACertFilePathList=g.securityCfg.sslCACertFilePathList,
                    sslPeerCertCN=g.securityCfg.sslPeerCertCN,
                    signingCertFilePath=g.securityCfg.wssCertFilePath,
                    signingPriKeyFilePath=g.securityCfg.wssPriKeyFilePath,
                    signingPriKeyPwd=g.securityCfg.wssPriKeyPwd,
                    caCertFilePathList=g.securityCfg.wssCACertFilePathList,
                    tracefile=g.securityCfg.tracefile)
                                
        except Exception, e:
            c.xml='Error establishing security context [%s]'%cgi.escape(str(e))
            return Response(render('content'), code=400)
        
        # Check session status
        log.debug('Calling Session Manager "%s" getSessionStatus ' % \
                  session['ndgSec']['h'] + 'for user "%s" with sid="%s" ...'%\
                  (session['ndgSec']['u'], session['ndgSec']['sid']))
        try:
            bSessOK = smClnt.getSessionStatus(sessID=session['ndgSec']['sid'])
        except Exception, e:
            c.xml = "Error checking your session details.  Please re-login"
            log.error("Session Manager getSessionStatus returned: %s" % e)
        return Response(render('login'), code=401)
   
        if bSessOK:
            log.debug(\
        "Session found - redirect back to site requesting credentials ...")
            # ... Return across http GET passing security parameters...
            return self.__doRedirect()
        else:
            log.debug("Session wasn't found - re-displaying login...")
            render_response('login')


    def getCredentials(self):
        """Authenticate user and cache user credentials in
        Session Manager following user login"""
        log.debug("LoginController.getCredentials ...")   

        try:    
            smClnt = SessionMgrClient(uri=g.securityCfg.smURI,
                    sslCACertFilePathList=g.securityCfg.sslCACertFilePathList,
                    sslPeerCertCN=g.securityCfg.sslPeerCertCN,
                    signingCertFilePath=g.securityCfg.wssCertFilePath,
                    signingPriKeyFilePath=g.securityCfg.wssPriKeyFilePath,
                    signingPriKeyPwd=g.securityCfg.wssPriKeyPwd,
                    caCertFilePathList=g.securityCfg.wssCACertFilePathList,
                    tracefile=g.securityCfg.tracefile)
                                
            username = request.params['username']
            passphrase = request.params['passphrase']                     
                                
        except Exception, e:
            c.xml='Error establishing security context [%s]'%cgi.escape(str(e))
            return Response(render('content'), code=400)
        
        # Connect to Session Manager
        log.debug('Calling Session Manager "%s" connect for user "%s" ...' % \
                  (g.securityCfg.smURI, username))
        try:
            sessID = smClnt.connect(username, passphrase=passphrase)[-1]
        except Exception, e:
            c.xml = \
    "Error logging in.  Please check your username/pass-phrase and try again."
            log.error("Session Manager connect returned: %s" % e)
            return Response(render('login'), code=401)
        
        # Cache user attributes in Session Manager
        log.debug("Calling Session Manager getAttCert for user ")
        try:
            # Make request for attribute certificate
            attCert = smClnt.getAttCert(sessID=sessID, 
                                        attAuthorityURI=g.securityCfg.aaURI)
        except SessionExpired, e:
            log.info("Session expired getting Attribute Certificate: %s" % e)
            c.xml = "Session has expired, please re-login"
            return Response(render('login'), code=401)
            
        except AttributeRequestDenied, e:
            log.error("Login: attribute Certificate request denied: %s" % e)
            c.xml = "No authorisation roles are available for your " + \
                    "account.  Please check with your site administrator."
            return Response(render('login'), code=401)
            
        except Exception, e:
            log.error("Login: attribute Certificate request: %s" % e)
            c.xml = "An internal error occured.  Please report this to " + \
                    "your site administrator."
            return Response(render('login'), code=400)

        log.debug('Completing login...')
        
        # Make security session details
        setSecuritySession(h=g.securityCfg.smURI,
                           u=username,
                           org=attCert.issuerName,
                           roles=attCert.roles,
                           sid=sessID)
        session['panelView']='History'
        session.save()

        log.info("user %s logged in with roles %s" % (session['ndgSec']['u'],
                                                  session['ndgSec']['roles']))
        return self.__doRedirect()
            
            
    def wayf(self):
        ''' NDG equivalent to Shibboleth WAYF '''
        log.debug("LoginController.wayf ...")   

        # May be better as a 'g' global set-up at start-up?
        #
        # tracefile could be removed for production use
        aaClnt = AttAuthorityClient(uri=g.securityCfg.aaURI,
                    signingCertFilePath=g.securityCfg.wssCertFilePath,
                    signingPriKeyFilePath=g.securityCfg.wssPriKeyFilePath,
                    signingPriKeyPwd=g.securityCfg.wssPriKeyPwd,
                    caCertFilePathList=g.securityCfg.wssCACertFilePathList,
                    tracefile=g.securityCfg.tracefile)

        # Get list of login uris for trusted sites including THIS one
        log.debug("Calling Attribute Authority getTrustedHostInfo and " + \
                  "getHostInfo for wayf")

        hosts = aaClnt.getAllHostsInfo()    
        c.providers=dict([(k, v['loginURI']) for k, v in hosts.items()])
        
        if 'panelView' in session: del session['panelView']
        session.save()
        
        return render_response('wayf')
        
        
    def __doRedirect(self):
        """Pass security creds back to requestor so that they can make
        a cookie.  If the requestor is in the same domain as the login then
        this is not necessary."""
        
        # and now go back to whence we had come
        if c.returnTo!='':
            # is there a keyword on redirect_to that can make this https? See:
            # http://pylonshq.com/project/pylonshq/browser/Pylons/trunk/pylons/decorators/secure.py#L69

            # Only add token if return URI is in a different domain
            thisHostname = request.host.split(':')[0]
            
            # Decode return to address
            cc = base64.urlsafe_b64decode(c.returnTo)
            log.debug('Login redirect to [%s]' % cc)

            returnToHostname = urlsplit(cc)[1]
#            returnToHostname = 'localhost'
#            if thisHostname not in returnToHostname:
            if True:
                # Returning to a different domain - copy the security session
                # details into the URL query string
                if '?' in cc:
                    cc+='&%s' % LoginServiceQuery()
                else:
                    cc+='?%s' % LoginServiceQuery()
            
            # Check return-to address by examining peer cert
            log.debug("Checking return-to URL for valid SSL peer cert. ...")
            
            # Look-up list of Cert DNs for trusted requestors
            aaClnt = AttAuthorityClient(uri=g.securityCfg.aaURI,
                    signingCertFilePath=g.securityCfg.wssCertFilePath,
                    signingPriKeyFilePath=g.securityCfg.wssPriKeyFilePath,
                    signingPriKeyPwd=g.securityCfg.wssPriKeyPwd,
                    caCertFilePathList=g.securityCfg.wssCACertFilePathList,
                    tracefile=g.securityCfg.tracefile)
            
            HostInfo = aaClnt.getAllHostsInfo()
            requestServerDN = [val['loginRequestServerDN'] \
                               for val in HostInfo.values()]
            log.debug("Expecting DN for SSL peer one of: %s"%requestServerDN)
            hostCheck=HostCheck(acceptedDNs=requestServerDN,
                    caCertFilePathList=g.securityCfg.sslCACertFilePathList)            
            testConnection = HTTPSConnection(returnToHostname, 
                                             None, 
                                             postConnectionCheck=hostCheck)

            log.debug('Testing connection to "%s"' % returnToHostname)
            try:
                try:
                    testConnection.connect()
                except (InvalidCertSignature, InvalidCertDN), e:
                    log.error("Login: requestor SSL certificate: %s" % e)
                    c.xml = """Request to redirect back to %s with your 
credentials refused: there is a problem with the SSL certificate of this site.
  Please report this to your site administrator.""" % returnToHostname
                    return Response(render('login'), code=400)
            finally:    
                testConnection.close()

            log.debug("SSL peer cert. is OK - redirecting to [%s] ..." % cc)
            h.redirect_to(cc)
        else:
            c.xml='<p> Logged in </p>'
            return render_response('content')