source: TI05-delivery/ows_framework/trunk/ows_server/ows_server/controllers/logout.py @ 2929

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI05-delivery/ows_framework/trunk/ows_server/ows_server/controllers/logout.py@2929
Revision 2929, 2.8 KB checked in by pjkersha, 13 years ago (diff)

MAjor change to enable login transactions to operate over https.

ndgDiscovery.config: added sslServer param for https virtual host to serve secured login

ows_server/models/ndgSecurity.py:

  • access config params via g.securityCfg set in ndgMiddleware
  • improved error reporting

ows_server/config/ndgMiddleware.py: added global settings ...

  • sslServer - virtual host for running login transactions over https
  • securityCfg - security configuration parameters

ows_server/controllers/login.py:

  • urlsplit instead of urlparse
  • use ndg.security.common.m2CryptoSSLUtility.HTTPSConnection to check peer cert prior to redirect back to login requestor in LoginController?.doRedirect
  • replace 'setup' with 'before'. Latter is pylons/paste convenience method enabling settings to be made prior to each action
  • removed 'securitySetup' - this is done in ndgMiddleware at start-up
  • Nb. in doRedirect - currently set to always return params over http GET even if requestor and logi service are in the same domain - this is for testing only

ows_server/controllers/logout.py:

  • replace 'setup' with 'before'.
  • removed 'securitySetup' - this is done in ndgMiddleware at start-up

ows_server/lib/security_util.py:

  • Added SecurityConfig? class - a container for security config items held by 'g' global variable.

ows_server/lib/base.py: on setting of security params from LoginService? redirect back to http from https

ows_server/templates/ndgPage.kid: removed Session Manager address from the display - not needed for the user to see.

ows_server/templates/wayf.kid: ensure return URL is switched to https from http so that GET query args are hidden.

Line 
1from ows_server.lib.base import *
2from ows_server.lib.security_util import SecuritySession
3import logging
4log = logging.getLogger(__name__)
5
6from paste.request import parse_querystring
7import sys # include in case tracefile is set to sys.stderr
8import base64 # decode the return to address
9
10from ndg.security.common.SessionMgr import SessionMgrClient
11
12
13class LogoutController(BaseController):
14    ''' Provides the pylons controller for logging out and killing the cookies '''
15   
16    def __before__(self):
17        """Get return to URL"""
18        c.returnTo = request.params.get('r', '')
19
20   
21    def index(self):
22        ''' Ok, you really want to logout here '''
23
24        if 'ndgSec' not in session:
25            # There's no handle to a security session
26            log.error("logout called but no 'ndgSec' key in session object")
27            return self.__redirect()
28       
29        try:
30            smClnt = SessionMgrClient(uri=g.securityCfg.smURI,
31                    sslCACertFilePathList=g.securityCfg.sslCACertFilePathList,
32                    sslPeerCertCN=g.securityCfg.sslPeerCertCN,
33                    signingCertFilePath=g.securityCfg.wssCertFilePath,
34                    signingPriKeyFilePath=g.securityCfg.wssPriKeyFilePath,
35                    signingPriKeyPwd=g.securityCfg.wssPriKeyPwd,
36                    caCertFilePathList=g.securityCfg.wssCACertFilePathList,
37                    tracefile=g.securityCfg.tracefile)       
38        except Exception, e:
39            log.error("logout - creating Session Manager client: %s" % e)
40            return self.__redirect() 
41       
42        # Disconnect from Session Manager
43        log.info('Calling Session Manager "%s" disconnect for logout...' % \
44                 g.securityCfg.smURI)
45        try:
46            smClnt.disconnect(sessID=session['ndgSec']['sid'])
47        except Exception, e:
48            log.error("Error with Session Manager logout: %s" % e)
49            self.__redirect()
50           
51        try:
52            # easy to kill our cookie
53            SecuritySession.delete()
54            if 'ndgCleared' in session: del session['ndgCleared']
55            session.save()
56           
57        except Exception, e:   
58            log.error("logout - clearing security session: %s" % e)
59
60        return self.__redirect()
61   
62   
63    def __redirect(self):
64        """Handle redirect back to previous page"""
65        if c.returnTo:
66            # Decode the return to address
67            try:
68                b64decReturnTo = base64.urlsafe_b64decode(c.returnTo)
69            except Exception, e:
70                log.error("logout - decoding return URL: %s" % e) 
71                return render_response('content')
72           
73            # and now go back to whence we had come
74            h.redirect_to(b64decReturnTo)
75        else:
76            return render_response('content')
Note: See TracBrowser for help on using the repository browser.