source: TI12-security/trunk/python/Tests/security.py @ 1035

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/Tests/security.py@1035
Revision 1035, 7.8 KB checked in by pjkersha, 14 years ago (diff)

Tests/SecurityClientTest?.py: minor change to re-test glue AA getTrustedHostInfo

Tests/security.py: WORKING VERSION -

  • fixed showLogin
  • fixed showCredsReceived

dist/NDG-Security-0.66.tar.gz: new version of distribution

NDG/SecurityCGI.py: WORKING VERSION -

  • cookie expiry for new cookie transfered from another domain can be set with cookieLifetimeHrs keyword to init

This is only applies if the 'expires' argument is not set when passed back from trusted host login URL. Only
'NDG-ID1' and 'NDG-ID2' args are needed to pass credential info back to the requestor.

  • receiveCredsResponse broken up into method createCookie() to create a new cookie from the credentials received

in the URL and showCredsReceived method to display a page on completion of the transaction and set the new cookie
in the users browser.

  • authenticate method modified so that if authentication fails, the login page is re-displayed.

NDG/Session.py:

  • UserSession? class reduced sessID length to 64 chars from 128 to keep URL lenght to a minimum when transfering

credentials between domains. ID should be as long as possible to make it difficult to guess.

  • Quoted cookie expiry: sessCookieExpiryFmt = "\"%a, %d-%b-%Y %H:%M:%S GMT\"" as official format reuqires. If not

quoted, SimpleCookie? won't parse it correctly.

Line 
1#!/usr/local/NDG/ActivePython-2.4/bin/python
2
3"""Example NDG Security CGI service based on SecurityCGI base class
4
5NERC Data Grid Project
6
7P J Kershaw 25/05/06
8
9Copyright (C) 2006 CCLRC & NERC
10
11This software may be distributed under the terms of the Q Public License,
12version 1.0 or later.
13"""
14import os
15from NDG.SecurityCGI import *
16
17
18class TestSecurityCGI(SecurityCGI):
19    """CGI interface test class for NDG Security"""
20
21
22    #_________________________________________________________________________
23    def showLogin(self, returnURI=None, bAuthorise=False, **kwargs):
24        """Display initial NDG login form"""
25
26        if returnURI:
27            returnURIfield = \
28             "<input type=hidden name=\"returnURI\" value=\"%s\">" % returnURI
29        else:
30            returnURIfield = ''
31
32
33        if bAuthorise:
34            authoriseField = \
35                "<input type=hidden name=\"authorise\" value=\"1\">"
36        else:
37            authoriseField = ""
38
39
40        # Set authorisation method default
41        authorisationMethodChk = {  "allowMapping":              '',
42                                    "allowMappingWithPrompt" :   '',
43                                    "noMapping":                 ''}
44
45        if self._authorisationMethod is None:
46            # Default to safest option for user
47            authorisationMethodChk["allowMappingWithPrompt"] = ' checked'
48        else:
49            authorisationMethodChk[self._authorisationMethod] = ' checked'
50
51
52        print """Content-type: text/html
53
54<html>
55<head>
56<title>NDG Login</title>
57<style type=\"text/css\">
58<!--
59.al {
60text-align: justify
61}
62a{
63text-decoration:none;
64}
65a:hover{
66color:#0000FF;
67}
68    body { font-family: Verdana, sans-serif; font-size: 11}
69    table { font-family: Verdana, sans-serif; font-size: 11}
70-->
71</style>
72</head>
73<body>
74    <script language="javascript">
75        <!--
76            function toggleLayer(layerId)
77            {
78                if (document.getElementById)
79                {
80                    // Standard
81                    var style = document.getElementById(layerId).style;
82                }
83                else if (document.all)
84                {
85                    // Old msie versions
86                    var style = document.all[whichLayer].style;
87                }
88                else if (document.layers)
89                {
90                    // nn4
91                    var style = document.layers[whichLayer].style;
92                }
93                style.visibility = style.visibility == "visible" ?
94"hidden":"visible";            }
95        //-->
96    </script>
97    <h3>NERC Data Grid Site Login (Test)<BR clear=all></h3>
98    <hr>
99
100    <form action="%s" method="POST">
101
102    <table bgcolor=#ADD8E6 cellspacing=0 border=0 cellpadding=5>
103    <tbody>
104    <tr>
105      <td>User Name:</td>
106      <td><input type=text name="userName" value=""></td>
107    </tr>
108    <tr>
109      <td>Password:</td>
110      <td><input type=password name="passPhrase"></td>
111    </tr>
112    <tr>
113      <td colspan="2" align="right">
114        <a href="javascript:toggleLayer('advSettings');">
115        Advanced Settings
116        </a>
117        <input type=submit value="Login">
118      </td>
119    </tr>
120    <input type=hidden name="authenticate" value="1">
121    </tbody>
122    </table>
123    %s
124    %s
125    </form>
126</body>
127</html>"""  % (self.scriptName, returnURIfield, authoriseField)
128
129        print \
130"""    </tbody>
131    </table>
132    <br>
133    <div id="advSettings" style="position: relative; visibility: hidden;">
134      <h4>Role Mapping for access to other trusted sites</h4>
135      <p>Your account has roles or <i>privileges</i> which determine what data
136you have access to.  If you access data at another NDG trusted site, these
137roles can be mapped to local roles at that site to help you gain access:
138      </p>
139    <table bgcolor=#ADD8E6 cellspacing=0 border=0 cellpadding=5>
140    <tbody>
141      <tr>
142        <td><input type="radio" name="authorisationMethod"
143value="allowMapping"%s>
144        </td>
145        <td>
146        Allow my roles to be mapped to local roles at other NDG trusted sites.
147        </td>
148      </tr>
149      <tr>
150        <td>
151          <input type="radio" name="authorisationMethod"
152value="allowMappingWithPrompt"%s>
153        </td>
154        <td>
155            Allow my roles to be mapped, but prompt me so that I may choose
156which roles to map before gaining access.
157        </td>
158        <tr>
159        <td>
160          <input type="radio" name="authorisationMethod" value="noMapping"%s>
161        </td>
162        <td>
163          Don't allow mapping of my roles.
164        </td>
165        </tr>
166      </tbody>
167      </table>
168    </div>
169    </form>
170</body>
171</html>""" % (authorisationMethodChk['allowMapping'], \
172              authorisationMethodChk['allowMappingWithPrompt'], \
173              authorisationMethodChk['noMapping'])
174
175        # end of showLogin()
176
177
178    def showHomeSiteSelect(self, **kwargs):
179
180        if not self.trustedHostInfo:
181            self.getTrustedHostInfo()
182
183        print """Content-type: text/html
184
185<html>
186<head>
187    <title>Select site to retrieve credentials</title>
188    <style type=\"text/css\">
189    <!--
190    .al {
191    text-align: justify
192    }
193    a{
194    text-decoration:none;
195    }
196    a:hover{
197    color:#0000FF;
198    }
199        body { font-family: Verdana, sans-serif; font-size: 11}
200        table { font-family: Verdana, sans-serif; font-size: 11}
201    -->
202    </style>
203</head>
204<body>
205    <form action="%s" method="POST">
206    <table bgcolor=#ADD8E6 cellspacing=0 border=0 cellpadding=5>
207    <tbody>
208    <tr>
209      <td>
210        <select name="requestURI">
211          <option value="">Select your home site...""" % self.scriptName
212
213        for hostname, info in self.trustedHostInfo.items():
214            print "<option value=\"%s\">%s" % (info['loginURI'], hostname)
215
216        print \
217"""     </select>
218      </td>
219      <td align="right">
220        <input type=submit value="Go">
221      </td>
222    </tr>
223    </tbody>
224    </table>
225    </form>
226</body>
227</html>"""
228
229        # end of showHomeSiteSelect()
230
231
232    #_________________________________________________________________________
233    def showCredsReceived(self,
234                              sessCookie,
235                                                  pageTitle='',
236                                                  hdrTxt='',
237                                                  bodyTxt=''):
238        """Called from receiveCredsResponse() once a cookie has been created.
239        Makes a page to set the cookie and display to the user that they have
240        been authenticated.  Derived class should override this method as
241        required"""
242        print """Content-type: text/html
243%s
244
245<html>
246<head>
247<title>NDG Authentication</title>
248    <style type=\"text/css\">
249    <!--
250    .al {
251    text-align: justify
252    }
253    a{
254    text-decoration:none;
255    }
256    a:hover{
257    color:#0000FF;
258    }
259        body { font-family: Verdana, sans-serif; font-size: 11}
260        table { font-family: Verdana, sans-serif; font-size: 11}
261    -->
262    </style>
263</head>
264<body>
265    New cookie set from credentials transfered from other domain
266</body>
267</html>""" % sessCookie.output()
268
269
270#_____________________________________________________________________________
271if __name__ == "__main__":
272
273    smWSDL = "http://gabriel.bnsc.rl.ac.uk/sessionMgr.wsdl"
274    aaWSDL = 'http://gabriel.bnsc.rl.ac.uk/attAuthority.wsdl'
275
276    smPubKeyFilePath = "/usr/local/NDG/conf/certs/gabriel-sm-cert.pem"
277    aaPubKeyFilePath = "/usr/local/NDG/conf/certs/gabriel-aa-cert.pem"
278
279    clntPubKeyFilePath = "../certs/GabrielCGI-cert.pem"
280    clntPriKeyFilePath = "../certs/GabrielCGI-key.pem"
281
282    returnURI = "https://gabriel.bnsc.rl.ac.uk/cgi-bin/security.py"
283
284    securityCGI = TestSecurityCGI(smWSDL,
285                                  aaWSDL,
286                                                                  scriptName=os.path.basename(__file__),
287                                  smPubKeyFilePath=smPubKeyFilePath,
288                                  aaPubKeyFilePath=aaPubKeyFilePath,
289                                  clntPubKeyFilePath=clntPubKeyFilePath,
290                                  clntPriKeyFilePath=clntPriKeyFilePath,
291                                  returnURI=returnURI)
292    securityCGI()
Note: See TracBrowser for help on using the repository browser.