source: TI12-security/trunk/python/Tests/security.py @ 1340

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/Tests/security.py@1340
Revision 1340, 7.7 KB checked in by pjkersha, 13 years ago (diff)

Tests/SecurityCGItest: ServiceProviderSecurityCGI now takes returnURI arg. showHomeSiteSelect renamed ->
testSPshowIdPsiteSelect.

NDG/AttAuthorityIO, NDG/SessionMgrIO, NDG/SecurityCGI.py, www/cgi-bin/idp.py and cgi-bin/sp.py:

  • fix to major bug - calls to super should give class name explicitly and not self.class otherwise

derived classes will pick up the wrong super class.

NDG/SecurityCGI.py: major fixes and improvements; bug still exists with _returnCredsResponse

NDG/Session.py: fix call to createSecurityCookie call.

Line 
1#!/usr/local/NDG/ActivePython-2.4/bin/python
2
3"""Example NDG Security CGI service based on SecurityCGI base class
4
5NERC Data Grid Project
6
7P J Kershaw 25/05/06
8
9Copyright (C) 2006 CCLRC & NERC
10
11This software may be distributed under the terms of the Q Public License,
12version 1.0 or later.
13"""
14import os
15from NDG.SecurityCGI import *
16
17
18class TestSecurityCGI(SecurityCGI):
19    """CGI interface test class for NDG Security"""
20
21
22    #_________________________________________________________________________
23    def showLogin(self, returnURI=None, bAuthorise=False, **kwargs):
24        """Display initial NDG login form"""
25
26        if returnURI:
27            returnURIfield = \
28             "<input type=hidden name=\"returnURI\" value=\"%s\">" % returnURI
29        else:
30            returnURIfield = ''
31
32
33        if bAuthorise:
34            authoriseField = \
35                "<input type=hidden name=\"authorise\" value=\"1\">"
36        else:
37            authoriseField = ""
38
39
40        # Set authorisation method default
41        authorisationMethodChk = {  "allowMapping":              '',
42                                    "allowMappingWithPrompt" :   '',
43                                    "noMapping":                 ''}
44
45        if self._authorisationMethod is None:
46            # Default to safest option for user
47            authorisationMethodChk["allowMappingWithPrompt"] = ' checked'
48        else:
49            authorisationMethodChk[self._authorisationMethod] = ' checked'
50
51
52        print """Content-type: text/html
53
54<html>
55<head>
56<title>NDG Login</title>
57<style type=\"text/css\">
58<!--
59.al {
60text-align: justify
61}
62a{
63text-decoration:none;
64}
65a:hover{
66color:#0000FF;
67}
68    body { font-family: Verdana, sans-serif; font-size: 11}
69    table { font-family: Verdana, sans-serif; font-size: 11}
70-->
71</style>
72</head>
73<body>
74    <script language="javascript">
75        <!--
76            function toggleLayer(layerId)
77            {
78                if (document.getElementById)
79                {
80                    // Standard
81                    var style = document.getElementById(layerId).style;
82                }
83                else if (document.all)
84                {
85                    // Old msie versions
86                    var style = document.all[whichLayer].style;
87                }
88                else if (document.layers)
89                {
90                    // nn4
91                    var style = document.layers[whichLayer].style;
92                }
93                style.visibility = style.visibility == "visible" ?
94"hidden":"visible";            }
95        //-->
96    </script>
97    <h3>NERC Data Grid Site Login (Test)<BR clear=all></h3>
98    <hr>
99
100    <form action="%s" method="POST">
101
102    <table bgcolor=#ADD8E6 cellspacing=0 border=0 cellpadding=5>
103    <tbody>
104    <tr>
105      <td>User Name:</td>
106      <td><input type=text name="userName" value=""></td>
107    </tr>
108    <tr>
109      <td>Password:</td>
110      <td><input type=password name="passPhrase"></td>
111    </tr>
112    <tr>
113      <td colspan="2" align="right">
114        <a href="javascript:toggleLayer('advSettings');">
115        Advanced Settings
116        </a>
117        <input type=submit value="Login">
118      </td>
119    </tr>
120    <input type=hidden name="authenticate" value="1">
121    </tbody>
122    </table>
123    %s
124    %s
125    </form>
126</body>
127</html>"""  % (self.scriptName, returnURIfield, authoriseField)
128
129        print \
130"""    </tbody>
131    </table>
132    <br>
133    <div id="advSettings" style="position: relative; visibility: hidden;">
134      <h4>Role Mapping for access to other trusted sites</h4>
135      <p>Your account has roles or <i>privileges</i> which determine what data
136you have access to.  If you access data at another NDG trusted site, these
137roles can be mapped to local roles at that site to help you gain access:
138      </p>
139    <table bgcolor=#ADD8E6 cellspacing=0 border=0 cellpadding=5>
140    <tbody>
141      <tr>
142        <td><input type="radio" name="authorisationMethod"
143value="allowMapping"%s>
144        </td>
145        <td>
146        Allow my roles to be mapped to local roles at other NDG trusted sites.
147        </td>
148      </tr>
149      <tr>
150        <td>
151          <input type="radio" name="authorisationMethod"
152value="allowMappingWithPrompt"%s>
153        </td>
154        <td>
155            Allow my roles to be mapped, but prompt me so that I may choose
156which roles to map before gaining access.
157        </td>
158        <tr>
159        <td>
160          <input type="radio" name="authorisationMethod" value="noMapping"%s>
161        </td>
162        <td>
163          Don't allow mapping of my roles.
164        </td>
165        </tr>
166      </tbody>
167      </table>
168    </div>
169    </form>
170</body>
171</html>""" % (authorisationMethodChk['allowMapping'], \
172              authorisationMethodChk['allowMappingWithPrompt'], \
173              authorisationMethodChk['noMapping'])
174
175        # end of showLogin()
176
177
178    def showIdPsiteSelect(self, **kwargs):
179
180        if not self.trustedHostInfo:
181            self.getTrustedHostInfo()
182
183        print """Content-type: text/html
184
185<html>
186<head>
187    <title>Select site to retrieve credentials</title>
188    <style type=\"text/css\">
189    <!--
190    .al {
191    text-align: justify
192    }
193    a{
194    text-decoration:none;
195    }
196    a:hover{
197    color:#0000FF;
198    }
199        body { font-family: Verdana, sans-serif; font-size: 11}
200        table { font-family: Verdana, sans-serif; font-size: 11}
201    -->
202    </style>
203</head>
204<body>
205    <form action="%s" method="POST">
206    <table bgcolor=#ADD8E6 cellspacing=0 border=0 cellpadding=5>
207    <tbody>
208    <tr>
209      <td>
210        <select name="requestURI">
211          <option value="">Select your home site...""" % self.scriptName
212
213        for hostname, info in self.trustedHostInfo.items():
214            print "<option value=\"%s\">%s" % (info['loginURI'], hostname)
215
216        print \
217"""     </select>
218      </td>
219      <td align="right">
220        <input type=submit value="Go">
221      </td>
222    </tr>
223    </tbody>
224    </table>
225    </form>
226</body>
227</html>"""
228
229        # end of showIdPsiteSelect()
230
231
232    #_________________________________________________________________________
233    def showCredsReceived(self,
234                              sessCookie,
235                                                  pageTitle='',
236                                                  hdrTxt='',
237                                                  bodyTxt=''):
238        """Called from receiveCredsResponse() once a cookie has been created.
239        Makes a page to set the cookie and display to the user that they have
240        been authenticated.  Derived class should override this method as
241        required"""
242        print """Content-type: text/html
243%s
244
245<html>
246<head>
247<title>NDG Authentication</title>
248    <style type=\"text/css\">
249    <!--
250    .al {
251    text-align: justify
252    }
253    a{
254    text-decoration:none;
255    }
256    a:hover{
257    color:#0000FF;
258    }
259        body { font-family: Verdana, sans-serif; font-size: 11}
260        table { font-family: Verdana, sans-serif; font-size: 11}
261    -->
262    </style>
263</head>
264<body>
265    New cookie set from credentials transfered from other domain
266</body>
267</html>""" % sessCookie.output()
268
269
270#_____________________________________________________________________________
271if __name__ == "__main__":
272
273    smWSDL = "http://gabriel.bnsc.rl.ac.uk/sessionMgr.wsdl"
274    aaWSDL = 'http://gabriel.bnsc.rl.ac.uk/attAuthority.wsdl'
275
276    smPubKeyFilePath = "/usr/local/NDG/conf/certs/gabriel-sm-cert.pem"
277    aaPubKeyFilePath = "/usr/local/NDG/conf/certs/gabriel-aa-cert.pem"
278
279    clntPubKeyFilePath = "../certs/GabrielCGI-cert.pem"
280    clntPriKeyFilePath = "../certs/GabrielCGI-key.pem"
281
282    securityCGI = TestSecurityCGI(smWSDL,
283                                  aaWSDL,
284                                                                  scriptName=os.path.basename(__file__),
285                                  smPubKeyFilePath=smPubKeyFilePath,
286                                  aaPubKeyFilePath=aaPubKeyFilePath,
287                                  clntPubKeyFilePath=clntPubKeyFilePath,
288                                  clntPriKeyFilePath=clntPriKeyFilePath)
289    securityCGI()
Note: See TracBrowser for help on using the repository browser.