source: TI12-security/trunk/python/ndg.security.client/ndg/security/client/ssoclient/ssoclient/controllers/logout.py @ 3892

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.client/ndg/security/client/ssoclient/ssoclient/controllers/logout.py@3892
Revision 3892, 3.6 KB checked in by pjkersha, 12 years ago (diff)
  • Big changes enabling modularised security from Discovery/Browse? Pylons code stack. Changes are for login only and don't include the Gatekeeper yet.
  • Updates to OpenID AuthKit? test code to enable kid templates.

ndg.security.server/ndg/security/server/sso/sso/config/ssoServiceMiddleware.py

  • include client in ndg.security.client.cfg class for globals - needed for server/sslServer config settings for SSO Client BaseController?
  • read WS-Security settings using ndg.security.common.wssecurity.WSSecurityConfig

ndg.security.server/ndg/security/server/sso/sso/controllers/login.py,
ndg.security.server/ndg/security/server/sso/sso/controllers/logout.py:

  • Give specific alias for kid templates to enable a separate security templates dir to ows_server

ndg.security.server/ndg/security/server/sso/sso/controllers/wayf.py:

  • ditto to above
  • fix to URL input into base 64 encode - convert from unicode to regular string as otherwise b64 code will fail

ndg.security.server/ndg/security/server/sso/sso/lib/base.py:

  • Provide full path to sso.* imports so that controllers can be imported across into ows_server or any other pylons code stack.
  • LoginServiceQuery? -> SSOServiceQuery

ndg.security.server/ndg/security/server/sso/sso/templates/ndg/security/wayf.kid:

  • got rid of login status info - it's confusing to the user

ndg.security.client/ndg/security/client/ssoclient/ssoClient.cfg:

  • added tracefile option for ZSI SOAP i/o display

ndg.security.client/ndg/security/client/ssoclient/ssoclient/config/ssoClientMiddleware.py:

  • SSOMiddleware interface changed to enable reading direct from an existing config object as well as from file

ndg.security.client/ndg/security/client/ssoclient/ssoclient/controllers/logout.py:

  • fixes for full path import statements + correct g config attr settings

ndg.security.client/ndg/security/client/ssoclient/ssoclient/lib/base.py:

  • enable processing of logout response from a separate SSO Service - logout flag in URL arg tells base controller to delete the security details from the cookie.

ndg.security.client/ndg/security/client/ssoclient/ssoclient/templates/ndg/security/ndgPage.kid: typo fix

Tests/authtest/development.ini,
Tests/authtest/authtest/config/environment.py,
Tests/authtest/authtest/controllers/auth.py:

  • enable kid template for OpenID signin

Tests/authtest/authtest/tests/functional/test_test2.py,
Tests/authtest/authtest/controllers/test2.py: test controller

ndg.security.common/ndg/security/common/wssecurity/init.py:

  • enable initialisation from an existing config file object

ndg.security.common/ndg/security/common/pylons/security_util.py:

ndg.security.common/ndg/security/common/init.py: fix to imports

ndg.security.common/ndg/security/common/wsSecurity.py: fix for altered WSSecurityConfig interface

ndg.security.common/ndg/security/common/m2CryptoSSLUtility.py:

  • fix to HostCheck?.call - check for peerCert is None when peer tries http instead of https
Line 
1from ndg.security.client.ssoclient.ssoclient.lib.base import *
2
3log = logging.getLogger(__name__)
4
5from ndg.security.common.pylons.security_util import SecuritySession
6import logging
7log = logging.getLogger(__name__)
8
9import sys # include in case tracefile is set to sys.stderr
10import base64 # decode the return to address
11from urlparse import urlsplit, urlunsplit
12
13from ndg.security.common.SessionMgr import SessionMgrClient
14
15
16class LogoutController(BaseController):
17    '''Provides the pylons controller for logging out and removing security
18    session cookie content
19    '''
20 
21    def index(self):
22        '''Logout - remove session from Session Manager tidy up cookie'''
23
24        log.debug("LogoutController.index ...")
25       
26
27        if 'ndgSec' not in session:
28            # There's no handle to a security session
29            log.error("logout called but no 'ndgSec' key in session object")
30            return self._redirect()
31       
32        try:
33            smClnt = SessionMgrClient(uri=session['ndgSec']['h'],
34                    tracefile=g.ndg.security.client.ssoclient.cfg.tracefile,
35                    **g.ndg.security.client.ssoclient.cfg.wss)       
36        except Exception, e:
37            log.error("logout - creating Session Manager client: %s" % e)
38            return self._cleanupAndRedirect() 
39       
40        # Disconnect from Session Manager
41        log.info('Calling Session Manager "%s" disconnect for logout...' % \
42                 session['ndgSec']['h'])
43        try:
44            smClnt.disconnect(sessID=session['ndgSec']['sid'])
45        except Exception, e:
46            log.error("Error with Session Manager logout: %s" % e)
47            # don't exit here - instead proceed to delete session and
48            # redirect ...
49
50        return self._cleanupAndRedirect()
51
52
53    def _cleanupAndRedirect(self):
54        """Remove security session and call _redirect"""
55        log.debug("LogoutController._cleanupAndRedirect...")
56       
57        try:
58            # easy to kill our cookie
59            SecuritySession.delete()
60            if 'ndgCleared' in session: del session['ndgCleared']
61            session.save()
62           
63        except Exception, e:   
64            log.error("logout - clearing security session: %s" % e)
65
66        return self._redirect()
67   
68   
69    def _redirect(self):
70        """Handle redirect back to previous page"""
71       
72        # Redirect URL is held in 'r' URL arg of this request
73        b64encReturnTo = str(request.params.get('r', ''))
74
75        if b64encReturnTo:
76            # Decode the return to address
77            try:
78                b64decReturnTo = base64.urlsafe_b64decode(b64encReturnTo)
79            except Exception, e:
80                log.error("logout - decoding return URL: %s" % e) 
81                c.xml = "Error carrying out browser redirect following logout"
82                return render('ndg.security.error')
83           
84            # Check for 'getCredentials' - avoid in case username/password
85            # contained in the URL!
86            getCredentialsIdx = b64decReturnTo.rfind('/getCredentials')
87            if getCredentialsIdx != -1:
88                log.debug(\
89                    "Reverting request URL from getCredentials to login...")
90                b64decReturnTo = b64decReturnTo[:getCredentialsIdx] + '/login'
91           
92            # and now go back to whence we had come
93            log.debug("LogoutController._redirect: redirect to %s" % \
94                                                              b64decReturnTo)
95            h.redirect_to(b64decReturnTo)
96        else:
97            log.debug("LogoutController._redirect: no redirect URL set.")
98            return render('ndg.security.error')
Note: See TracBrowser for help on using the repository browser.