source: TI12-security/trunk/python/ndg.security.client/ndg/security/client/ssoclient/ssoclient/lib/base.py @ 3892

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.client/ndg/security/client/ssoclient/ssoclient/lib/base.py@3892
Revision 3892, 4.2 KB checked in by pjkersha, 12 years ago (diff)
  • Big changes enabling modularised security from Discovery/Browse? Pylons code stack. Changes are for login only and don't include the Gatekeeper yet.
  • Updates to OpenID AuthKit? test code to enable kid templates.

ndg.security.server/ndg/security/server/sso/sso/config/ssoServiceMiddleware.py

  • include client in ndg.security.client.cfg class for globals - needed for server/sslServer config settings for SSO Client BaseController?
  • read WS-Security settings using ndg.security.common.wssecurity.WSSecurityConfig

ndg.security.server/ndg/security/server/sso/sso/controllers/login.py,
ndg.security.server/ndg/security/server/sso/sso/controllers/logout.py:

  • Give specific alias for kid templates to enable a separate security templates dir to ows_server

ndg.security.server/ndg/security/server/sso/sso/controllers/wayf.py:

  • ditto to above
  • fix to URL input into base 64 encode - convert from unicode to regular string as otherwise b64 code will fail

ndg.security.server/ndg/security/server/sso/sso/lib/base.py:

  • Provide full path to sso.* imports so that controllers can be imported across into ows_server or any other pylons code stack.
  • LoginServiceQuery? -> SSOServiceQuery

ndg.security.server/ndg/security/server/sso/sso/templates/ndg/security/wayf.kid:

  • got rid of login status info - it's confusing to the user

ndg.security.client/ndg/security/client/ssoclient/ssoClient.cfg:

  • added tracefile option for ZSI SOAP i/o display

ndg.security.client/ndg/security/client/ssoclient/ssoclient/config/ssoClientMiddleware.py:

  • SSOMiddleware interface changed to enable reading direct from an existing config object as well as from file

ndg.security.client/ndg/security/client/ssoclient/ssoclient/controllers/logout.py:

  • fixes for full path import statements + correct g config attr settings

ndg.security.client/ndg/security/client/ssoclient/ssoclient/lib/base.py:

  • enable processing of logout response from a separate SSO Service - logout flag in URL arg tells base controller to delete the security details from the cookie.

ndg.security.client/ndg/security/client/ssoclient/ssoclient/templates/ndg/security/ndgPage.kid: typo fix

Tests/authtest/development.ini,
Tests/authtest/authtest/config/environment.py,
Tests/authtest/authtest/controllers/auth.py:

  • enable kid template for OpenID signin

Tests/authtest/authtest/tests/functional/test_test2.py,
Tests/authtest/authtest/controllers/test2.py: test controller

ndg.security.common/ndg/security/common/wssecurity/init.py:

  • enable initialisation from an existing config file object

ndg.security.common/ndg/security/common/pylons/security_util.py:

ndg.security.common/ndg/security/common/init.py: fix to imports

ndg.security.common/ndg/security/common/wsSecurity.py: fix for altered WSSecurityConfig interface

ndg.security.common/ndg/security/common/m2CryptoSSLUtility.py:

  • fix to HostCheck?.call - check for peerCert is None when peer tries http instead of https
Line 
1"""The base Controller API
2
3Provides the BaseController class for subclassing, and other objects
4utilized by Controllers.
5"""
6from pylons import c, cache, config, g, request, response, session
7from pylons.controllers import WSGIController
8from pylons.controllers.util import abort, etag_cache, redirect_to
9from pylons.decorators import jsonify, validate
10from pylons.i18n import _, ungettext, N_
11from pylons.templating import render
12
13import ndg.security.client.ssoclient.ssoclient.lib.helpers as h
14import ndg.security.client.ssoclient.ssoclient.model as model
15
16import urllib
17from urlparse import urlsplit, urlunsplit
18from base64 import urlsafe_b64encode
19
20from ndg.security.common.pylons.security_util import setSecuritySession, \
21    SSOServiceQuery, SecuritySession
22
23import logging
24log = logging.getLogger(__name__)
25
26class BaseControllerError(Exception):
27    "Error handling for BaseController"
28   
29class BaseController(WSGIController):
30
31    def __before__(self):
32        '''Strip query arguments from a Login Service request and redirect from
33        https -> http
34       
35        Moved this code from __call__ because redirect_to doesn't work from
36        BaaseController.__call__.  I suspect this is a problem introduced
37        with change from Pylons 0.9.5 -> 0.9.6.  See:
38       
39        http://pylonshq.com/irclogs/%23pylons/%23pylons.2007-08-30.log.html'''
40       
41        log.debug("BaseController.__before__ ...")
42        if 'h' in request.params:
43            # 'h' corresponds to the setting of a session manager host i.e.
44            # the request has come from a completed login from the login
45            # service
46            log.debug("Setting security session from URL query args ...")
47           
48            # Copy the query arguments into security session keys
49            setSecuritySession()           
50            session.save()
51           
52            log.debug('Switching from https to http...')
53            returnToURL = g.ndg.security.client.ssoclient.cfg.server + \
54                self.pathInfo
55
56            # Reconstruct the URL removing the security related arguments
57            qs = SSOServiceQuery.stripFromURI()
58            if qs:
59                returnToURL += "?" + qs
60               
61            log.debug('URL transport switched to http: "%s"' % returnToURL)
62            h.redirect_to(returnToURL)
63           
64        elif 'logout' in request.params:
65            # Request comes from a successful logout call.  Clean up any
66            # security cookies in this domain
67            log.debug("Removing security details following logout ...")
68
69            returnToURL = g.ndg.security.client.ssoclient.cfg.server + \
70                self.pathInfo
71               
72            # Reconstruct the URL removing the logout flag argument
73            qs = SSOServiceQuery.stripFromURI('logout')
74            if qs:
75                returnToURL += "?" + qs
76           
77            # Delete security session cookie details
78            SecuritySession.delete()
79           
80            # Redirect to cleaned up URL
81            h.redirect_to(returnToURL)
82                         
83                         
84    def __call__(self, environ, start_response):       
85        # Insert any code to be run per request here. The Routes match
86        # is under environ['pylons.routes_dict'] should you want to check
87        # the action or route vars here
88        log.debug("BaseController.__call__: %s ..." % \
89                                                environ['pylons.routes_dict'])
90
91        log.debug("_"*80)
92        log.debug("environ = %s" % environ)
93        log.debug("_"*80)
94       
95        self.pathInfo = urllib.quote(environ.get('PATH_INFO', '')) 
96
97        # construct URL picking up setting of server name from config to
98        # avoid exposing absolute URL hidden behind mod_proxy see #857
99        c.requestURL = g.ndg.security.client.ssoclient.cfg.server + \
100            self.pathInfo
101        qs = '&'.join(["%s=%s" % item for item in request.params.items()])
102        if qs:
103            c.requestURL += '?' + qs
104
105        self._environ = environ
106       
107        return WSGIController.__call__(self, environ, start_response)
108   
109# Include the '_' function in the public names
110__all__ = [__name for __name in locals().keys() if not __name.startswith('_') \
111           or __name == '_']
Note: See TracBrowser for help on using the repository browser.