source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/controllers/logout.py @ 3892

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/controllers/logout.py@3892
Revision 3892, 4.0 KB checked in by pjkersha, 12 years ago (diff)
  • Big changes enabling modularised security from Discovery/Browse? Pylons code stack. Changes are for login only and don't include the Gatekeeper yet.
  • Updates to OpenID AuthKit? test code to enable kid templates.

ndg.security.server/ndg/security/server/sso/sso/config/ssoServiceMiddleware.py

  • include client in ndg.security.client.cfg class for globals - needed for server/sslServer config settings for SSO Client BaseController?
  • read WS-Security settings using ndg.security.common.wssecurity.WSSecurityConfig

ndg.security.server/ndg/security/server/sso/sso/controllers/login.py,
ndg.security.server/ndg/security/server/sso/sso/controllers/logout.py:

  • Give specific alias for kid templates to enable a separate security templates dir to ows_server

ndg.security.server/ndg/security/server/sso/sso/controllers/wayf.py:

  • ditto to above
  • fix to URL input into base 64 encode - convert from unicode to regular string as otherwise b64 code will fail

ndg.security.server/ndg/security/server/sso/sso/lib/base.py:

  • Provide full path to sso.* imports so that controllers can be imported across into ows_server or any other pylons code stack.
  • LoginServiceQuery? -> SSOServiceQuery

ndg.security.server/ndg/security/server/sso/sso/templates/ndg/security/wayf.kid:

  • got rid of login status info - it's confusing to the user

ndg.security.client/ndg/security/client/ssoclient/ssoClient.cfg:

  • added tracefile option for ZSI SOAP i/o display

ndg.security.client/ndg/security/client/ssoclient/ssoclient/config/ssoClientMiddleware.py:

  • SSOMiddleware interface changed to enable reading direct from an existing config object as well as from file

ndg.security.client/ndg/security/client/ssoclient/ssoclient/controllers/logout.py:

  • fixes for full path import statements + correct g config attr settings

ndg.security.client/ndg/security/client/ssoclient/ssoclient/lib/base.py:

  • enable processing of logout response from a separate SSO Service - logout flag in URL arg tells base controller to delete the security details from the cookie.

ndg.security.client/ndg/security/client/ssoclient/ssoclient/templates/ndg/security/ndgPage.kid: typo fix

Tests/authtest/development.ini,
Tests/authtest/authtest/config/environment.py,
Tests/authtest/authtest/controllers/auth.py:

  • enable kid template for OpenID signin

Tests/authtest/authtest/tests/functional/test_test2.py,
Tests/authtest/authtest/controllers/test2.py: test controller

ndg.security.common/ndg/security/common/wssecurity/init.py:

  • enable initialisation from an existing config file object

ndg.security.common/ndg/security/common/pylons/security_util.py:

ndg.security.common/ndg/security/common/init.py: fix to imports

ndg.security.common/ndg/security/common/wsSecurity.py: fix for altered WSSecurityConfig interface

ndg.security.common/ndg/security/common/m2CryptoSSLUtility.py:

  • fix to HostCheck?.call - check for peerCert is None when peer tries http instead of https
Line 
1from ndg.security.server.sso.sso.lib.base import *
2from ndg.security.common.pylons.security_util import SecuritySession
3import logging
4log = logging.getLogger(__name__)
5
6import sys # include in case tracefile is set to sys.stderr
7import base64 # decode the return to address
8from urlparse import urlsplit, urlunsplit
9
10from ndg.security.common.SessionMgr import SessionMgrClient
11
12
13class LogoutController(BaseController):
14    '''Provides the pylons controller for logging out and removing security
15    session cookie content
16    '''
17
18    def index(self):
19        '''Logout - remove session from Session Manager tidy up cookie'''
20
21        log.info("LogoutController.index ...")
22       
23
24        if 'ndgSec' not in session:
25            # There's no handle to a security session
26            log.error("logout called but no 'ndgSec' key in session object")
27            return self._redirect()
28       
29        try:
30            smClnt = SessionMgrClient(uri=session['ndgSec']['h'],
31                    tracefile=g.ndg.security.server.ssoservice.cfg.tracefile,
32                    **g.ndg.security.server.ssoservice.cfg.wss)       
33        except Exception, e:
34            log.error("logout - creating Session Manager client: %s" % e)
35            return self._cleanupAndRedirect() 
36       
37        # Disconnect from Session Manager
38        log.info('Calling Session Manager "%s" disconnect for logout...' % \
39                 session['ndgSec']['h'])
40        try:
41            smClnt.disconnect(sessID=session['ndgSec']['sid'])
42        except Exception, e:
43            log.error("Error with Session Manager logout: %s" % e)
44            # don't exit here - instead proceed to delete session and
45            # redirect ...
46
47        return self._cleanupAndRedirect()
48
49
50    def _cleanupAndRedirect(self):
51        """Remove security session and call _redirect"""
52        try:
53            # easy to kill our cookie
54            SecuritySession.delete()
55            if 'ndgCleared' in session: del session['ndgCleared']
56            session.save()
57           
58        except Exception, e:   
59            log.error("logout - clearing security session: %s" % e)
60
61        return self._redirect()
62   
63   
64    def _redirect(self):
65        """Handle redirect back to previous page"""
66       
67        # Redirect URL is held in 'r' URL arg of this request
68        b64encReturnTo = str(request.params.get('r', ''))
69
70        if b64encReturnTo:
71            # Decode the return to address
72            try:
73                b64decReturnTo = base64.urlsafe_b64decode(b64encReturnTo)
74            except Exception, e:
75                log.error("logout - decoding return URL: %s" % e) 
76                c.xml = "Error carrying out browser redirect following logout"
77                return render('ndg.security.kid', 'ndg.security.error')
78           
79            # Check for 'getCredentials' - avoid in case username/password
80            # contained in the URL!
81            getCredentialsIdx = b64decReturnTo.rfind('/getCredentials')
82            if getCredentialsIdx != -1:
83                log.debug(\
84                    "Reverting request URL from getCredentials to login...")
85                b64decReturnTo = b64decReturnTo[:getCredentialsIdx] + '/login'
86           
87            # Add flag indicating to caller that logout succeeded.  The caller
88            # can use this to remove any security cookie present in their
89            # domain - See:
90            # ndg.security.client.ssoclient.ssoclient.lib.base.BaseController
91            if '?' in b64decReturnTo:
92                b64decReturnTo += '&logout=1'
93            else:
94                b64decReturnTo += '?logout=1'
95
96            # and now go back to whence we had come
97            log.debug("LogoutController._redirect: redirect to %s" % \
98                                                              b64decReturnTo)
99            h.redirect_to(b64decReturnTo)
100        else:
101            log.debug("LogoutController._redirect: no redirect URL set.")
102            return render('ndg.security.kid', 'ndg.security.error')
Note: See TracBrowser for help on using the repository browser.