source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/lib/base.py @ 3676

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/lib/base.py@3676
Revision 3676, 3.0 KB checked in by pjkersha, 11 years ago (diff)

Added Timestamp capability to wsSecurity module. Currently testing against Apache2 Rampart.

Line 
1"""The base Controller API
2
3Provides the BaseController class for subclassing, and other objects
4utilized by Controllers.
5"""
6from pylons import c, cache, config, g, request, response, session
7from pylons.controllers import WSGIController
8from pylons.controllers.util import abort, etag_cache, redirect_to
9from pylons.decorators import jsonify, validate
10from pylons.i18n import _, ungettext, N_
11from pylons.templating import render
12
13import sso.lib.helpers as h
14import sso.model as model
15
16import urllib
17from urlparse import urlsplit, urlunsplit
18from base64 import urlsafe_b64encode
19
20from sso.lib.security_util import setSecuritySession, LoginServiceQuery
21
22import logging
23log = logging.getLogger(__name__)
24
25class BaseControllerError(Exception):
26    "Error handling for BaseController"
27   
28class BaseController(WSGIController):
29    count = 0
30    def __call__(self, environ, start_response):       
31        # Insert any code to be run per request here. The Routes match
32        # is under environ['pylons.routes_dict'] should you want to check
33        # the action or route vars here
34        BaseController.count += 1
35        log.debug("BaseController.__call__ %02d ..." % BaseController.count)
36
37        # construct URL picking up setting of server name from config to
38        # avoid exposing absolute URL hidden behind mod_proxy see #857
39        # Also, avoid returning to getCredentials and potentially exposing
40        # username/pass-phrase on URL.
41        pathInfo = urllib.quote(environ.get('PATH_INFO', '')) 
42        if 'getCredentials' in pathInfo:
43            log.debug("Reverting request URL from getCredentials to login...")
44            c.requestURL = g.securityCfg.server + '/login'       
45        else:
46            c.requestURL = g.securityCfg.server + pathInfo
47            query='&'.join(["%s=%s" % item for item in request.params.items()])
48            if query:
49                c.requestURL += '?' + query
50
51        log.debug("BaseController.__call__: c.requestURL = %s" % c.requestURL)
52       
53        if 'h' in request.params:
54            # 'h' corresponds to the setting of a session manager host i.e.
55            # the request has come from a completed login from the login
56            # service
57            log.debug("Setting security session from URL query args ...")
58           
59            # Copy the query arguments into security session keys
60            setSecuritySession()
61           
62            session.save()
63           
64            # Re-construct the URL removing the security related arguments
65            qs = LoginServiceQuery.stripFromURI()
66
67            log.debug('Switching from https to http...')
68            cc = g.securityCfg.server+urllib.quote(environ.get('PATH_INFO',''))
69            if qs:
70                cc += "?" + qs
71               
72            log.debug('URL transport switched to http: "%s"' % cc)
73            redirect_to(cc)
74
75       
76        return WSGIController.__call__(self, environ, start_response)
77   
78# Include the '_' function in the public names
79__all__ = [__name for __name in locals().keys() if not __name.startswith('_') \
80           or __name == '_']
Note: See TracBrowser for help on using the repository browser.