source: TI12-security/trunk/python/ @ 3892

Subversion URL:
Revision 3892, 2.2 KB checked in by pjkersha, 12 years ago (diff)
  • Big changes enabling modularised security from Discovery/Browse? Pylons code stack. Changes are for login only and don't include the Gatekeeper yet.
  • Updates to OpenID AuthKit? test code to enable kid templates.

  • include client in class for globals - needed for server/sslServer config settings for SSO Client BaseController?
  • read WS-Security settings using,

  • Give specific alias for kid templates to enable a separate security templates dir to ows_server

  • ditto to above
  • fix to URL input into base 64 encode - convert from unicode to regular string as otherwise b64 code will fail

  • Provide full path to sso.* imports so that controllers can be imported across into ows_server or any other pylons code stack.
  • LoginServiceQuery? -> SSOServiceQuery

  • got rid of login status info - it's confusing to the user

  • added tracefile option for ZSI SOAP i/o display

  • SSOMiddleware interface changed to enable reading direct from an existing config object as well as from file

  • fixes for full path import statements + correct g config attr settings

  • enable processing of logout response from a separate SSO Service - logout flag in URL arg tells base controller to delete the security details from the cookie. typo fix


  • enable kid template for OpenID signin

Tests/authtest/authtest/controllers/ test controller

  • enable initialisation from an existing config file object fix to imports fix for altered WSSecurityConfig interface

  • fix to HostCheck?.call - check for peerCert is None when peer tries http instead of https
1"""The base Controller API
3Provides the BaseController class for subclassing, and other objects
4utilized by Controllers.
6from pylons import c, cache, config, g, request, response, session
7from pylons.controllers import WSGIController
8from pylons.controllers.util import abort, etag_cache, redirect_to
9from pylons.decorators import jsonify, validate
10from pylons.i18n import _, ungettext, N_
11from pylons.templating import render
13import as h
14import as model
16import urllib
17from urlparse import urlsplit, urlunsplit
18from base64 import urlsafe_b64encode
20from import setSecuritySession, \
21    SSOServiceQuery
23import logging
24log = logging.getLogger(__name__)
26class BaseControllerError(Exception):
27    "Error handling for BaseController"
29class BaseController(WSGIController):
30    def __call__(self, environ, start_response):       
31        # Insert any code to be run per request here. The Routes match
32        # is under environ['pylons.routes_dict'] should you want to check
33        # the action or route vars here
34        log.debug("BaseController.__call__ ...")
36        # construct URL picking up setting of server name from config to
37        # avoid exposing absolute URL hidden behind mod_proxy see #857
38        # Also, avoid returning to getCredentials and potentially exposing
39        # username/pass-phrase on URL.
40        pathInfo = urllib.quote(environ.get('PATH_INFO', '')) 
41        if 'getCredentials' in pathInfo:
42            log.debug("Reverting request URL from getCredentials to login...")
43            c.requestURL ='/login'       
44        else:
45            c.requestURL =
46            query='&'.join(["%s=%s" % item for item in request.params.items()])
47            if query:
48                c.requestURL += '?' + query
50        log.debug("BaseController.__call__: c.requestURL = %s" % c.requestURL)
53        return WSGIController.__call__(self, environ, start_response)
55# Include the '_' function in the public names
56__all__ = [__name for __name in locals().keys() if not __name.startswith('_') \
57           or __name == '_']
Note: See TracBrowser for help on using the repository browser.