source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/lib/base.py @ 3892

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/lib/base.py@3892
Revision 3892, 2.2 KB checked in by pjkersha, 12 years ago (diff)
  • Big changes enabling modularised security from Discovery/Browse? Pylons code stack. Changes are for login only and don't include the Gatekeeper yet.
  • Updates to OpenID AuthKit? test code to enable kid templates.

ndg.security.server/ndg/security/server/sso/sso/config/ssoServiceMiddleware.py

  • include client in ndg.security.client.cfg class for globals - needed for server/sslServer config settings for SSO Client BaseController?
  • read WS-Security settings using ndg.security.common.wssecurity.WSSecurityConfig

ndg.security.server/ndg/security/server/sso/sso/controllers/login.py,
ndg.security.server/ndg/security/server/sso/sso/controllers/logout.py:

  • Give specific alias for kid templates to enable a separate security templates dir to ows_server

ndg.security.server/ndg/security/server/sso/sso/controllers/wayf.py:

  • ditto to above
  • fix to URL input into base 64 encode - convert from unicode to regular string as otherwise b64 code will fail

ndg.security.server/ndg/security/server/sso/sso/lib/base.py:

  • Provide full path to sso.* imports so that controllers can be imported across into ows_server or any other pylons code stack.
  • LoginServiceQuery? -> SSOServiceQuery

ndg.security.server/ndg/security/server/sso/sso/templates/ndg/security/wayf.kid:

  • got rid of login status info - it's confusing to the user

ndg.security.client/ndg/security/client/ssoclient/ssoClient.cfg:

  • added tracefile option for ZSI SOAP i/o display

ndg.security.client/ndg/security/client/ssoclient/ssoclient/config/ssoClientMiddleware.py:

  • SSOMiddleware interface changed to enable reading direct from an existing config object as well as from file

ndg.security.client/ndg/security/client/ssoclient/ssoclient/controllers/logout.py:

  • fixes for full path import statements + correct g config attr settings

ndg.security.client/ndg/security/client/ssoclient/ssoclient/lib/base.py:

  • enable processing of logout response from a separate SSO Service - logout flag in URL arg tells base controller to delete the security details from the cookie.

ndg.security.client/ndg/security/client/ssoclient/ssoclient/templates/ndg/security/ndgPage.kid: typo fix

Tests/authtest/development.ini,
Tests/authtest/authtest/config/environment.py,
Tests/authtest/authtest/controllers/auth.py:

  • enable kid template for OpenID signin

Tests/authtest/authtest/tests/functional/test_test2.py,
Tests/authtest/authtest/controllers/test2.py: test controller

ndg.security.common/ndg/security/common/wssecurity/init.py:

  • enable initialisation from an existing config file object

ndg.security.common/ndg/security/common/pylons/security_util.py:

ndg.security.common/ndg/security/common/init.py: fix to imports

ndg.security.common/ndg/security/common/wsSecurity.py: fix for altered WSSecurityConfig interface

ndg.security.common/ndg/security/common/m2CryptoSSLUtility.py:

  • fix to HostCheck?.call - check for peerCert is None when peer tries http instead of https
Line 
1"""The base Controller API
2
3Provides the BaseController class for subclassing, and other objects
4utilized by Controllers.
5"""
6from pylons import c, cache, config, g, request, response, session
7from pylons.controllers import WSGIController
8from pylons.controllers.util import abort, etag_cache, redirect_to
9from pylons.decorators import jsonify, validate
10from pylons.i18n import _, ungettext, N_
11from pylons.templating import render
12
13import ndg.security.server.sso.sso.lib.helpers as h
14import ndg.security.server.sso.sso.model as model
15
16import urllib
17from urlparse import urlsplit, urlunsplit
18from base64 import urlsafe_b64encode
19
20from ndg.security.common.pylons.security_util import setSecuritySession, \
21    SSOServiceQuery
22
23import logging
24log = logging.getLogger(__name__)
25
26class BaseControllerError(Exception):
27    "Error handling for BaseController"
28   
29class BaseController(WSGIController):
30    def __call__(self, environ, start_response):       
31        # Insert any code to be run per request here. The Routes match
32        # is under environ['pylons.routes_dict'] should you want to check
33        # the action or route vars here
34        log.debug("BaseController.__call__ ...")
35
36        # construct URL picking up setting of server name from config to
37        # avoid exposing absolute URL hidden behind mod_proxy see #857
38        # Also, avoid returning to getCredentials and potentially exposing
39        # username/pass-phrase on URL.
40        pathInfo = urllib.quote(environ.get('PATH_INFO', '')) 
41        if 'getCredentials' in pathInfo:
42            log.debug("Reverting request URL from getCredentials to login...")
43            c.requestURL = g.ndg.security.server.ssoservice.cfg.server+'/login'       
44        else:
45            c.requestURL = g.ndg.security.server.ssoservice.cfg.server+pathInfo
46            query='&'.join(["%s=%s" % item for item in request.params.items()])
47            if query:
48                c.requestURL += '?' + query
49
50        log.debug("BaseController.__call__: c.requestURL = %s" % c.requestURL)
51
52       
53        return WSGIController.__call__(self, environ, start_response)
54   
55# Include the '_' function in the public names
56__all__ = [__name for __name in locals().keys() if not __name.startswith('_') \
57           or __name == '_']
Note: See TracBrowser for help on using the repository browser.