source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/lib/base.py @ 3914

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/lib/base.py@3914
Revision 3914, 2.6 KB checked in by pjkersha, 12 years ago (diff)
  • New ndg.security.common.zsi_util.httpproxy.ProxyHTTPConnection class replaces urllib2client - easier to fit into existing ZSI client framework.
  • Further OpenID integration into Single Sign On Service. User now authenticates OK but patches needed to AuthKit? + need to handle return_to URL dynamically according to page visited before WAYF call.
Line 
1"""The base Controller API
2
3Provides the BaseController class for subclassing, and other objects
4utilized by Controllers.
5"""
6from pylons import c, cache, config, g, request, response, session
7from pylons.controllers import WSGIController
8from pylons.controllers.util import abort, etag_cache, redirect_to
9from pylons.decorators import jsonify, validate
10from pylons.i18n import _, ungettext, N_
11from pylons.templating import render
12
13import ndg.security.server.sso.sso.lib.helpers as h
14import ndg.security.server.sso.sso.model as model
15from ndg.security.common.pylons.security_util import setSecuritySession, \
16    session
17
18import urllib
19import logging
20log = logging.getLogger(__name__)
21
22class BaseControllerError(Exception):
23    "Error handling for BaseController"
24   
25class BaseController(WSGIController):
26    def __call__(self, environ, start_response):       
27        # Insert any code to be run per request here. The Routes match
28        # is under environ['pylons.routes_dict'] should you want to check
29        # the action or route vars here
30        #log.debug("BaseController.__call__ ...")
31
32        # construct URL picking up setting of server name from config to
33        # avoid exposing absolute URL hidden behind mod_proxy see #857
34        # Also, avoid returning to getCredentials and potentially exposing
35        # username/pass-phrase on URL.
36        pathInfo = urllib.quote(environ.get('PATH_INFO', '')) 
37        if 'getCredentials' in pathInfo:
38            log.debug("Reverting request URL from getCredentials to login...")
39            c.requestURL = g.ndg.security.server.ssoservice.cfg.server+'/login'       
40        else:
41            c.requestURL = g.ndg.security.server.ssoservice.cfg.server+pathInfo
42            query='&'.join(["%s=%s" % item for item in request.params.items()])
43            if query:
44                c.requestURL += '?' + query
45
46        #log.debug("BaseController.__call__: c.requestURL = %s" % c.requestURL)
47        self._openidHandler(environ)
48       
49        return WSGIController.__call__(self, environ, start_response)
50   
51    def _openidHandler(self, environ):
52        if 'REMOTE_USER' not in environ:
53            return
54       
55        if 'ndgSec' in session and \
56           environ['REMOTE_USER'] == session['ndgSec']['u']:
57            return
58       
59        setSecuritySession(h=None,
60                           u=environ['REMOTE_USER'],
61                           org=environ['REMOTE_USER'],
62                           roles=[],
63                           sid=None)
64        session.save()
65     
66# Include the '_' function in the public names
67__all__ = [__name for __name in locals().keys() if not __name.startswith('_') \
68           or __name == '_']
Note: See TracBrowser for help on using the repository browser.