source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/lib/base.py @ 3918

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/lib/base.py@3918
Revision 3918, 2.6 KB checked in by pjkersha, 12 years ago (diff)

Initial Integration of Single Sign On Service with OpenID and Pylons AuthKit?:

  • WAYF now contains an OpenID textbox for sign in
  • No role integration carried out yet - OpenID has no better privileges than an anonymous user(!)
  • Integrated into Authkit - requires lots of config settings in pylons ini file
  • HTTP 401 error get redirected automatically to WAYF
  • Need to create an AuthKit? egg from SVN 151 checkout - will put on NDG dist
Line 
1"""The base Controller API
2
3Provides the BaseController class for subclassing, and other objects
4utilized by Controllers.
5"""
6from pylons import c, cache, config, g, request, response, session
7from pylons.controllers import WSGIController
8from pylons.controllers.util import abort, etag_cache, redirect_to
9from pylons.decorators import jsonify, validate
10from pylons.i18n import _, ungettext, N_
11from pylons.templating import render
12
13import ndg.security.server.sso.sso.lib.helpers as h
14import ndg.security.server.sso.sso.model as model
15from ndg.security.common.pylons.security_util import setSecuritySession, \
16    session
17
18import urllib
19import logging
20log = logging.getLogger(__name__)
21
22class BaseControllerError(Exception):
23    "Error handling for BaseController"
24   
25class BaseController(WSGIController):
26    def __call__(self, environ, start_response):       
27        # Insert any code to be run per request here. The Routes match
28        # is under environ['pylons.routes_dict'] should you want to check
29        # the action or route vars here
30        #log.debug("BaseController.__call__ ...")
31
32        # construct URL picking up setting of server name from config to
33        # avoid exposing absolute URL hidden behind mod_proxy see #857
34        # Also, avoid returning to getCredentials and potentially exposing
35        # username/pass-phrase on URL.
36        pathInfo = urllib.quote(environ.get('PATH_INFO', '')) 
37        if 'getCredentials' in pathInfo:
38            log.debug("Reverting request URL from getCredentials to login...")
39            c.requestURL = g.ndg.security.server.sso.cfg.server+'/login'       
40        else:
41            c.requestURL = g.ndg.security.server.sso.cfg.server+pathInfo
42            query='&'.join(["%s=%s" % item for item in request.params.items()])
43            if query:
44                c.requestURL += '?' + query
45
46        self._openidHandler(environ)
47       
48        return WSGIController.__call__(self, environ, start_response)
49   
50    def _openidHandler(self, environ):
51        if 'REMOTE_USER' not in environ:
52            return
53       
54        if 'ndgSec' in session and \
55           environ['REMOTE_USER'] == session['ndgSec']['u']:
56            return
57       
58        setSecuritySession(h=None,
59                           u=environ['REMOTE_USER'],
60                           org=environ['REMOTE_USER'],
61                           roles=['OpenIDUser'],
62                           sid=None)
63        session.save()
64     
65# Include the '_' function in the public names
66__all__ = [__name for __name in locals().keys() if not __name.startswith('_') \
67           or __name == '_']
Note: See TracBrowser for help on using the repository browser.