source: TI12-security/trunk/python/ndg_security_server/ndg/security/server/wsgi/openid/provider/authninterface/__init__.py @ 5929

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg_security_server/ndg/security/server/wsgi/openid/provider/authninterface/__init__.py@5929
Revision 5929, 6.3 KB checked in by pjkersha, 10 years ago (diff)

Working unit tests for MyProxy? SAML Attribute assertion callout. TODO: add console script entry point.

Line 
1"""WSGI Middleware components - OpenID package Authentication Interface
2plugins sub-package
3
4NERC DataGrid Project"""
5__author__ = "P J Kershaw"
6__date__ = "05/12/08"
7__copyright__ = "(C) 2009 Science and Technology Facilities Council"
8__license__ = "BSD - see LICENSE file in top-level directory"
9__contact__ = "Philip.Kershaw@stfc.ac.uk"
10__revision__ = '$Id$'
11import logging
12log = logging.getLogger(__name__)
13
14class AuthNInterfaceError(Exception):
15    """Base class for AbstractAuthNInterface exceptions
16   
17    A standard message is raised set by the msg class variable but the actual
18    exception details are logged to the error log.  The use of a standard
19    message enables callers to use its content for user error messages.
20   
21    @type msg: basestring
22    @cvar msg: standard message to be raised for this exception"""
23    userMsg = ("An internal error occurred during login,  Please contact your "
24               "system administrator")
25    errorMsg = "AuthNInterface error"
26   
27    def __init__(self, *arg, **kw):
28        if len(arg) > 0:
29            msg = arg[0]
30        else:
31            msg = self.__class__.errorMsg
32           
33        log.error(msg)
34        Exception.__init__(self, msg, **kw)
35       
36       
37class AuthNInterfaceInvalidCredentials(AuthNInterfaceError):
38    """User has provided incorrect username/password.  Raise from logon"""
39    userMsg = ("Invalid username / password provided.  Please try again.  If "
40               "the problem persists please contact your system "
41               "administrator")
42    errorMsg = "Invalid username/password provided"
43
44
45class AuthNInterfaceUsername2IdentifierMismatch(AuthNInterfaceError): 
46    """User has provided a username which doesn't match the identifier from
47    the OpenID URL that they provided.  DOESN'T apply to ID Select mode where
48    the user has given a generic URL for their OpenID Provider."""
49    userMsg = ("Invalid username for the OpenID entered.  Please ensure you "
50               "have the correct OpenID and username and try again.  If the "
51               "problem persists contact your system administrator")
52    errorMsg = "invalid username / OpenID identifier combination"
53   
54   
55class AuthNInterfaceRetrieveError(AuthNInterfaceError):
56    """Error with retrieval of information to authenticate user e.g. error with
57    database look-up.  Raise from logon"""
58    errorMsg = ("An error occurred retrieving information to check the login "
59                "credentials")
60
61
62class AuthNInterfaceInitError(AuthNInterfaceError):
63    """Error with initialisation of AuthNInterface.  Raise from __init__"""
64    errorMsg = "AuthNInterface initialisation error"
65   
66   
67class AuthNInterfaceConfigError(AuthNInterfaceError):
68    """Error with Authentication configuration.  Raise from __init__"""
69    errorMsg = "AuthNInterface configuration error"
70   
71   
72class AbstractAuthNInterface(object):
73    '''OpenID Provider abstract base class for authentication configuration.
74    Derive from this class to define the authentication interface for users
75    logging into the OpenID Provider'''
76    __slots__ = ()
77   
78    def __init__(self, **prop):
79        """Make any initial settings
80       
81        Settings are held in a dictionary which can be set from **prop,
82        a call to setProperties() or by passing settings in an XML file
83        given by propFilePath
84       
85        @type **prop: dict
86        @param **prop: set properties via keywords
87        @raise AuthNInterfaceInitError: error with initialisation
88        @raise AuthNInterfaceConfigError: error with configuration
89        @raise AuthNInterfaceError: generic exception not described by the
90        other specific exception types.
91        """
92   
93    def logon(self, environ, identityURI, username, password):
94        """Interface login method
95       
96        @type environ: dict
97        @param environ: standard WSGI environ parameter
98       
99        @type identityURI: basestring
100        @param identityURI: user's identity URL e.g.
101        'https://joebloggs.somewhere.ac.uk/'
102       
103        @type username: basestring
104        @param username: user identifier for authentication
105       
106        @type password: basestring
107        @param password: corresponding password for username givens
108       
109        @raise AuthNInterfaceInvalidCredentials: invalid username/password
110        @raise AuthNInterfaceUsername2IdentifierMismatch: username doesn't
111        match the OpenID URL provided by the user.  (Doesn't apply to ID Select
112        type requests).
113        @raise AuthNInterfaceRetrieveError: error with retrieval of information
114        to authenticate user e.g. error with database look-up.
115        @raise AuthNInterfaceError: generic exception not described by the
116        other specific exception types.
117        """
118        raise NotImplementedError()
119   
120    def username2UserIdentifiers(self, environ, username):
121        """Map the login username to an identifier which will become the
122        unique path suffix to the user's OpenID identifier.  The
123        OpenIDProviderMiddleware takes self.urls['id_url']/
124        self.urls['id_yadis'] and adds it to this identifier:
125       
126            identifier = self._authN.username2UserIdentifiers(environ,
127                                                              username)
128            identityURL = self.createIdentityURI(self.urls['url_id'],
129                                                 identifier)
130       
131        @type environ: dict
132        @param environ: standard WSGI environ parameter
133
134        @type username: basestring
135        @param username: user identifier
136       
137        @rtype: tuple
138        @return: one or more identifiers to be used to make OpenID user
139        identity URL(s).
140       
141        @raise AuthNInterfaceConfigError: problem with the configuration
142        @raise AuthNInterfaceRetrieveError: error with retrieval of information
143        to identifier e.g. error with database look-up.
144        @raise AuthNInterfaceError: generic exception not described by the
145        other specific exception types.
146        """
147        raise NotImplementedError()
148
149    def logout(self, authNInterface):
150        """Stub to enable custom actions for logout.
151       
152        @type authNInterface: AbstractAuthNInterface derived type
153        @param authNInterface: authentication interface object.  See
154        AbstractAuthNInterface class for details
155        """
156        raise NotImplementedError()
Note: See TracBrowser for help on using the repository browser.