Changeset 2959 for TI05-delivery


Ignore:
Timestamp:
17/10/07 09:54:05 (12 years ago)
Author:
pjkersha
Message:

ows_server/ows_server/controllers/login.py:

  • removed call - BaseController?.call supplies all the needed functionality
  • added to before - filter out getCredentials from return to address - getCredentials can contain cred args so should be removed. The code here is a 2nd line of defence - BaseController?.call removes getCredentials from request URLs so return to should nvere get assigned a getCredenials call.

ows_server/ows_server/controllers/logout.py:

  • same mod to before call as login.py listed above.

ows_server/ows_server/lib/security_util.py:

  • constructURL function - not used but a starting point for attempting to encapsulate security related code and remove it from BaseController?.call

ows_server/ows_server/lib/base.py:

  • if c.requestURL contains getCredentials filter it out and redirect to /discovery instead. getCredentials recives username/password from login form. Without this check these fields can be exposed as URL query args in a c.returnTo address(!)
Location:
TI05-delivery/ows_framework/trunk/ows_server/ows_server
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • TI05-delivery/ows_framework/trunk/ows_server/ows_server/controllers/login.py

    r2955 r2959  
    11import sys,cgi 
    2 from urlparse import urlsplit 
     2from urlparse import urlsplit, urlunsplit 
    33import base64 
    44 
     
    1919class LoginController(BaseController): 
    2020    ''' Provides the pylons controller for local login ''' 
    21  
    22     def __call__(self, environ, start_response): 
    23         """Update c.requestURL and c.b64encRequestURL using g.server setting 
    24         to avoid exposing the absolute URL hidden behind the proxy""" 
    25                  
    26         # Insert any code to be run per request here. The Routes match 
    27         # is under environ['pylons.routes_dict'] should you want to check 
    28         # the action or route vars here 
    29  
    30         log.debug("LoginController.__call__ calling BaseController.__call__ ...") 
    31         response = super(LoginController, self).__call__(environ, start_response) 
    32  
    33          
    34         # Construct URL picking up setting of server name from config to  
    35         # avoid exposing absolute URL hidden behind mod_proxy see #857             
    36         c.requestURL = g.server + urllib.quote(environ.get('PATH_INFO', '')) 
    37  
    38         query = '&'.join(["%s=%s" % item for item in request.params.items()]) 
    39         if query: 
    40             c.requestURL += '?' + query 
    41  
    42         # Base 64 encode to enable passing around in 'r' argument of query 
    43         # string for use with login/logout 
    44         c.b64encRequestURL = urlsafe_b64encode(c.requestURL) 
    45          
    46         return response 
    47      
    4821     
    4922    def __before__(self, action):  
     
    5124        query string.  c.returnTo is used in some of the .kid files""" 
    5225        c.returnTo = request.params.get('r', '') 
    53         log.debug("Decoded c.returnTo = %s" % \ 
     26         
     27        # Check return to address - getCredentials should NOT be returned to 
     28        # with its query args intact 
     29        b64decReturnTo = base64.urlsafe_b64decode(c.returnTo) 
     30        scheme, netloc, pathInfo, query, frag = urlsplit(b64decReturnTo) 
     31        if 'getCredentials' in pathInfo: 
     32            # Swap to discovery and remove sensitive creds query args 
     33            # 
     34            # TODO: re-write to be more robust and modular.  Nb.  
     35            # BaseController.__call__ should filter out 'getCredentials' 
     36            # calls from c.requestURL so this code should never need to be  
     37            # executed. 
     38            filteredReturnTo = urlunsplit((scheme,netloc,'/discovery','','')) 
     39            c.returnTo = base64.urlsafe_b64encode(filteredReturnTo) 
     40         
     41        # Check return to address - getCredentials should NOT be returned to 
     42        # with its query args intact 
     43        log.debug("LoginController.__before__: Decoded c.returnTo = %s" % \ 
    5444                                      base64.urlsafe_b64decode(c.returnTo)) 
    5545     
  • TI05-delivery/ows_framework/trunk/ows_server/ows_server/controllers/logout.py

    r2929 r2959  
    77import sys # include in case tracefile is set to sys.stderr  
    88import base64 # decode the return to address 
     9from urlparse import urlsplit, urlunsplit 
    910 
    1011from ndg.security.common.SessionMgr import SessionMgrClient 
     
    1213 
    1314class LogoutController(BaseController): 
    14     ''' Provides the pylons controller for logging out and killing the cookies ''' 
     15    '''Provides the pylons controller for logging out and killing the cookies 
     16    ''' 
    1517     
    1618    def __before__(self): 
    1719        """Get return to URL""" 
    1820        c.returnTo = request.params.get('r', '') 
     21         
     22        # Check return to address - getCredentials should NOT be returned to 
     23        # with its query args intact 
     24        b64decReturnTo = base64.urlsafe_b64decode(c.returnTo) 
     25        scheme, netloc, pathInfo, query, frag = urlsplit(b64decReturnTo) 
     26        if 'getCredentials' in pathInfo: 
     27            # Swap to discovery and remove sensitive creds query args 
     28            # 
     29            # TODO: re-write to be more robust and modular.  Nb.  
     30            # BaseController.__call__ should filter out 'getCredentials' 
     31            # calls from c.requestURL so this code should never need to be  
     32            # executed. 
     33            filteredReturnTo = urlunsplit((scheme,netloc,'/discovery','','')) 
     34            c.returnTo = base64.urlsafe_b64encode(filteredReturnTo) 
    1935 
    2036     
  • TI05-delivery/ows_framework/trunk/ows_server/ows_server/lib/base.py

    r2934 r2959  
    4141         
    4242        # construct URL picking up setting of server name from config to  
    43         # avoid exposing absolute URL hidden behind mod_proxy see #857             
    44         c.requestURL = g.server + urllib.quote(environ.get('PATH_INFO', '')) 
    45  
    46         query = '&'.join(["%s=%s" % item for item in request.params.items()]) 
    47         if query: 
    48             c.requestURL += '?' + query 
    49  
    50         logger.debug("BaseController.__call__ URL = [%s]" % c.requestURL) 
    51  
     43        # avoid exposing absolute URL hidden behind mod_proxy see #857  
     44        # Also, avoid returning to getCredentials and potentially exposing 
     45        # username/pass-phrase on URL. 
     46        # TODO: rework getCredentials get-out for more modular solution 
     47        pathInfo = urllib.quote(environ.get('PATH_INFO', ''))  
     48        if 'getCredentials' in pathInfo: 
     49            logger.debug(\ 
     50                "Reverting request URL from getCredentials to discovery...") 
     51            c.requestURL = g.server + '/discovery'        
     52        else: 
     53            c.requestURL = g.server + pathInfo 
     54            query='&'.join(["%s=%s"%item for item in request.params.items()]) 
     55            if query: 
     56                c.requestURL += '?' + query 
     57         
    5258        # Base 64 encode to enable passing around in 'r' argument of query 
    5359        # string for use with login/logout 
  • TI05-delivery/ows_framework/trunk/ows_server/ows_server/lib/security_util.py

    r2949 r2959  
    1313log = logging.getLogger(__name__) 
    1414 
    15 from pylons import session, request 
     15import urllib 
     16from pylons import session, request, g 
    1617 
    1718 
     
    7071    """Create query string containing security credentials.  This is used by 
    7172    the Identity Provider pass the credentials over a HTTP GET back to the  
    72     Service Provider""" 
     73    Service Provider 
     74     
     75    @cvar keys: query args to be copied into security session dict 
     76    @type keys: tuple 
     77    @cvar roleSep: delimit roles names in URL arg with this symbol 
     78    @type roleSep: string 
     79    @cvar argSep: standard arg separator for URLs 
     80    @type argSep: string""" 
    7381     
    7482    keys = SecuritySession.subKeys 
     
    100108 
    101109    @classmethod 
    102     def stripFromURI(cls): 
     110    def stripFromURI(cls, *params): 
    103111        """Make a new query string using Pylons request.params but stripping 
    104112        args relating to security 
    105113         
     114        @param params: parameters to remove instead of those contained in keys 
     115        class variable 
     116        @type additionalParams: tuple 
    106117        @rtype: string 
    107118        @return: URL query string with security args removed""" 
     119        keys = params or cls.keys 
    108120        return cls.argSep.join(['%s=%s' % (i, request.params[i]) \ 
    109                                 for i in request.params if i not in cls.keys]) 
     121                                for i in request.params if i not in keys]) 
    110122 
    111123    @classmethod 
     
    133145 
    134146        return keys 
    135      
     147 
     148# TODO: this could be used in the future to replace parts of BaseController. 
     149# __call__ but leave for the moment as there may be a more modular solution 
     150def constructURL(pathInfo, 
     151                 scheme=None, 
     152                 netloc=None, 
     153                 altPathInfo='/discovery', 
     154                 query=None): 
     155    """Utility for BaseController.  Remove getCredentials calls""" 
     156  
     157    if scheme is None and netloc is None: 
     158        pathPfx = g.server 
     159    else: 
     160        pathPfx = urlunsplit((scheme, netloc, '', '', '')) 
     161         
     162    if 'getCredentials' in pathInfo: 
     163        logger.debug("Reverting request URL from getCredentials to discovery...") 
     164        requestURL = pathPfx + altPathInfo        
     165    else: 
     166        requestURL = pathPfx + pathInfo 
     167        if query is None: 
     168            query='&'.join(["%s=%s"%item for item in request.params.items()]) 
     169 
     170        if query: 
     171            requestURL += '?' + query 
     172             
     173    return requestURL 
     174 
     175 
    136176import sys 
    137177 
Note: See TracChangeset for help on using the changeset viewer.