Changeset 4153


Ignore:
Timestamp:
29/08/08 09:20:57 (11 years ago)
Author:
pjkersha
Message:
  • openid_provider: tightened error handling for OpenIDProviderMiddleware.do_allow
  • Removed AuthKit? Middleware from Pylons container for now as it interferes with cookies set with AuthKit? in NDG Browse
  • Updated wording for ndgPage.kid footer and added disclaimer text to ini file.
Location:
TI12-security/trunk/python/ndg.security.server/ndg/security/server
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/pylons/container/config/middleware.py

    r4125 r4153  
    4545    # CUSTOM MIDDLEWARE HERE (filtered by error handling middlewares) 
    4646    app = OpenIDProviderMiddleware(app, app_conf) 
    47     app = authkit.authenticate.middleware(app, app_conf) 
     47#    app = authkit.authenticate.middleware(app, app_conf) 
    4848    app = SessionMiddleware(app) 
    4949 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/pylons/container/templates/ndg/security/ndgPage.kid

    r4152 r4153  
    5757                    <table><tbody> 
    5858                    <tr><td><span py:replace="linkimage(g.ndgLink,g.ndgImage,'NDG')"/></td> 
    59                     <td> This portal is a product of the <a href="http://ndg.nerc.ac.uk"> NERC DataGrid</a> 
     59                    <td>OpenID Provider Site for <a href="http://ndg.nerc.ac.uk"> NERC DataGrid</a> 
    6060                    ${g.disclaimer} </td> 
    6161                    </tr> 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/pylons/development.ini

    r4146 r4153  
    1818ndgLink = http://ndg.nerc.ac.uk/ 
    1919ndgImage = %(server)s/layout/ndg_logo_circle.gif 
    20 disclaimer =  
     20disclaimer = This site is for test purposes only and is under active development. 
    2121stfcLink = http://ceda.stfc.ac.uk/ 
    2222stfcImage = %(server)s/layout/stfc-circle-sm.gif 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid_provider.py

    r4151 r4153  
    283283         
    284284        oidRequest = self.session.get('lastCheckIDRequest') 
    285  
     285        if oidRequest is None: 
     286            log.error("Suspected do_allow called from stale request") 
     287            #return self.app(environ, start_response) 
     288            response = self._renderer.renderErrorPage(environ,  
     289                                                      "Invalid request") 
     290            start_response("400 Bad Request",  
     291                           [('Content-type', 'text/html'), 
     292                            ('Content-length', str(len(response)))]) 
     293            return response 
     294         
    286295        if 'Yes' in self.query: 
    287296            if oidRequest.idSelect(): 
     
    305314            #response = self._displayResponse(oidResponse) 
    306315            response = self._renderer.renderMainPage(environ)             
    307         else: 
    308             raise OpenIDProviderMiddlewareError('Expecting yes/no in allow ' 
    309                                                 'post.  %r' % self.query) 
     316            start_response("200 OK",  
     317                           [('Content-type', 'text/html'), 
     318                            ('Content-length', str(len(response)))]) 
     319        else: 
     320            response = self._renderer.renderErrorPage(environ,  
     321                                                      'Expecting yes/no in ' 
     322                                                      'allow post.  %r' % \ 
     323                                                      self.query) 
     324            start_response("400 Bad Request",  
     325                           [('Content-type', 'text/html'), 
     326                            ('Content-length', str(len(response)))]) 
     327            return response 
     328#            raise OpenIDProviderMiddlewareError('Expecting yes/no in allow ' 
     329#                                                'post.  %r' % self.query) 
    310330 
    311331        return response 
Note: See TracChangeset for help on using the changeset viewer.