Changeset 4545 for TI12-security/trunk/python
- Timestamp:
- 05/12/08 16:07:27 (12 years ago)
- Location:
- TI12-security/trunk/python
- Files:
-
- 16 edited
-
Tests/openid-provider/op/op/config/middleware.py (modified) (1 diff)
-
Tests/openid-provider/op/op/lib/rendering.py (modified) (1 diff)
-
ndg.security.common/ndg/security/common/sessionmanager.py (modified) (1 diff)
-
ndg.security.server/ndg/security/server/authnservice/dbauthn.py (modified) (1 diff)
-
ndg.security.server/ndg/security/server/pylons/container/config/middleware.py (modified) (1 diff)
-
ndg.security.server/ndg/security/server/pylons/container/lib/openid_provider_util.py (modified) (1 diff)
-
ndg.security.server/ndg/security/server/sessionmanager.py (modified) (5 diffs)
-
ndg.security.server/ndg/security/server/wsgi/openid/__init__.py (modified) (1 diff)
-
ndg.security.server/ndg/security/server/wsgi/openid/provider/__init__.py (modified) (11 diffs)
-
ndg.security.server/ndg/security/server/wsgi/openid/provider/authninterface/__init__.py (modified) (1 diff)
-
ndg.security.server/ndg/security/server/wsgi/openid/provider/authninterface/sessionmanager.py (modified) (1 diff)
-
ndg.security.server/ndg/security/server/wsgi/utils/__init__.py (modified) (1 diff)
-
ndg.security.server/ndg/security/server/wsgi/utils/attributeauthorityclient.py (modified) (1 diff)
-
ndg.security.server/ndg/security/server/wsgi/utils/sessionmanagerclient.py (modified) (4 diffs)
-
ndg.security.test/ndg/security/test/combinedservices/services.ini (modified) (2 diffs)
-
ndg.security.test/ndg/security/test/combinedservices/test_combinedservices.py (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
TI12-security/trunk/python/Tests/openid-provider/op/op/config/middleware.py
r4122 r4545 13 13 from op.config.environment import load_environment 14 14 15 from ndg.security.server.wsgi.openid _provider import OpenIDProviderMiddleware15 from ndg.security.server.wsgi.openid.provider import OpenIDProviderMiddleware 16 16 from beaker.middleware import SessionMiddleware 17 17 import authkit.authenticate -
TI12-security/trunk/python/Tests/openid-provider/op/op/lib/rendering.py
r4526 r4545 49 49 config['pylons.g'].helpIcon = config['pylons.g'].server+'/layout/icons/help.png' 50 50 51 from ndg.security.server.wsgi.openid _provider import RenderingInterface51 from ndg.security.server.wsgi.openid.provider import RenderingInterface 52 52 53 53 class OpenIDProviderKidRendering(RenderingInterface): -
TI12-security/trunk/python/ndg.security.common/ndg/security/common/sessionmanager.py
r4513 r4545 369 369 @return user cert, user private key, issuing cert and sessID all as 370 370 strings but sessID will be None if the createServerSess keyword is 371 False""" 371 False 372 373 @raise InvalidSessionManagerClientCtx: no client binding to service has 374 been set up 375 @raise SessionManagerClientError: error reading passphrase file""" 372 376 373 377 if not self.__srv: -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/authnservice/dbauthn.py
r4500 r4545 59 59 passwd = passphrase 60 60 61 pgDb= create_engine(self.connectionString)62 connection = pgDb.connect()61 dbEngine = create_engine(self.connectionString) 62 connection = dbEngine.connect() 63 63 64 64 try: -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/pylons/container/config/middleware.py
r4153 r4545 14 14 load_environment 15 15 16 from ndg.security.server.wsgi.openid _provider import OpenIDProviderMiddleware16 from ndg.security.server.wsgi.openid.provider import OpenIDProviderMiddleware 17 17 from beaker.middleware import SessionMiddleware 18 18 import authkit.authenticate -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/pylons/container/lib/openid_provider_util.py
r4526 r4545 71 71 # Rendering classes for OpenID Provider must derive from generic render 72 72 # interface 73 from ndg.security.server.wsgi.openid _provider import RenderingInterface73 from ndg.security.server.wsgi.openid.provider import RenderingInterface 74 74 75 75 class OpenIDProviderKidRendering(RenderingInterface): -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/sessionmanager.py
r4528 r4545 707 707 session ID respectively. Session ID will be none if createUserSess 708 708 keyword is set to False 709 710 @raise AuthNServiceError: error with response from Authentication 711 service. An instance of this class or derived class instance may be 712 raised. 709 713 """ 710 714 … … 728 732 else: 729 733 # Create a fresh session 730 try: 734 try: 731 735 # Get a proxy certificate to represent users ID for the new 732 736 # session … … 784 788 is available. In this case, the Session Manager server certificate 785 789 is used to secure connections to Attribute Authorities and other 786 services where required""" 790 services where required 791 792 @raise SessionManagerError: session ID added already exists in session 793 list""" 787 794 788 795 log.debug("Calling SessionManager._createUserSession ...") … … 881 888 @type sessID: string 882 889 @param sessID: similiarly, a web browser session ID linking to an 883 an existing session.""" 890 an existing session. 891 892 @raise SessionNotFound: no matching session to the inputs 893 @raise UserSessionExpired: existing session has expired 894 @raise InvalidUserSession: user credential wallet is invalid 895 @raise UserSessionX509CertNotBeforeTimeError: """ 884 896 885 897 log.debug("Calling SessionManager._connect2UserSession ...") … … 940 952 userDN)) 941 953 else: 942 raise SessionManagerError('"username", "sessID" or "userX509Cert"'943 'keywordsmust be set')954 raise KeyError('"username", "sessID" or "userX509Cert" keywords ' 955 'must be set') 944 956 945 957 # Check that the Credentials held in the wallet are still valid -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/__init__.py
r4539 r4545 1 """WSGI Middleware components - OpenID package containing an OpenID Provider 2 WSGI implementation 3 4 NERC Data Grid Project""" 5 __author__ = "P J Kershaw" 6 __date__ = "05/12/08" 7 __copyright__ = "(C) 2008 STFC & NERC" 8 __license__ = \ 9 """This software may be distributed under the terms of the Q Public 10 License, version 1.0 or later.""" 11 __contact__ = "Philip.Kershaw@stfc.ac.uk" 12 __revision__ = '$Id$' -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/provider/__init__.py
r4543 r4545 105 105 """ 106 106 107 def logon(self, userIdentifier, username, password):107 def logon(self, environ, userIdentifier, username, password): 108 108 """Interface login method 109 110 @type environ: dict 111 @param environ: standard WSGI environ parameter 109 112 110 113 @type userIdentifier: basestring or None … … 134 137 raise NotImplementedError(self.logon.__doc__.replace('\n ','')) 135 138 136 def username2UserIdentifiers(self, username):139 def username2UserIdentifiers(self, environ, username): 137 140 """Map the login username to an identifier which will become the 138 141 unique path suffix to the user's OpenID identifier. The … … 140 143 identifier: 141 144 142 identifier = self._authN.username2UserIdentifiers( username)145 identifier = self._authN.username2UserIdentifiers(environ,username) 143 146 identityURL = self.urls['url_id'] + '/' + identifier 144 147 148 @type environ: dict 149 @param environ: standard WSGI environ parameter 150 145 151 @type username: basestring 146 152 @param username: user identifier … … 206 212 '"username2UserIdentifiers" options') 207 213 208 def logon(self, userIdentifier, username, password):214 def logon(self, environ, userIdentifier, username, password): 209 215 """Interface login method 210 216 217 @type environ: dict 218 @param environ: standard WSGI environ parameter 219 211 220 @type username: basestring 212 221 @param username: user identifier … … 224 233 raise AuthNInterfaceUsername2IdentifierMismatch() 225 234 226 def username2UserIdentifiers(self, username):235 def username2UserIdentifiers(self, environ, username): 227 236 """Map the login username to an identifier which will become the 228 237 unique path suffix to the user's OpenID identifier. The … … 230 239 identifier: 231 240 232 identifier = self._authN.username2UserIdentifiers( username)241 identifier = self._authN.username2UserIdentifiers(environ,username) 233 242 identityURL = self.urls['url_id'] + '/' + identifier 234 243 244 @type environ: dict 245 @param environ: standard WSGI environ parameter 246 235 247 @type username: basestring 236 248 @param username: user identifier … … 746 758 "found in session") 747 759 return self._render.errorPage(environ, start_response, 748 "An internal error occured"749 "during login. Please "750 "report the problem to your"751 "site administrator.")760 "An internal error occured possibly due to a request " 761 "that's expired. Please retry from the site where " 762 "you entered your OpenID. If the problem persists " 763 "report it to your site administrator.") 752 764 753 765 # Get user identifier to check against credentials provided … … 762 774 # Invoke custom authentication interface plugin 763 775 try: 764 self._authN.logon(userIdentifier, 776 self._authN.logon(environ, 777 userIdentifier, 765 778 self.query['username'], 766 779 self.query.get('password', '')) … … 879 892 return True 880 893 881 identifiers = self._authN.username2UserIdentifiers(username) 894 identifiers = self._authN.username2UserIdentifiers(self.environ, 895 username) 882 896 idURLBase = self.urls['url_id']+'/' 883 897 identityURLs = [idURLBase+i for i in identifiers] … … 1534 1548 1535 1549 if oidRequest.idSelect(): # We are being asked to select an ID 1536 userIdentifier = self._authN.username2UserIdentifiers(username)[0] 1550 userIdentifier = self._authN.username2UserIdentifiers(environ, 1551 username)[0] 1537 1552 identity = idURLBase + userIdentifier 1538 1553 … … 1567 1582 ''' % fdata 1568 1583 1569 elif userIdentifier in self._authN.username2UserIdentifiers(username): 1584 elif userIdentifier in self._authN.username2UserIdentifiers(environ, 1585 username): 1570 1586 msg = '''\ 1571 1587 <p>A new site has asked to confirm your identity. If you -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/provider/authninterface/__init__.py
r4542 r4545 1 """WSGI Middleware components - OpenID package Authentication Interface 2 plugins sub-package 3 4 NERC Data Grid Project""" 5 __author__ = "P J Kershaw" 6 __date__ = "05/12/08" 7 __copyright__ = "(C) 2008 STFC & NERC" 8 __license__ = \ 9 """This software may be distributed under the terms of the Q Public 10 License, version 1.0 or later.""" 11 __contact__ = "Philip.Kershaw@stfc.ac.uk" 12 __revision__ = '$Id$' -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/provider/authninterface/sessionmanager.py
r4542 r4545 1 """NDG Security OpenID Authentication Interface to a Session Manager. 2 3 This enables an OpenID Provider's signin to link to a Session Manager running 4 in the same WSGI stack or else running as a separate service via the Session 5 Manager SOAP interface 6 7 NERC Data Grid Project 8 9 This software may be distributed under the terms of the Q Public License, 10 version 1.0 or later. 11 """ 12 __author__ = "P J Kershaw" 13 __date__ = "01/08/08" 14 __copyright__ = "(C) 2008 STFC & NERC" 15 __contact__ = "Philip.Kershaw@stfc.ac.uk" 16 __revision__ = "$Id$" 17 import logging 18 log = logging.getLogger(__name__) 19 from string import Template 20 from sqlalchemy import create_engine 21 22 from ndg.security.server.wsgi.openid.provider import AbstractAuthNInterface, \ 23 AuthNInterfaceConfigError, AuthNInterfaceInvalidCredentials, \ 24 AuthNInterfaceUsername2IdentifierMismatch 25 26 from ndg.security.server.wsgi.utils.sessionmanagerclient import \ 27 WSGISessionManagerClient, AuthNServiceInvalidCredentials 28 29 30 class SessionManagerOpenIDAuthNInterface(AbstractAuthNInterface): 31 '''Authentication interface class for OpenIDProviderMiddleware to enable 32 authentication to a Session Manager instance running in the same WSGI 33 stack or via a SOAP call to a remote service''' 34 35 dbParamNames = ( 36 'connectionString', 37 'logonSQLQuery', 38 'userIdentifiersSQLQuery') 39 40 def __init__(self, **prop): 41 """Make any initial settings 42 43 Settings are held in a dictionary which can be set from **prop, 44 a call to setProperties() or by passing settings in an XML file 45 given by propFilePath 46 47 @type **prop: dict 48 @param **prop: set properties via keywords 49 @raise AuthNInterfaceConfigError: error with configuration 50 """ 51 try: 52 for name in SessionManagerOpenIDAuthNInterface.dbParamNames: 53 setattr(self, name, prop.pop(name)) 54 55 except KeyError, e: 56 raise AuthNInterfaceConfigError("Missing property setting for " 57 "database connection: %s" % e) 58 59 self._client = WSGISessionManagerClient(**prop) 60 61 62 def logon(self, environ, userIdentifier, username, password): 63 """Interface login method 64 65 @type environ: dict 66 @param environ: standard WSGI environ parameter 67 68 @type username: basestring 69 @param username: user identifier 70 71 @type password: basestring 72 @param password: corresponding password for username givens 73 74 @raise AuthNInterfaceUsername2IdentifierMismatch: no OpenID identifiers 75 match the given username 76 @raise AuthNInterfaceInvalidCredentials: invalid username/password 77 """ 78 if userIdentifier is not None: 79 # Check for a match between the OpenID user identifier and the 80 # username 81 try: 82 dbEngine = create_engine(self.connectionString) 83 connection = dbEngine.connect() 84 except Exception, e: 85 log.error('Connecting database for user logon query : %s' % e) 86 raise 87 88 try: 89 queryInputs = dict(username=username, 90 userIdentifier=userIdentifier) 91 query = Template(self.logonSQLQuery).substitute(queryInputs) 92 result = connection.execute(query) 93 if not result.rowcount: 94 raise AuthNInterfaceUsername2IdentifierMismatch() 95 finally: 96 connection.close() 97 98 try: 99 self._client.environ = environ 100 self._client.connect(username, passphrase=password) 101 102 except AuthNServiceInvalidCredentials, e: 103 log.exception(e) 104 raise AuthNInterfaceInvalidCredentials() 105 106 107 def username2UserIdentifiers(self, environ, username): 108 """Map the login username to an identifier which will become the 109 unique path suffix to the user's OpenID identifier. The 110 OpenIDProviderMiddleware takes self.urls['id_url'] and adds it to this 111 identifier: 112 113 identifier = self._authN.username2UserIdentifiers(username) 114 identityURL = self.urls['url_id'] + '/' + identifier 115 116 @type environ: dict 117 @param environ: standard WSGI environ parameter 118 119 @type username: basestring 120 @param username: user identifier 121 122 @rtype: tuple 123 @return: identifiers to be used to make OpenID user identity URLs. 124 125 @raise AuthNInterfaceRetrieveError: error with retrieval of information 126 to identifier e.g. error with database look-up. 127 """ 128 try: 129 dbEngine = create_engine(self.connectionString) 130 connection = dbEngine.connect() 131 except Exception, e: 132 log.error('Connecting database for user identifiers query : %s'%e) 133 raise 134 135 try: 136 try: 137 tmpl = Template(self.userIdentifiersSQLQuery) 138 sqlQuery = tmpl.substitute(dict(username=username)) 139 result = connection.execute(sqlQuery) 140 if not result.rowcount: 141 raise AuthNInterfaceRetrieveError() 142 143 userIdentifiers = tuple([row.values()[0] for row in result]) 144 except Exception, e: 145 log.error('Querying database for user identifiers for user ' 146 '"%s": %s' (username, e)) 147 raise 148 finally: 149 connection.close() 150 151 return userIdentifiers -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/utils/__init__.py
r4501 r4545 1 1 """WSGI Middleware utilities - Session Manager and Attribute Authority 2 client interface access via objects placed in environ 2 client interface access via objects placed in environ or external SOAP calls 3 3 4 4 NERC Data Grid Project""" -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/utils/attributeauthorityclient.py
r4521 r4545 48 48 if 'uri' in soapClientKw: 49 49 self._soapClient = AttributeAuthorityClient(**soapClientKw) 50 50 else: 51 self._soapClient = None 52 53 def _setEnviron(self, environ): 54 if not isinstance(environ, dict): 55 raise TypeError("Expecting dict type for 'environ' property") 56 self._environ = environ 57 58 def _getEnviron(self, environ): 59 return self._environ 60 61 environ = property(fget=_getEnviron, 62 fset=_setEnviron, 63 doc="WSGI environ dictionary") 51 64 52 65 def getHostInfo(self): -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/utils/sessionmanagerclient.py
r4521 r4545 23 23 WSGIAttributeAuthorityClient 24 24 25 # Import exception types from Session Manager and Session Manager client to 26 # give caller some capability to trap errors 27 # Session Manager Authentication interface ... 28 from ndg.security.server.sessionmanager import AuthNServiceError, \ 29 AuthNServiceInvalidCredentials, AuthNServiceRetrieveError, \ 30 AuthNServiceInitError, AuthNServiceConfigError 31 32 from ndg.security.common.sessionmanager import InvalidSessionManagerClientCtx 33 25 34 class WSGISessionManagerClientError(Exception): 26 35 """Base class exception for WSGI Session Manager client errors""" … … 60 69 if 'uri' in soapClientKw: 61 70 self._soapClient = SessionManagerClient(**soapClientKw) 62 71 else: 72 self._soapClient = None 73 74 def _setEnviron(self, environ): 75 if not isinstance(environ, dict): 76 raise TypeError("Expecting dict type for 'environ' property") 77 self._environ = environ 78 79 def _getEnviron(self, environ): 80 return self._environ 81 82 environ = property(fget=_getEnviron, 83 fset=_setEnviron, 84 doc="WSGI environ dictionary") 63 85 64 86 def connect(self, username, **kw): … … 70 92 71 93 if self.refInEnviron: 94 log.debug("Connecting to local Session Manager instance") 72 95 if 'username' in kw: 73 96 raise TypeError("connect() got an unexpected keyword argument " … … 77 100 res = self.ref.connect(username=username, **kw) 78 101 else: 102 log.debug("Connecting to remote Session Manager service") 103 79 104 # Filter out keywords which apply to a Session Manager local 80 105 # instance call -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/services.ini
r4537 r4545 307 307 # OpenID Provider WSGI Settings 308 308 [filter:OpenIDProviderFilter] 309 paste.filter_app_factory=ndg.security.server.wsgi.openid _provider:OpenIDProviderMiddleware309 paste.filter_app_factory=ndg.security.server.wsgi.openid.provider:OpenIDProviderMiddleware 310 310 openid.provider.path.openidserver=/openid/endpoint 311 311 openid.provider.path.login=/openid/login … … 327 327 openid.provider.trace=False 328 328 #openid.provider.renderingClass=ndg.security.server.pylons.container.lib.openid_provider_util.OpenIDProviderKidRendering 329 openid.provider.renderingClass=ndg.security.server.wsgi.openid _provider.DemoRenderingInterface329 openid.provider.renderingClass=ndg.security.server.wsgi.openid.provider.DemoRenderingInterface 330 330 openid.provider.sregResponseHandler=ndg.security.server.pylons.container.lib.openid_provider_util:esgSRegResponseHandler 331 331 openid.provider.axResponseHandler=ndg.security.server.pylons.container.lib.openid_provider_util:esgAXResponseHandler 332 openid.provider.authNInterface=ndg.security.server.wsgi.openid_provider.BasicAuthNInterface 333 openid.provider.authN.userCreds=pjk:test 334 openid.provider.authN.username2UserIdentifiers=pjk:PhilipKershaw,P.J.Kershaw 332 333 # Basic Authentication interface to demonstrate capabilities 334 #openid.provider.authNInterface=ndg.security.server.wsgi.openid.provider.BasicAuthNInterface 335 #openid.provider.authN.userCreds=pjk:test 336 #openid.provider.authN.username2UserIdentifiers=pjk:PhilipKershaw,P.J.Kershaw 337 338 # Link Authentication to a Session Manager instance running in the same WSGI 339 # stack or on a remote service 340 openid.provider.authNInterface=ndg.security.server.wsgi.openid.provider.authninterface.sessionmanager.SessionManagerOpenIDAuthNInterface 341 342 # Omit or leave as blank if the Session Manager is accessible locally in the 343 # same WSGI stack. 344 openid.provider.authN.sessionManagerURI= 345 346 # environ dictionary key to Session Manager WSGI instance held locally. The 347 # setting below is the default and can be omitted if it matches the filterID 348 # set for the Session Manager 349 #openid.provider.authN.environKey=ndg.security.server.wsgi.sessionManagerFilter 350 351 # Database connection to enable check between username and OpenID identifier 352 openid.provider.authN.connectionString: postgres://postgres:testpassword@localhost/testUserDb 353 openid.provider.authN.logonSQLQuery: select username from openid where username = '$username' and ident = '$userIdentifier' 354 openid.provider.authN.userIdentifiersSQLQuery: select distinct ident from openid where username = '$username' 335 355 336 356 # Basic authentication for testing/admin - comma delimited list of -
TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/test_combinedservices.py
r4521 r4545 15 15 __contact__ = "Philip.Kershaw@stfc.ac.uk" 16 16 __revision__ = '$Id: test_sessionmanagerclient.py 4437 2008-11-18 12:34:25Z pjkersha $' 17 import logging 18 logging.basicConfig(level=logging.DEBUG) 17 19 18 20 import unittest
Note: See TracChangeset
for help on using the changeset viewer.
