Context Navigation

← Previous Change
Next Change →

Changeset 4565 for TI12-security/trunk/python

Timestamp:

08/12/08 17:00:33 (12 years ago)

Author:

pjkersha

Message:

OpenID Provider Rendering interface:

Completed port of Buffet based RenderingInterface? from Pylons project into openid.provider.renderinginterface.buffet sub-package.

WSGI Paste test harness requires StaticURLParser instance to enable serving of graphics and stylesheets referenced in kid files.

Location:

TI12-security/trunk/python

Files:

: 26 added
: 9 edited

Legend:

: Unmodified
: Added
: Removed

TI12-security/trunk/python/ndg.security.server/ndg/security/server/pylons/development.ini

-                      r4154
+                      r4565
 # OpenID Provider
 #openid_provider.path.openidserver=/openidserver
 #openid_provider.path.login=/login
 #openid_provider.path.loginsubmit=/loginsubmit
 #openid_provider.path.id=/id
 #openid_provider.path.yadis=/yadis
 #openid_provider.path.serveryadis=/serveryadis
 #openid_provider.path.allow=/allow
 #openid_provider.path.decide=/decide
 #openid_provider.path.mainpage=/
+#openid.provider.path.openidserver=/openidserver
+#openid.provider.path.login=/login
+#openid.provider.path.loginsubmit=/loginsubmit
+#openid.provider.path.id=/id
+#openid.provider.path.yadis=/yadis
+#openid.provider.path.serveryadis=/serveryadis
+#openid.provider.path.allow=/allow
+#openid.provider.path.decide=/decide
+#openid.provider.path.mainpage=/
 openid_provider.path.openidserver=/openid/openidserver
 openid_provider.path.login=/openid/login
 openid_provider.path.loginsubmit=/openid/loginsubmit
 openid_provider.path.id=/openid/id
 openid_provider.path.yadis=/openid/yadis
 openid_provider.path.serveryadis=/openid/serveryadis
 openid_provider.path.allow=/openid/allow
 openid_provider.path.decide=/openid/decide
 openid_provider.path.mainpage=/openid
 openid_provider.session_middleware=beaker.session
 #openid_provider.base_url=http://localhost:8200
 openid_provider.base_url=https://gabriel.badc.rl.ac.uk
 #openid_provider.consumer_store_dirpath=./
 openid_provider.charset=None
 openid_provider.trace=False
 openid_provider.renderingClass=ndg.security.server.pylons.container.lib.openid_provider_util.OpenIDProviderKidRendering
 openid_provider.sregResponseHandler=ndg.security.server.pylons.container.lib.openid_provider_util:esgSRegResponseHandler
 openid_provider.axResponseHandler=ndg.security.server.pylons.container.lib.openid_provider_util:esgAXResponseHandler
+openid.provider.path.openidserver=/openid/openidserver
+openid.provider.path.login=/openid/login
+openid.provider.path.loginsubmit=/openid/loginsubmit
+openid.provider.path.id=/openid/id
+openid.provider.path.yadis=/openid/yadis
+openid.provider.path.serveryadis=/openid/serveryadis
+openid.provider.path.allow=/openid/allow
+openid.provider.path.decide=/openid/decide
+openid.provider.path.mainpage=/openid
+openid.provider.session_middleware=beaker.session
+#openid.provider.base_url=http://localhost:8200
+openid.provider.base_url=https://gabriel.badc.rl.ac.uk
+#openid.provider.consumer_store_dirpath=./
+openid.provider.charset=None
+openid.provider.trace=False
+openid.provider.renderingClass=ndg.security.server.pylons.container.lib.openid.provider_util.OpenIDProviderKidRendering
+openid.provider.sregResponseHandler=ndg.security.server.pylons.container.lib.openid.provider_util:esgSRegResponseHandler
+openid.provider.axResponseHandler=ndg.security.server.pylons.container.lib.openid.provider_util:esgAXResponseHandler
 # Basic authentication for testing/admin - comma delimited list of
 # <username>:<password> pairs
 openid_provider.usercreds=pjk:test, luca:esgndgtest
+openid.provider.usercreds=pjk:test, luca:esgndgtest
 # Logging configuration

TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/provider/init.py

-                      r4559
+                      r4565
     """OpenID Provider WSGI Middleware Error"""
 class OpenIDProviderConfigError(Exception):
+class OpenIDProviderConfigError(OpenIDProviderMiddlewareError):
     """OpenID Provider Configuration Error"""
+class OpenIDProviderMissingRequiredAXAttrs(OpenIDProviderMiddlewareError):
+    """Raise if a Relying Party *requires* one or more attributes via
+    the AX interface but this OpenID Provider cannot return them.  This doesn't
+    apply to attributes that are optional"""
+class OpenIDProviderMissingAXResponseHandler(OpenIDProviderMiddlewareError):
+    """Raise if a Relying Party *requires* one or more attributes via
+    the AX interface but no AX Response handler has been set"""
 class OpenIDProviderMiddleware(object):
     """WSGI Middleware to implement an OpenID Provider
 …
         # Convert from string type where required
         opt['charset'] = opt.get('charset', '')
         opt['trace'] = bool(opt.get('trace', 'False'))
+        opt['trace'] = opt.get('trace', 'false').lower() == 'true'
         renderingClassVal = opt.get('renderingClass', None)
 …
             self._authN = authNInterfaceClass(**authNInterfaceProperties)
         except Exception, e:
             log.error("Error instantiating authentication interface...")
+            log.error("Error instantiating authentication interface: %s" % e)
             raise
 …
                                                 (renderingClass,
                                                  RenderingInterface))
+        # Extract rendering interface specific properties
+        renderingProperties = dict([(k.replace('rendering_', ''), v)
+                                         for k,v in opt.items()
+                                         if k.startswith('rendering_')])
         try:
+            self._render = renderingClass(self._authN,
+                                          self.base_url,
+                                          self.urls)
+            self._render = renderingClass(self._authN,
+                                          self.base_url,
+                                          self.urls,
+                                          **renderingProperties)
         except Exception, e:
             log.error("Error instantiating rendering interface...")
+            log.error("Error instantiating rendering interface: %s" % e)
             raise
 …
         app_conf or keywords
+        Nb. exclusions for authN and rendering interface properties.
         @type opt: dict
         @param opt: existing options set.  These will be updated by this
 …
                 # Allow for authN.* properties used by the Authentication
                 # Interface
+                if filtK not in cls.defOpt and not filtK.startswith('authN_'):
+                if filtK not in cls.defOpt and \
+                   not filtK.startswith('authN_') and \
+                   not filtK.startswith('rendering_'):
                     badOpt += [k]
                 else:
 …
             try:
+                oidResponse = self._identityApproved(oidRequest, identity)
+                oidResponse = self._identityApprovedPostProcessing(oidRequest,
+                                                                   identity)
+            except (OpenIDProviderMissingRequiredAXAttrs,
+                    OpenIDProviderMissingAXResponseHandler):
+                response = self._render.errorPage(environ, start_response,
+                    'The site where you wish to signin requires '
+                    'additional information which this site isn\'t '
+                    'configured to provide.  Please report this fault to '
+                    'your site administrator.')
+                return response
             except Exception, e:
                 log.error("Setting response following ID Approval: %s" % e)
                 return self._render.errorPage(environ, start_response,
                                               'Error setting response.  '
                                               'Please report the error to '
                                               'your site administrator.')
+                        'An error occurred setting additional parameters '
+                        'required by the site requesting your ID.  Please '
+                        'report this fault to your site administrator.')
             else:
                 return self._displayResponse(oidResponse)
 …
            not oidRequest.idSelect():
             try:
+                response = self._identityApproved(oidRequest,
+                                                  oidRequest.identity)
+                response = self._identityApprovedPostProcessing(oidRequest,
+                                                        oidRequest.identity)
+            except (OpenIDProviderMissingRequiredAXAttrs,
+                    OpenIDProviderMissingAXResponseHandler):
+                response = self._render.errorPage(environ, start_response,
+                    'The site where you wish to signin requires '
+                    'additional information which this site isn\'t '
+                    'configured to provide.  Please report this fault to '
+                    'your site administrator.')
+                return response
             except Exception, e:
                 log.error("Setting response following ID Approval: %s" % e)
                 response = self._render.errorPage(environ, start_response,
                                                   'Error setting response.  '
                                                   'Please report the error to '
                                                   'your site administrator.')
+                        'An error occurred setting additional parameters '
+                        'required by the site requesting your ID.  Please '
+                        'report this fault to your site administrator.')
                 return response
 …
                        "been set" % requiredAttr)
                 log.error(msg)
                 raise OpenIDProviderConfigError(msg)
+                raise OpenIDProviderMissingAXResponseHandler(msg)
             return
 …
         # possibly via FetchRequest.getRequiredAttrs()
         try:
+            self.axResponseHandler(ax_req, ax_resp,
+                                   self.session.get('username'))
+            self.axResponseHandler(ax_req,ax_resp,self.session.get('username'))
+        except OpenIDProviderMissingRequiredAXAttrs, e:
+            log.error("OpenID Provider is unable to set the AX attributes "
+                      "required by the Relying Party's request: %s" % e)
+            raise
         except Exception, e:
             log.error("%s exception raised setting requested Attribute "
 …
     def _identityApproved(self, oidRequest, identifier=None):
+    def _identityApprovedPostProcessing(self, oidRequest, identifier=None):
         '''Action following approval of a Relying Party by the user.  Add
         Simple Registration and/or Attribute Exchange parameters if handlers
+        were specified - See _addSRegResponse and _addAXResponse methods
+        were specified - See _addSRegResponse and _addAXResponse methods - and
+        only if the Relying Party has requested them
         @type oidRequest: openid.server.server.CheckIDRequest
 …
                 # User has approved this Relying Party
                 try:
+                    oidResponse = self._identityApproved(oidRequest)
+                    oidResponse = self._identityApprovedPostProcessing(
+                                                                    oidRequest)
+                except (OpenIDProviderMissingRequiredAXAttrs,
+                        OpenIDProviderMissingAXResponseHandler):
+                    response = self._render.errorPage(environ, start_response,
+                        'The site where you wish to signin requires '
+                        'additional information which this site isn\'t '
+                        'configured to provide.  Please report this fault to '
+                        'your site administrator.')
+                    return response
                 except Exception, e:
                     log.error("Setting response following ID Approval: %s" % e)
                     response = self._render.errorPage(environ, start_response,
+                        'Error setting response.  Please report the error to '
+                        'your site administrator.')
+                        'An error occurred setting additional parameters '
+                        'required by the site requesting your ID.  Please '
+                        'report this fault to your site administrator.')
                     return response

TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/provider/authninterface/basic.py

-                      r4559
+                      r4565
 import logging
 log = logging.getLogger(__name__)
+from ndg.security.server.wsgi.openid.provider import AbstractAuthNInterface
 class BasicAuthNInterface(AbstractAuthNInterface):
 …
             raise AuthNInterfaceConfigError('Mismatch between usernames in '
                                             '"userCreds" and '
+                                            '"username2UserIdentifiers" options')
+                                            '"username2UserIdentifiers" '
+                                            'options')
     def logon(self, environ, userIdentifier, username, password):

TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/provider/authninterface/sessionmanager.py

-                      r4545
+                      r4565
     '''Authentication interface class for OpenIDProviderMiddleware to enable
     authentication to a Session Manager instance running in the same WSGI
+    stack or via a SOAP call to a remote service'''
+    stack or via a SOAP call to a remote service
+    @type dbParamNames: tuple
+    @cvar dbParamNames: permitted config keywords.  Nb. SQL queries takes
+    String Template style '$' substitutions for username, password and OpenID
+    identifier'''
     dbParamNames = (
 …
             try:
+                queryInputs = dict(username=username,
+                                   userIdentifier=userIdentifier)
+                query = Template(self.logonSQLQuery).substitute(queryInputs)
+                result = connection.execute(query)
+                try:
+                    queryInputs = dict(username=username,
+                                       userIdentifier=userIdentifier)
+                    query=Template(self.logonSQLQuery).substitute(queryInputs)
+                    result = connection.execute(query)
+                except Exception, e:
+                    log.error('Connecting database for user logon query : %s' %
+                              e)
+                    raise
                 if not result.rowcount:
                     raise AuthNInterfaceUsername2IdentifierMismatch()

TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/provider/renderinginterface/buffet/init.py

-                      r4554
+                      r4565
 __contact__ = "Philip.Kershaw@stfc.ac.uk"
 __revision__ = "$Id$"
-import pylons
-from pylons.templating import Buffet
-from pylons import config
 import logging
 log = logging.getLogger(__name__)
+import httplib
+from pylons.templating import Buffet
+# Rendering classes for OpenID Provider must derive from generic render
+# interface
 from ndg.security.server.wsgi.openid.provider import RenderingInterface, \
     AuthNInterfaceConfigError
 …
     def _update_names(self, ns):
         return ns
-try:
-    def_eng = config['buffet.template_engines'][0]
-    buffet = OpenIDProviderRenderingBuffet(
-        def_eng['engine'],
-        template_root=def_eng['template_root'],
-        **def_eng['template_options']
+    )
-    for e in config['buffet.template_engines'][1:]:
-        buffet.prepare(
-            e['engine'],
-            template_root=e['template_root'],
-            alias=e['alias'],
-            **e['template_options']
+        )
-except:
-    templateRoot = 'ndg.security.server.pylons.container.templates'
-    buffet = OpenIDProviderRenderingBuffet('kid', template_root=templateRoot)
-#{'mako.directories': ['/home/pjkersha/workspace/security/python/ndg.security.server/ndg/security/server/pylons/container/templates'],
-#'myghty.component_root': [{'templates': '/home/pjkersha/workspace/security/python/ndg.security.server/ndg/security/server/pylons/container/templates'}],
-#'myghty.data_dir': '/home/pjkersha/workspace/security/python/ndg.security.server/ndg/security/server/pylons/data/templates',
-#'kid.encoding': 'utf-8',
-#'kid.assume_encoding': 'utf-8',
-#'mako.module_directory': '/home/pjkersha/workspace/security/python/ndg.security.server/ndg/security/server/pylons/data/templates',
-#'myghty.allow_globals': ['c', 'g', 'h', 'render', 'request', 'session', 'translator', 'ungettext', '_', 'N_'],
-#'myghty.output_encoding': 'utf-8',
-#'myghty.raise_error': True,
-#'mako.output_encoding': 'utf-8',
-#'mako.filesystem_checks': True}
-class State:
-    '''Convenience class for passing parameters from rendering interface to
-    individual template files'''
-    def __init__(self, urls={}, session={}):
-        self.title = ''
-        self.xml = ''
-        self.headExtras = ''
-        self.session = session
-        self.loginStatus = True
-        self.urls = urls
-import httplib
-# Rendering classes for OpenID Provider must derive from generic render
-# interface
-from ndg.security.server.wsgi.openid.provider import RenderingInterface
 class BuffetRendering(RenderingInterface):
 …
+    )
+    def __init__(self, **prop):
+    def __init__(self, *arg, **opt):
+        '''Extend RenderingInterface to include config and set-up for Buffet
+        object
+        @type *arg: tuple
+        @param *arg: RenderingInterface parent class arguments
+        @type **opt: dict
+        @param **opt: additional keywords to set-up Buffet rendering'''
+        super(BuffetRendering, self).__init__(*arg, **opt)
         try:
             for p in prop:
                 setattr(self, p, prop[p])
+            for i in opt:
+                setattr(self, i, opt[i])
         except KeyError, e:
             raise AuthNInterfaceConfigError("Missing property: %s" % e)
         self._buffet=OpenIDProviderRenderingBuffet(self.templateType,
                                                    template_root=templateRoot)
+        self._buffet = OpenIDProviderRenderingBuffet(self.templateType,
+                                            template_root=self.templateRoot)
+    def _render(self, templateName, **kw):
+        self.title = ''
+        self.xml = ''
+        self.headExtras = ''
+        self.loginStatus = True
+    def _render(self, templateName, c=None, **kw):
         '''Wrapper for Buffet.render'''
+        if c is None:
+            c = self
+        kw['c'] = c
         rendering = self._buffet.render(template_name=templateName,
                                         namespace=kw)
 …
               msg=''):
         """Set-up template for OpenID Provider Login"""
+        c = State(urls=self.urls, session=self.session)
+        c.title = "OpenID Login"
+        c.success_to = success_to or self.urls['url_mainpage']
+        c.fail_to = fail_to or self.urls['url_mainpage']
+        c.xml = msg
+        self.title = "OpenID Login"
+        self.success_to = success_to or self.urls['url_mainpage']
+        self.fail_to = fail_to or self.urls['url_mainpage']
+        self.xml = msg
+        response = BuffetRendering._render('ndg.security.login',
+                                           c=c, g=config, h=h)
+        response = self._render('ndg.security.login')
         start_response('200 OK',
                        [('Content-type', 'text/html'+self.charset),
 …
     def mainPage(self, environ, start_response):
         """Set-up template for OpenID Provider Login"""
+        c = State(urls=self.urls, session=self.session)
+        c.title = "OpenID Provider"
+        c.headExtras = '<meta http-equiv="x-xrds-location" content="%s"/>' % \
+        self.title = "OpenID Provider"
+        self.headExtras = '<meta http-equiv="x-xrds-location" content="%s"/>'%\
                         self.urls['url_serveryadis']
+        response = BuffetRendering._render('ndg.security.mainPage',
+                                           c=c, g=config, h=h)
+        response = self._render('ndg.security.mainPage')
         start_response('200 OK',
                        [('Content-type', 'text/html'+self.charset),
 …
             h.redirect_to(self.urls['url_mainpage'])
+        c = State(urls=self.urls, session=self.session)
+        c.title = "OpenID Identity Page"
+        self.title = "OpenID Identity Page"
         link_tag = '<link rel="openid.server" href="%s"/>' % \
               self.urls['url_openidserver']
+                    self.urls['url_openidserver']
         yadis_loc_tag = '<meta http-equiv="x-xrds-location" content="%s"/>' % \
             (self.urls['url_yadis']+'/'+userIdentifier)
         c.headExtras = link_tag + yadis_loc_tag
+        self.headExtras = link_tag + yadis_loc_tag
         identityURL = self.base_url + path
         c.xml = "<b><pre>%s</pre></b>" % identityURL
+        self.xml = "<b><pre>%s</pre></b>" % identityURL
+        response = BuffetRendering._render('ndg.security.identityPage',
+                                           c=c, g=config, h=h)
+        response = self._render('ndg.security.identityPage')
         start_response("200 OK",
                        [('Content-type', 'text/html'+self.charset),
 …
         """Handle user interaction required before final submit back to Relying
         Party"""
         c = State(urls=self.urls, session=self.session)
         c.title = 'Approve OpenID Request?'
         c.trust_root = oidRequest.trust_root
         c.oidRequest = oidRequest
+        self.title = 'Approve OpenID Request?'
+        self.trust_root = oidRequest.trust_root
+        self.oidRequest = oidRequest
+        self.environ = environ
+        response=BuffetRendering._render('ndg.security.decidePage',
+                                         c=c, g=config, h=h)
+        response = self._render('ndg.security.decidePage')
         start_response("200 OK",
                        [('Content-type', 'text/html'+self.charset),
 …
     def errorPage(self, environ, start_response, msg, code=500):
+        c = State(urls=self.urls, session=self.session)
+        c.title = 'Error with OpenID Provider'
+        c.xml = msg
+        '''Display error information'''
+        self.title = 'Error with OpenID Provider'
+        self.xml = msg
+        response = self._render('ndg.security.error')
         start_response('%d %s' % (code, httplib.responses[code]),
                        [('Content-type', 'text/html'+self.charset),
                         ('Content-length', str(len(response)))])
-        response = BuffetRendering._render('ndg.security.error',
-                                           c=c, g=config, h=h)
         return response

TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/provider/renderinginterface/buffet/templates/ndg/security/decidePage.kid

-                      r4554
+                      r4565
                 <?python
                         if c.oidRequest.idSelect():
+                                identityURL = c.urls['url_id']+'/'+c.session['username']
+                                userIdentifier = c._authN.username2UserIdentifiers(
+                                                                                                c.environ,
+                                                                                                c.session['username'])[0]
+                                identityURL = c.urls['url_id']+'/'+userIdentifier
                         else:
                                 identityURL = c.oidRequest.identity
 …
                 <form method="POST" action="${c.urls['url_allow']}">
                         <table>
+                                <input type="hidden" name="identity" value="$identityURL" />
                                 <tr>
                                         <td>

TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/provider/renderinginterface/buffet/templates/ndg/security/ndgPage.kid

-                      r4554
+                      r4565
     <div py:def="header()">
         <div id="header"/>
         <div id="logo"><img src="${g['LeftLogo']}" alt="${g['LeftAlt']}" /></div>
+        <div id="logo"><img src="${c.leftLogo}" alt="${c.leftAlt}" /></div>
     </div>
 …
                 <td align="left" width="60%">
                     <table><tbody>
                     <tr><td><span py:replace="linkimage(g.ndgLink,g.ndgImage,'NDG')"/></td>
+                    <tr><td><span py:replace="linkimage(c.ndgLink,c.ndgImage,'NDG')"/></td>
                     <td>OpenID Provider Site for <a href="http://ndg.nerc.ac.uk"> NERC DataGrid</a>
                     ${g.disclaimer} </td>
+                    ${c.disclaimer} </td>
                     </tr>
                     </tbody></table>
 …
                     </div>
                 </td>
                 <td align="right"><span py:replace="linkimage(g.stfcLink,g.stfcImage,'Hosted by the STFC CEDA')"/></td>
+                <td align="right"><span py:replace="linkimage(c.stfcLink,c.stfcImage,'Hosted by the STFC CEDA')"/></td>
             </tr>
         </tbody></table></center>

TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/serverapp.py

-                      r4538
+                      r4565
     from paste.httpserver import serve
     from paste.deploy import loadapp
+    from paste.urlparser import StaticURLParser
+    from paste.cascade import Cascade
     app = loadapp('config:%s' % cfgFilePath)
+    serve(app, host='0.0.0.0', port=port)
+    rootPath = os.path.join(os.environ['NDGSEC_COMBINED_SRVS_UNITTEST_DIR'],
+                            'openidprovider')
+    # Include to enable stylesheet and graphics
+    staticURLParser = StaticURLParser(rootPath)
+    app2 = Cascade([staticURLParser, app])
+    serve(app2, host='0.0.0.0', port=port)

TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/services.ini

-                      r4554
+                      r4565
 openid.provider.rendering.templateType = kid
 openid.provider.rendering.templateRoot = ndg.security.server.wsgi.openid.provider.renderinginterface.buffet.templates
+openid.provider.rendering.kid.assume_encoding= utf-8
+openid.provider.rendering.kid.encoding = utf-8
 # Layout
 openid.provider.rendering.baseURL = http://localhost:8000
+openid.provider.rendering.baseURL = %(openid.provider.base_url)s
 openid.provider.rendering.leftLogo = %(openid.provider.rendering.baseURL)s/layout/NERC_Logo.gif
 openid.provider.rendering.leftAlt = Natural Environment Research Council

Note: See TracChangeset for help on using the changeset viewer.

Download in other formats: