| author | Tero Marttila <terom@paivola.fi> |
| Mon, 13 Jan 2014 03:20:04 +0200 | |
| changeset 351 | 147f5e86b139 |
| parent 350 | 1ca04394c314 |
| child 354 | d46c8d3e3140 |
| permissions | -rw-r--r-- |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
1 |
# encoding: utf-8 |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
2 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
3 |
import datetime |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
4 |
import werkzeug |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
5 |
import werkzeug.urls |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
6 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
7 |
import pvl.web |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
8 |
import pvl.web.response |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
9 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
10 |
from pvl.login import pubtkt |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
11 |
from pvl.web import urls, html |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
12 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
13 |
import logging; log = logging.getLogger('pvl.login.server')
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
14 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
15 |
class Handler (pvl.web.Handler) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
16 |
# Bootstrap |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
17 |
DOCTYPE = 'html' |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
18 |
HTML_XMLNS = None |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
19 |
HTML_LANG = 'en' |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
20 |
CSS = ( |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
21 |
'//netdna.bootstrapcdn.com/bootstrap/3.0.3/css/bootstrap.min.css', |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
22 |
) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
23 |
JS = ( |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
24 |
'//code.jquery.com/jquery.js', |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
25 |
'//netdna.bootstrapcdn.com/bootstrap/3.0.3/js/bootstrap.min.js', |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
26 |
) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
27 |
|
| 350 | 28 |
def redirect (self, *url, **params) : |
29 |
return pvl.web.response.redirect(self.url(*url, **params)) |
|
30 |
||
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
31 |
pubtkt = None |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
32 |
cookie_error = None |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
33 |
verify_error = None |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
34 |
|
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
35 |
def process_cookie (self) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
36 |
""" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
37 |
Reverse the urlencoding used for the cookie... |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
38 |
""" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
39 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
40 |
log.debug("cookies: %s", self.request.cookies)
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
41 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
42 |
cookie = self.request.cookies.get(self.app.cookie_name) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
43 |
|
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
44 |
if not cookie : |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
45 |
return |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
46 |
|
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
47 |
log.debug("cookie %s=%s", self.app.cookie_name, cookie)
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
48 |
|
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
49 |
cookie = werkzeug.urls.url_unquote(cookie) |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
50 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
51 |
log.debug("cookie decoded: %s", cookie)
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
52 |
|
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
53 |
if not cookie : |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
54 |
return |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
55 |
|
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
56 |
try : |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
57 |
self.pubtkt = self.app.load(cookie) |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
58 |
|
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
59 |
except pubtkt.ParseError as ex : |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
60 |
self.cookie_error = ex |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
61 |
|
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
62 |
except pubtkt.VerifyError as ex : |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
63 |
self.pubtkt = ex.pubtkt |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
64 |
self.verify_error = ex |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
65 |
|
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
66 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
67 |
class Index (Handler) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
68 |
TITLE = u"Päivölä Network Login" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
69 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
70 |
def process (self) : |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
71 |
self.process_cookie() |
| 350 | 72 |
|
73 |
if not self.pubtkt : |
|
74 |
return self.redirect(Login) |
|
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
75 |
|
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
76 |
def render_valid (self, valid) : |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
77 |
seconds = valid.seconds + valid.days * (24 * 60 * 60) |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
78 |
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
79 |
minutes, seconds = divmod(seconds, 60) |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
80 |
hours, minutes = divmod(minutes, 60) |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
81 |
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
82 |
return "%2d:%02d:%02d" % (hours, minutes, seconds) |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
83 |
|
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
84 |
def render_status (self, pubtkt) : |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
85 |
valid = pubtkt.valid() |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
86 |
grace = pubtkt.grace() |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
87 |
|
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
88 |
if valid and grace : |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
89 |
return 'success' |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
90 |
elif valid and grace is False : |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
91 |
return 'warning' |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
92 |
elif valid : |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
93 |
return 'success' |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
94 |
else : |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
95 |
return 'danger' |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
96 |
|
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
97 |
def render_pubtkt_fields (self, pubtkt) : |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
98 |
""" |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
99 |
Yield (glyphicon, text) to render as fields for ticket. |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
100 |
""" |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
101 |
|
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
102 |
yield 'user', None, "User account", pubtkt.uid |
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
103 |
|
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
104 |
valid = pubtkt.valid() |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
105 |
grace = pubtkt.grace() |
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
106 |
|
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
107 |
if valid and grace : |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
108 |
valid = "{valid} ({grace})".format(valid=self.render_valid(valid), grace=self.render_valid(grace))
|
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
109 |
valid_status = 'success' |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
110 |
elif valid and grace is False : |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
111 |
valid = "Renewable ({grace})".format(valid=self.render_valid(valid), grace=self.render_valid(grace))
|
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
112 |
valid_status = 'warning' |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
113 |
elif valid : |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
114 |
valid = "{valid}".format(valid=self.render_valid(valid))
|
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
115 |
valid_status = 'success' |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
116 |
else : |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
117 |
valid = "Expired" |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
118 |
valid_status = 'danger' |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
119 |
|
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
120 |
yield 'time', valid_status, "Remaining validity", valid |
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
121 |
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
122 |
if pubtkt.cip : |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
123 |
yield 'cloud', None, "Network address", pubtkt.cip |
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
124 |
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
125 |
if pubtkt.udata : |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
126 |
yield 'comment', None, "Associated data", pubtkt.udata |
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
127 |
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
128 |
for token in pubtkt.tokens : |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
129 |
yield 'flag', None, "Access token", token |
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
130 |
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
131 |
if pubtkt.bauth : |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
132 |
yield 'keys', None, "Authentication token", pubtkt.bauth |
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
133 |
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
134 |
def render_pubtkt (self, pubtkt) : |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
135 |
status = self.render_status(pubtkt) |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
136 |
|
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
137 |
return html.div(class_='panel panel-{status}'.format(status=status))(
|
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
138 |
html.div(class_='panel-heading')("Login: {pubtkt.uid}".format(pubtkt=self.pubtkt)),
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
139 |
html.ul(class_='list-group')( |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
140 |
html.li(class_='list-group-item {status}'.format(status=('alert-'+status if status else '')), title=title)(
|
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
141 |
html.span(class_='glyphicon glyphicon-{glyphicon}'.format(glyphicon=icon)) if icon else None,
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
142 |
info, |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
143 |
) for icon, status, title, info in self.render_pubtkt_fields(pubtkt) |
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
144 |
), |
| 350 | 145 |
html.div(class_='panel-footer')( |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
146 |
( |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
147 |
html.form(action=self.url(Login), method='post')( |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
148 |
html.button(type='submit', class_='btn btn-success')("Renew"),
|
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
149 |
) |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
150 |
) if pubtkt.valid() else ( |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
151 |
html.form(action=self.url(Login), method='get')( |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
152 |
html.button(type='submit', class_='btn btn-info')("Login"),
|
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
153 |
), |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
154 |
), |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
155 |
|
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
156 |
html.form(action=self.url(Logout), method='post')( |
| 350 | 157 |
html.button(type='submit', class_='btn btn-warning')("Logout"),
|
158 |
), |
|
159 |
), |
|
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
160 |
) |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
161 |
|
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
162 |
def render_info (self) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
163 |
if self.cookie_error : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
164 |
return ( |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
165 |
html.h2("Invalid cookie"),
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
166 |
html.p(self.cookie_error), |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
167 |
) |
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
168 |
|
| 350 | 169 |
return self.render_pubtkt(self.pubtkt) |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
170 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
171 |
def render (self) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
172 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
173 |
return html.div(class_='container')( |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
174 |
self.render_info(), |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
175 |
) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
176 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
177 |
class Login (Handler) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
178 |
TITLE = "Login" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
179 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
180 |
STYLE = """ |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
181 |
form#login {
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
182 |
max-width: 50%; |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
183 |
padding: 1em; |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
184 |
margin: 0 auto; |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
185 |
} |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
186 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
187 |
""" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
188 |
|
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
189 |
def process (self) : |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
190 |
self.process_cookie() |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
191 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
192 |
if self.request.method == 'POST' : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
193 |
back = self.app.login_server |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
194 |
username = self.request.form.get('username')
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
195 |
password = self.request.form.get('username')
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
196 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
197 |
if username and password : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
198 |
# preprocess |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
199 |
username = username.strip().lower() |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
200 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
201 |
try : |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
202 |
self.pubtkt = self.app.auth(username, password) |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
203 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
204 |
except pubtkt.Error as ex : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
205 |
self.auth_errors = ex |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
206 |
|
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
207 |
elif self.pubtkt and self.pubtkt.valid() : |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
208 |
# renew |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
209 |
self.app.renew(self.pubtkt) |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
210 |
|
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
211 |
else : |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
212 |
return |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
213 |
|
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
214 |
# browsers seem to be very particular about quoting ;'s in cookie values... |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
215 |
# this follows PHP's setcookie() encoding... |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
216 |
cookie = werkzeug.urls.url_quote(self.app.sign(self.pubtkt)) |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
217 |
|
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
218 |
# redirect with cookie |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
219 |
response = pvl.web.response.redirect(back) |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
220 |
|
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
221 |
response.set_cookie(self.app.cookie_name, cookie, |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
222 |
domain = self.app.cookie_domain, |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
223 |
secure = self.app.cookie_secure, |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
224 |
httponly = self.app.cookie_httponly, |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
225 |
) |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
226 |
|
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
227 |
return response |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
228 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
229 |
def render (self) : |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
230 |
if self.pubtkt : |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
231 |
username = self.pubtkt.uid |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
232 |
else : |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
233 |
username = None |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
234 |
|
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
235 |
domain = self.app.login_domain |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
236 |
|
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
237 |
return html.div(class_='container')( |
| 350 | 238 |
html.form(action=self.url(), method='POST', id='login')( |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
239 |
html.fieldset( |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
240 |
html.legend("Log in"),
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
241 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
242 |
html.div(class_='form-group')( |
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
243 |
html.div(class_='input-group')( |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
244 |
html.label(for_='username', class_='sr-only')("Username"),
|
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
245 |
html.input(name='username', type='text', class_='form-control', placeholder="username", required=True, autofocus=True, value=username), |
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
246 |
html.span(class_='input-group-addon')("@{domain}".format(domain=domain)),
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
247 |
), |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
248 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
249 |
html.label(for_='password', class_='sr-only')("Password"),
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
250 |
html.input(name='password', type='password', class_='form-control', placeholder="Password", required=True), |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
251 |
), |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
252 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
253 |
html.button(type='submit', class_='btn btn-primary')("Login"),
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
254 |
) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
255 |
) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
256 |
) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
257 |
|
| 350 | 258 |
class Logout (Handler) : |
259 |
TITLE = "Logout" |
|
260 |
||
261 |
def process (self) : |
|
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
262 |
self.process_cookie() |
| 350 | 263 |
|
264 |
if not self.pubtkt : |
|
265 |
return self.redirect(Index) |
|
266 |
||
267 |
if self.request.method == 'POST' : |
|
268 |
back = self.app.login_server |
|
269 |
||
270 |
response = pvl.web.response.redirect(back) |
|
271 |
||
272 |
response.set_cookie(self.app.cookie_name, '', |
|
273 |
expires = 0, |
|
274 |
domain = self.app.cookie_domain, |
|
275 |
secure = self.app.cookie_secure, |
|
276 |
httponly = self.app.cookie_httponly, |
|
277 |
) |
|
278 |
||
279 |
return response |
|
280 |
||
281 |
def render (self) : |
|
282 |
return html.div(class_='container')( |
|
283 |
html.form(action=self.url(), method='post')( |
|
284 |
html.fieldset( |
|
285 |
html.legend("Logout {pubtkt.uid}".format(pubtkt=self.pubtkt)),
|
|
286 |
||
287 |
html.button(type='submit', class_='btn btn-warning')("Logout"),
|
|
288 |
) |
|
289 |
) |
|
290 |
) |
|
291 |
||
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
292 |
class LoginApplication (pvl.web.Application) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
293 |
URLS = urls.Map(( |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
294 |
urls.rule('/', Index),
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
295 |
urls.rule('/login', Login),
|
| 350 | 296 |
urls.rule('/logout', Logout),
|
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
297 |
)) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
298 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
299 |
PUBLIC_KEY = 'etc/login/public.pem' |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
300 |
PRIVATE_KEY = 'etc/login/private.pem' |
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
301 |
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
302 |
login_domain = 'test.paivola.fi' |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
303 |
login_server = 'https://login.test.paivola.fi/' |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
304 |
login_expire = datetime.timedelta(seconds=60) |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
305 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
306 |
cookie_name = 'auth_pubtkt' |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
307 |
cookie_domain = 'test.paivola.fi' |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
308 |
cookie_secure = True |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
309 |
cookie_httponly = True |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
310 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
311 |
def __init__ (self, public_key=PUBLIC_KEY, private_key=PRIVATE_KEY, **opts) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
312 |
super(LoginApplication, self).__init__(**opts) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
313 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
314 |
self.server_keys = pubtkt.ServerKeys.config( |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
315 |
public_key = public_key, |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
316 |
private_key = private_key, |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
317 |
) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
318 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
319 |
def load (self, cookie) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
320 |
""" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
321 |
Load a pubtkt from a cookie, and verify it. |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
322 |
""" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
323 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
324 |
return pubtkt.PubTkt.load(cookie, self.server_keys.public) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
325 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
326 |
def auth (self, username, password) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
327 |
""" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
328 |
Perform authentication, returning a PubTkt, signed |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
329 |
""" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
330 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
331 |
return pubtkt.PubTkt.new(username, |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
332 |
expiry = self.login_expire, |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
333 |
) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
334 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
335 |
def sign (self, pubtkt) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
336 |
""" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
337 |
Create a cookie by signing the given pubtkt. |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
338 |
""" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
339 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
340 |
return pubtkt.sign(self.server_keys.private) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
341 |
|
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
342 |
def renew (self, pubtkt) : |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
343 |
""" |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
344 |
Renew and re-sign the given pubtkt. |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
345 |
""" |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
346 |
|
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
347 |
pubtkt.renew(self.login_expire) |