| author | Tero Marttila <terom@paivola.fi> |
| Mon, 13 Jan 2014 02:46:18 +0200 | |
| changeset 350 | 1ca04394c314 |
| parent 349 | 3c20473d0bdc |
| child 351 | 147f5e86b139 |
| permissions | -rw-r--r-- |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
1 |
# encoding: utf-8 |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
2 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
3 |
import datetime |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
4 |
import werkzeug |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
5 |
import werkzeug.urls |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
6 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
7 |
import pvl.web |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
8 |
import pvl.web.response |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
9 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
10 |
from pvl.login import pubtkt |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
11 |
from pvl.web import urls, html |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
12 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
13 |
import logging; log = logging.getLogger('pvl.login.server')
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
14 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
15 |
class Handler (pvl.web.Handler) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
16 |
# Bootstrap |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
17 |
DOCTYPE = 'html' |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
18 |
HTML_XMLNS = None |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
19 |
HTML_LANG = 'en' |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
20 |
CSS = ( |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
21 |
'//netdna.bootstrapcdn.com/bootstrap/3.0.3/css/bootstrap.min.css', |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
22 |
) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
23 |
JS = ( |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
24 |
'//code.jquery.com/jquery.js', |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
25 |
'//netdna.bootstrapcdn.com/bootstrap/3.0.3/js/bootstrap.min.js', |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
26 |
) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
27 |
|
| 350 | 28 |
def redirect (self, *url, **params) : |
29 |
return pvl.web.response.redirect(self.url(*url, **params)) |
|
30 |
||
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
31 |
def process_cookie (self) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
32 |
""" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
33 |
Reverse the urlencoding used for the cookie... |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
34 |
""" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
35 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
36 |
log.debug("cookies: %s", self.request.cookies)
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
37 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
38 |
cookie = self.request.cookies.get(self.app.cookie_name) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
39 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
40 |
log.debug("cookie %s=%s", self.app.cookie_name, cookie)
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
41 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
42 |
if cookie : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
43 |
cookie = werkzeug.urls.url_unquote(cookie) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
44 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
45 |
log.debug("cookie decoded: %s", cookie)
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
46 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
47 |
if cookie : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
48 |
return self.app.load(cookie) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
49 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
50 |
class Index (Handler) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
51 |
TITLE = u"Päivölä Network Login" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
52 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
53 |
pubtkt = None |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
54 |
cookie_error = None |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
55 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
56 |
def process (self) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
57 |
try : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
58 |
self.pubtkt = self.process_cookie() |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
59 |
except pubtkt.Error as ex : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
60 |
self.cookie_error = ex |
| 350 | 61 |
|
62 |
if not self.pubtkt : |
|
63 |
return self.redirect(Login) |
|
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
64 |
|
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
65 |
def render_valid (self, valid) : |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
66 |
seconds = valid.seconds + valid.days * (24 * 60 * 60) |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
67 |
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
68 |
minutes, seconds = divmod(seconds, 60) |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
69 |
hours, minutes = divmod(minutes, 60) |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
70 |
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
71 |
return "%2d:%02d:%02d" % (hours, minutes, seconds) |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
72 |
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
73 |
def render_pubtkt_fields (self, pubtkt) : |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
74 |
""" |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
75 |
Yield (glyphicon, text) to render as fields for ticket. |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
76 |
""" |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
77 |
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
78 |
yield 'user', "User account", pubtkt.uid |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
79 |
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
80 |
valid = self.render_valid(pubtkt.valid()) |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
81 |
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
82 |
if pubtkt.graceperiod : |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
83 |
valid = "{valid} ({grace})".format(valid=valid, grace=self.render_valid(pubtkt.grace()))
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
84 |
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
85 |
yield 'time', "Remaining validity", valid |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
86 |
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
87 |
if pubtkt.cip : |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
88 |
yield 'cloud', "Network address", pubtkt.cip |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
89 |
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
90 |
if pubtkt.udata : |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
91 |
yield 'comment', "Associated data", pubtkt.udata |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
92 |
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
93 |
for token in pubtkt.tokens : |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
94 |
yield 'flag', "Access token", token |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
95 |
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
96 |
if pubtkt.bauth : |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
97 |
yield 'keys', "Authentication token", pubtkt.bauth |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
98 |
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
99 |
def render_pubtkt (self, pubtkt) : |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
100 |
return html.div(class_='panel panel-info')( |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
101 |
html.div(class_='panel-heading')("Login: {pubtkt.uid}".format(pubtkt=self.pubtkt)),
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
102 |
html.div(class_='panel-body')( |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
103 |
"This is a valid login ticket.", |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
104 |
), |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
105 |
html.ul(class_='list-group')( |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
106 |
html.li(class_='list-group-item', title=title)( |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
107 |
html.span(class_='glyphicon glyphicon-{glyphicon}'.format(glyphicon=icon)) if icon else None,
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
108 |
info, |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
109 |
) for icon, title, info in self.render_pubtkt_fields(pubtkt) |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
110 |
), |
| 350 | 111 |
html.div(class_='panel-footer')( |
112 |
html.form(action='/logout', method='post')( |
|
113 |
html.button(type='submit', class_='btn btn-warning')("Logout"),
|
|
114 |
), |
|
115 |
), |
|
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
116 |
) |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
117 |
|
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
118 |
def render_info (self) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
119 |
if self.cookie_error : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
120 |
return ( |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
121 |
html.h2("Invalid cookie"),
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
122 |
html.p(self.cookie_error), |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
123 |
) |
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
124 |
|
| 350 | 125 |
return self.render_pubtkt(self.pubtkt) |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
126 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
127 |
def render (self) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
128 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
129 |
return html.div(class_='container')( |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
130 |
self.render_info(), |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
131 |
) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
132 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
133 |
class Login (Handler) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
134 |
TITLE = "Login" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
135 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
136 |
STYLE = """ |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
137 |
form#login {
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
138 |
max-width: 50%; |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
139 |
padding: 1em; |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
140 |
margin: 0 auto; |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
141 |
} |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
142 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
143 |
""" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
144 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
145 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
146 |
auth_error = None |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
147 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
148 |
def process (self) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
149 |
if self.request.method == 'POST' : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
150 |
back = self.app.login_server |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
151 |
username = self.request.form.get('username')
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
152 |
password = self.request.form.get('username')
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
153 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
154 |
if username and password : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
155 |
# preprocess |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
156 |
username = username.strip().lower() |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
157 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
158 |
try : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
159 |
pt = self.app.auth(username, password) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
160 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
161 |
except pubtkt.Error as ex : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
162 |
self.auth_errors = ex |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
163 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
164 |
else : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
165 |
# browsers seem to be very particular about quoting ;'s in cookie values... |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
166 |
# this follows PHP's setcookie() encoding... |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
167 |
cookie = werkzeug.urls.url_quote(self.app.sign(pt)) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
168 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
169 |
# redirect with cookie |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
170 |
response = pvl.web.response.redirect(back) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
171 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
172 |
response.set_cookie(self.app.cookie_name, cookie, |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
173 |
domain = self.app.cookie_domain, |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
174 |
secure = self.app.cookie_secure, |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
175 |
httponly = self.app.cookie_httponly, |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
176 |
) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
177 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
178 |
return response |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
179 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
180 |
def render (self) : |
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
181 |
domain = self.app.login_domain |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
182 |
|
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
183 |
return html.div(class_='container')( |
| 350 | 184 |
html.form(action=self.url(), method='POST', id='login')( |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
185 |
html.fieldset( |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
186 |
html.legend("Log in"),
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
187 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
188 |
html.div(class_='form-group')( |
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
189 |
html.div(class_='input-group')( |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
190 |
html.label(for_='username', class_='sr-only')("Username"),
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
191 |
html.input(name='username', type='text', class_='form-control', placeholder="username", required=True, autofocus=True), |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
192 |
html.span(class_='input-group-addon')("@{domain}".format(domain=domain)),
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
193 |
), |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
194 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
195 |
html.label(for_='password', class_='sr-only')("Password"),
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
196 |
html.input(name='password', type='password', class_='form-control', placeholder="Password", required=True), |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
197 |
), |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
198 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
199 |
html.button(type='submit', class_='btn btn-primary')("Login"),
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
200 |
) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
201 |
) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
202 |
) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
203 |
|
| 350 | 204 |
class Logout (Handler) : |
205 |
TITLE = "Logout" |
|
206 |
||
207 |
def process (self) : |
|
208 |
try : |
|
209 |
self.pubtkt = self.process_cookie() |
|
210 |
except Error as ex : |
|
211 |
self.pubtkt_error = ex |
|
212 |
self.pubtkt = ex.pubtkt |
|
213 |
||
214 |
if not self.pubtkt : |
|
215 |
return self.redirect(Index) |
|
216 |
||
217 |
if self.request.method == 'POST' : |
|
218 |
back = self.app.login_server |
|
219 |
||
220 |
response = pvl.web.response.redirect(back) |
|
221 |
||
222 |
response.set_cookie(self.app.cookie_name, '', |
|
223 |
expires = 0, |
|
224 |
domain = self.app.cookie_domain, |
|
225 |
secure = self.app.cookie_secure, |
|
226 |
httponly = self.app.cookie_httponly, |
|
227 |
) |
|
228 |
||
229 |
return response |
|
230 |
||
231 |
def render (self) : |
|
232 |
return html.div(class_='container')( |
|
233 |
html.form(action=self.url(), method='post')( |
|
234 |
html.fieldset( |
|
235 |
html.legend("Logout {pubtkt.uid}".format(pubtkt=self.pubtkt)),
|
|
236 |
||
237 |
html.button(type='submit', class_='btn btn-warning')("Logout"),
|
|
238 |
) |
|
239 |
) |
|
240 |
) |
|
241 |
||
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
242 |
class LoginApplication (pvl.web.Application) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
243 |
URLS = urls.Map(( |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
244 |
urls.rule('/', Index),
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
245 |
urls.rule('/login', Login),
|
| 350 | 246 |
urls.rule('/logout', Logout),
|
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
247 |
)) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
248 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
249 |
PUBLIC_KEY = 'etc/login/public.pem' |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
250 |
PRIVATE_KEY = 'etc/login/private.pem' |
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
251 |
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
252 |
login_domain = 'test.paivola.fi' |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
253 |
login_server = 'https://login.test.paivola.fi/' |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
254 |
login_expire = datetime.timedelta(hours=1) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
255 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
256 |
cookie_name = 'auth_pubtkt' |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
257 |
cookie_domain = 'test.paivola.fi' |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
258 |
cookie_secure = True |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
259 |
cookie_httponly = True |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
260 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
261 |
def __init__ (self, public_key=PUBLIC_KEY, private_key=PRIVATE_KEY, **opts) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
262 |
super(LoginApplication, self).__init__(**opts) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
263 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
264 |
self.server_keys = pubtkt.ServerKeys.config( |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
265 |
public_key = public_key, |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
266 |
private_key = private_key, |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
267 |
) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
268 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
269 |
def load (self, cookie) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
270 |
""" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
271 |
Load a pubtkt from a cookie, and verify it. |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
272 |
""" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
273 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
274 |
return pubtkt.PubTkt.load(cookie, self.server_keys.public) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
275 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
276 |
def auth (self, username, password) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
277 |
""" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
278 |
Perform authentication, returning a PubTkt, signed |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
279 |
""" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
280 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
281 |
return pubtkt.PubTkt.new(username, |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
282 |
expiry = self.login_expire, |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
283 |
) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
284 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
285 |
def sign (self, pubtkt) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
286 |
""" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
287 |
Create a cookie by signing the given pubtkt. |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
288 |
""" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
289 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
290 |
return pubtkt.sign(self.server_keys.private) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
291 |