| author | Tero Marttila <terom@fixme.fi> |
| Mon, 10 Mar 2014 18:27:58 +0200 | |
| changeset 378 | 3fed153a1fe6 |
| parent 371 | 8c17eb11858f |
| permissions | -rw-r--r-- |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
1 |
import base64 |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
2 |
import calendar |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
3 |
import datetime |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
4 |
import ipaddr |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
5 |
import hashlib |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
6 |
import M2Crypto |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
7 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
8 |
import logging; log = logging.getLogger('pvl.login.pubtkt')
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
9 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
10 |
def datetime2unix (dt) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
11 |
""" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
12 |
datetime.datetime -> float |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
13 |
""" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
14 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
15 |
return calendar.timegm(dt.utctimetuple()) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
16 |
|
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
349
diff
changeset
|
17 |
def unix2datetime (unix) : |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
349
diff
changeset
|
18 |
return datetime.datetime.utcfromtimestamp(unix) |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
349
diff
changeset
|
19 |
|
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
20 |
class Error (Exception) : |
|
370
184917c7d4d4
pvl.login: update access on renew
Tero Marttila <terom@paivola.fi>
parents:
369
diff
changeset
|
21 |
""" |
|
184917c7d4d4
pvl.login: update access on renew
Tero Marttila <terom@paivola.fi>
parents:
369
diff
changeset
|
22 |
Error |
|
184917c7d4d4
pvl.login: update access on renew
Tero Marttila <terom@paivola.fi>
parents:
369
diff
changeset
|
23 |
""" |
|
184917c7d4d4
pvl.login: update access on renew
Tero Marttila <terom@paivola.fi>
parents:
369
diff
changeset
|
24 |
|
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
25 |
def __init__ (self, error) : |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
26 |
self.error = error |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
27 |
|
|
370
184917c7d4d4
pvl.login: update access on renew
Tero Marttila <terom@paivola.fi>
parents:
369
diff
changeset
|
28 |
def __unicode__ (self) : |
|
184917c7d4d4
pvl.login: update access on renew
Tero Marttila <terom@paivola.fi>
parents:
369
diff
changeset
|
29 |
return u"{doc}: {self.error}".format(self=self, doc=self.__doc__.strip())
|
|
184917c7d4d4
pvl.login: update access on renew
Tero Marttila <terom@paivola.fi>
parents:
369
diff
changeset
|
30 |
|
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
31 |
class ParseError (Error) : |
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
32 |
""" |
|
370
184917c7d4d4
pvl.login: update access on renew
Tero Marttila <terom@paivola.fi>
parents:
369
diff
changeset
|
33 |
Unable to parse PubTkt from cookie |
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
34 |
""" |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
35 |
|
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
36 |
class VerifyError (Error) : |
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
37 |
""" |
|
370
184917c7d4d4
pvl.login: update access on renew
Tero Marttila <terom@paivola.fi>
parents:
369
diff
changeset
|
38 |
Invalid login token sigunature |
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
39 |
""" |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
40 |
|
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
41 |
def __init__ (self, pubtkt, error) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
42 |
self.pubtkt = pubtkt |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
43 |
self.error = error |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
44 |
|
|
371
8c17eb11858f
pvl.login.pubtkt: ExpiredError is not a VerifyError, and use valid()
Tero Marttila <terom@paivola.fi>
parents:
370
diff
changeset
|
45 |
class ExpiredError (Error) : |
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
46 |
""" |
|
370
184917c7d4d4
pvl.login: update access on renew
Tero Marttila <terom@paivola.fi>
parents:
369
diff
changeset
|
47 |
Login token has expired |
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
48 |
""" |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
49 |
|
|
370
184917c7d4d4
pvl.login: update access on renew
Tero Marttila <terom@paivola.fi>
parents:
369
diff
changeset
|
50 |
def __init__ (self, pubtkt, expire) : |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
51 |
self.pubtkt = pubtkt |
|
370
184917c7d4d4
pvl.login: update access on renew
Tero Marttila <terom@paivola.fi>
parents:
369
diff
changeset
|
52 |
self.error = expire |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
53 |
|
|
370
184917c7d4d4
pvl.login: update access on renew
Tero Marttila <terom@paivola.fi>
parents:
369
diff
changeset
|
54 |
class RenewError (Error) : |
|
184917c7d4d4
pvl.login: update access on renew
Tero Marttila <terom@paivola.fi>
parents:
369
diff
changeset
|
55 |
""" |
|
184917c7d4d4
pvl.login: update access on renew
Tero Marttila <terom@paivola.fi>
parents:
369
diff
changeset
|
56 |
Unable to renew login token |
|
184917c7d4d4
pvl.login: update access on renew
Tero Marttila <terom@paivola.fi>
parents:
369
diff
changeset
|
57 |
""" |
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
58 |
|
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
59 |
class ServerError (Error) : |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
60 |
""" |
|
370
184917c7d4d4
pvl.login: update access on renew
Tero Marttila <terom@paivola.fi>
parents:
369
diff
changeset
|
61 |
Login request from invalid server |
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
62 |
""" |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
63 |
|
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
64 |
class ServerKeys (object) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
65 |
@classmethod |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
66 |
def config (cls, public_key, private_key) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
67 |
return cls( |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
68 |
public = M2Crypto.RSA.load_pub_key(public_key), |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
69 |
private = M2Crypto.RSA.load_key(private_key), |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
70 |
) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
71 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
72 |
def __init__ (self, public, private) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
73 |
self.public = public |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
74 |
self.private = private |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
75 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
76 |
class PubTkt (object) : |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
349
diff
changeset
|
77 |
@staticmethod |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
349
diff
changeset
|
78 |
def now () : |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
349
diff
changeset
|
79 |
return datetime.datetime.utcnow() |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
349
diff
changeset
|
80 |
|
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
81 |
@classmethod |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
82 |
def load (cls, cookie, public_key) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
83 |
""" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
84 |
Load and verify a pubtkt from a cookie. |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
85 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
86 |
Raise ParseError, VerifyError. |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
87 |
""" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
88 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
89 |
pubtkt, hash, sig = cls.parse(cookie) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
90 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
91 |
log.debug("parsed %s hash=%s sig=%s", pubtkt, hash.encode('hex'), sig.encode('hex'))
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
92 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
93 |
try : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
94 |
if not public_key.verify(hash, sig, 'sha1') : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
95 |
raise VerifyError(pubtkt, "Unable to verify signature") |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
96 |
except M2Crypto.RSA.RSAError as ex : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
97 |
raise VerifyError(pubtkt, str(ex)) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
98 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
99 |
|
|
371
8c17eb11858f
pvl.login.pubtkt: ExpiredError is not a VerifyError, and use valid()
Tero Marttila <terom@paivola.fi>
parents:
370
diff
changeset
|
100 |
log.debug("checking expiry %s", pubtkt.validuntil)
|
|
8c17eb11858f
pvl.login.pubtkt: ExpiredError is not a VerifyError, and use valid()
Tero Marttila <terom@paivola.fi>
parents:
370
diff
changeset
|
101 |
|
|
8c17eb11858f
pvl.login.pubtkt: ExpiredError is not a VerifyError, and use valid()
Tero Marttila <terom@paivola.fi>
parents:
370
diff
changeset
|
102 |
if not pubtkt.valid() : |
|
370
184917c7d4d4
pvl.login: update access on renew
Tero Marttila <terom@paivola.fi>
parents:
369
diff
changeset
|
103 |
raise ExpiredError(pubtkt, pubtkt.validuntil) |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
104 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
105 |
return pubtkt |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
106 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
107 |
@classmethod |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
108 |
def parse (cls, cookie) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
109 |
""" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
110 |
Load a pubtkt from a cookie |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
111 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
112 |
Raises ParseError. |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
113 |
""" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
114 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
115 |
if ';sig=' in cookie : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
116 |
data, sig = cookie.rsplit(';sig=', 1)
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
117 |
else : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
118 |
raise ParseError("Missing signature")
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
119 |
|
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
120 |
try : |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
121 |
sig = base64.b64decode(sig) |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
122 |
except (ValueError, TypeError) as ex : |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
123 |
raise ParseError("Invalid signature")
|
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
124 |
|
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
125 |
hash = hashlib.sha1(data).digest() |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
126 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
127 |
try : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
128 |
attrs = dict(field.split('=', 1) for field in data.split(';'))
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
129 |
except ValueError as ex : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
130 |
raise ParseError(str(ex)) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
131 |
|
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
132 |
if 'uid' not in attrs or 'validuntil' not in attrs : |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
133 |
raise ParseError("Missing parameters in cookie (uid, validuntil)")
|
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
134 |
|
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
135 |
try : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
136 |
return cls.build(**attrs), hash, sig |
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
137 |
except TypeError as ex : |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
138 |
raise ParseError("Invalid or missing parameters in cookie")
|
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
139 |
except ValueError as ex : |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
140 |
raise ParseError(str(ex)) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
141 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
142 |
@classmethod |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
143 |
def build (cls, uid, validuntil, cip=None, tokens=None, udata=None, graceperiod=None, bauth=None) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
144 |
""" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
145 |
Build a pubtkt from items. |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
146 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
147 |
Raises TypeError or ValueError.. |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
148 |
""" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
149 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
150 |
return cls(uid, |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
349
diff
changeset
|
151 |
validuntil = unix2datetime(int(validuntil)), |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
152 |
cip = ipaddr.IPAddress(cip) if cip else None, |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
153 |
tokens = tokens.split(',') if tokens else (),
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
154 |
udata = udata, |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
349
diff
changeset
|
155 |
graceperiod = unix2datetime(int(graceperiod)) if graceperiod else None, |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
156 |
bauth = bauth, |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
157 |
) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
158 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
159 |
@classmethod |
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
160 |
def new (cls, uid, valid, grace=None, **opts) : |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
349
diff
changeset
|
161 |
now = cls.now() |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
162 |
|
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
163 |
return cls(uid, now + valid, |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
164 |
graceperiod = now + grace if grace else None, |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
165 |
**opts |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
166 |
) |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
167 |
|
|
370
184917c7d4d4
pvl.login: update access on renew
Tero Marttila <terom@paivola.fi>
parents:
369
diff
changeset
|
168 |
def update (self, valid, grace, cip=None, tokens=None, udata=None, bauth=None) : |
|
184917c7d4d4
pvl.login: update access on renew
Tero Marttila <terom@paivola.fi>
parents:
369
diff
changeset
|
169 |
now = self.now() |
|
184917c7d4d4
pvl.login: update access on renew
Tero Marttila <terom@paivola.fi>
parents:
369
diff
changeset
|
170 |
|
|
184917c7d4d4
pvl.login: update access on renew
Tero Marttila <terom@paivola.fi>
parents:
369
diff
changeset
|
171 |
return type(self)(self.uid, now + valid, |
|
184917c7d4d4
pvl.login: update access on renew
Tero Marttila <terom@paivola.fi>
parents:
369
diff
changeset
|
172 |
graceperiod = now + grace if grace else None, |
|
184917c7d4d4
pvl.login: update access on renew
Tero Marttila <terom@paivola.fi>
parents:
369
diff
changeset
|
173 |
cip = self.cip if cip is None else cip, |
|
184917c7d4d4
pvl.login: update access on renew
Tero Marttila <terom@paivola.fi>
parents:
369
diff
changeset
|
174 |
tokens = self.tokens if tokens is None else tokens, |
|
184917c7d4d4
pvl.login: update access on renew
Tero Marttila <terom@paivola.fi>
parents:
369
diff
changeset
|
175 |
udata = self.udata if udata is None else udata, |
|
184917c7d4d4
pvl.login: update access on renew
Tero Marttila <terom@paivola.fi>
parents:
369
diff
changeset
|
176 |
bauth = self.bauth if bauth is None else bauth, |
|
184917c7d4d4
pvl.login: update access on renew
Tero Marttila <terom@paivola.fi>
parents:
369
diff
changeset
|
177 |
) |
|
184917c7d4d4
pvl.login: update access on renew
Tero Marttila <terom@paivola.fi>
parents:
369
diff
changeset
|
178 |
|
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
179 |
def __init__ (self, uid, validuntil, cip=None, tokens=(), udata=None, graceperiod=None, bauth=None) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
180 |
self.uid = uid |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
181 |
self.validuntil = validuntil |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
182 |
self.cip = cip |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
183 |
self.tokens = tokens |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
184 |
self.udata = udata |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
185 |
self.graceperiod = graceperiod |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
186 |
self.bauth = bauth |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
187 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
188 |
def iteritems (self) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
189 |
yield 'uid', self.uid |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
190 |
yield 'validuntil', int(datetime2unix(self.validuntil)) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
191 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
192 |
if self.cip : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
193 |
yield 'cip', self.cip |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
194 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
195 |
if self.tokens : |
|
369
e6d0e8a967ac
pvl.login: ldap access (tokens) and userdata support
Tero Marttila <terom@paivola.fi>
parents:
366
diff
changeset
|
196 |
yield 'tokens', ','.join(str(token) for token in self.tokens) |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
197 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
198 |
if self.udata : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
199 |
yield 'udata', self.udata |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
200 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
201 |
if self.graceperiod : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
202 |
yield 'graceperiod', int(datetime2unix(self.graceperiod)) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
203 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
204 |
if self.bauth : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
205 |
yield 'bauth', self.bauth |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
206 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
207 |
def __str__ (self) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
208 |
""" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
209 |
The (unsigned) pubtkt |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
210 |
""" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
211 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
212 |
return ';'.join('%s=%s' % (key, value) for key, value in self.iteritems())
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
213 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
214 |
def sign (self, private_key) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
215 |
data = str(self) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
216 |
hash = hashlib.sha1(data).digest() |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
217 |
sign = private_key.sign(hash, 'sha1') |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
218 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
219 |
return '%s;sig=%s' % (self, base64.b64encode(sign)) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
220 |
|
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
221 |
def valid (self) : |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
222 |
""" |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
223 |
Return remaining ticket validity. |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
224 |
""" |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
225 |
|
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
349
diff
changeset
|
226 |
now = self.now() |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
349
diff
changeset
|
227 |
|
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
349
diff
changeset
|
228 |
if self.validuntil > now : |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
349
diff
changeset
|
229 |
return self.validuntil - now |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
349
diff
changeset
|
230 |
else : |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
349
diff
changeset
|
231 |
return False |
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
232 |
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
233 |
def grace (self) : |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
234 |
""" |
|
356
90697e60bf28
pvl.login.PubTkt: change grace() to return timedelta within grace period
Tero Marttila <terom@paivola.fi>
parents:
354
diff
changeset
|
235 |
Return remaining grace period. |
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
236 |
""" |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
349
diff
changeset
|
237 |
|
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
349
diff
changeset
|
238 |
now = self.now() |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
349
diff
changeset
|
239 |
|
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
349
diff
changeset
|
240 |
if not self.graceperiod : |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
349
diff
changeset
|
241 |
return None |
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
242 |
|
|
356
90697e60bf28
pvl.login.PubTkt: change grace() to return timedelta within grace period
Tero Marttila <terom@paivola.fi>
parents:
354
diff
changeset
|
243 |
elif now < self.graceperiod : |
|
90697e60bf28
pvl.login.PubTkt: change grace() to return timedelta within grace period
Tero Marttila <terom@paivola.fi>
parents:
354
diff
changeset
|
244 |
# still valid |
|
90697e60bf28
pvl.login.PubTkt: change grace() to return timedelta within grace period
Tero Marttila <terom@paivola.fi>
parents:
354
diff
changeset
|
245 |
return None |
|
90697e60bf28
pvl.login.PubTkt: change grace() to return timedelta within grace period
Tero Marttila <terom@paivola.fi>
parents:
354
diff
changeset
|
246 |
|
|
90697e60bf28
pvl.login.PubTkt: change grace() to return timedelta within grace period
Tero Marttila <terom@paivola.fi>
parents:
354
diff
changeset
|
247 |
elif now < self.validuntil : |
|
90697e60bf28
pvl.login.PubTkt: change grace() to return timedelta within grace period
Tero Marttila <terom@paivola.fi>
parents:
354
diff
changeset
|
248 |
# positive |
|
90697e60bf28
pvl.login.PubTkt: change grace() to return timedelta within grace period
Tero Marttila <terom@paivola.fi>
parents:
354
diff
changeset
|
249 |
return self.validuntil - now |
|
90697e60bf28
pvl.login.PubTkt: change grace() to return timedelta within grace period
Tero Marttila <terom@paivola.fi>
parents:
354
diff
changeset
|
250 |
|
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
349
diff
changeset
|
251 |
else : |
|
356
90697e60bf28
pvl.login.PubTkt: change grace() to return timedelta within grace period
Tero Marttila <terom@paivola.fi>
parents:
354
diff
changeset
|
252 |
# expired |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
349
diff
changeset
|
253 |
return False |
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
254 |
|
|
364
b1689d86f5ac
pvl.login.PubTkt: remaining() for pre-graceperiod renewal
Tero Marttila <terom@paivola.fi>
parents:
356
diff
changeset
|
255 |
def remaining (self) : |
|
b1689d86f5ac
pvl.login.PubTkt: remaining() for pre-graceperiod renewal
Tero Marttila <terom@paivola.fi>
parents:
356
diff
changeset
|
256 |
""" |
|
b1689d86f5ac
pvl.login.PubTkt: remaining() for pre-graceperiod renewal
Tero Marttila <terom@paivola.fi>
parents:
356
diff
changeset
|
257 |
Return remaining validity before grace. |
|
b1689d86f5ac
pvl.login.PubTkt: remaining() for pre-graceperiod renewal
Tero Marttila <terom@paivola.fi>
parents:
356
diff
changeset
|
258 |
""" |
|
b1689d86f5ac
pvl.login.PubTkt: remaining() for pre-graceperiod renewal
Tero Marttila <terom@paivola.fi>
parents:
356
diff
changeset
|
259 |
|
|
b1689d86f5ac
pvl.login.PubTkt: remaining() for pre-graceperiod renewal
Tero Marttila <terom@paivola.fi>
parents:
356
diff
changeset
|
260 |
now = self.now() |
|
b1689d86f5ac
pvl.login.PubTkt: remaining() for pre-graceperiod renewal
Tero Marttila <terom@paivola.fi>
parents:
356
diff
changeset
|
261 |
|
|
b1689d86f5ac
pvl.login.PubTkt: remaining() for pre-graceperiod renewal
Tero Marttila <terom@paivola.fi>
parents:
356
diff
changeset
|
262 |
if not self.graceperiod : |
|
b1689d86f5ac
pvl.login.PubTkt: remaining() for pre-graceperiod renewal
Tero Marttila <terom@paivola.fi>
parents:
356
diff
changeset
|
263 |
return self.valid() |
|
b1689d86f5ac
pvl.login.PubTkt: remaining() for pre-graceperiod renewal
Tero Marttila <terom@paivola.fi>
parents:
356
diff
changeset
|
264 |
|
|
b1689d86f5ac
pvl.login.PubTkt: remaining() for pre-graceperiod renewal
Tero Marttila <terom@paivola.fi>
parents:
356
diff
changeset
|
265 |
elif now < self.graceperiod : |
|
b1689d86f5ac
pvl.login.PubTkt: remaining() for pre-graceperiod renewal
Tero Marttila <terom@paivola.fi>
parents:
356
diff
changeset
|
266 |
return self.graceperiod - now |
|
b1689d86f5ac
pvl.login.PubTkt: remaining() for pre-graceperiod renewal
Tero Marttila <terom@paivola.fi>
parents:
356
diff
changeset
|
267 |
|
|
b1689d86f5ac
pvl.login.PubTkt: remaining() for pre-graceperiod renewal
Tero Marttila <terom@paivola.fi>
parents:
356
diff
changeset
|
268 |
else : |
|
b1689d86f5ac
pvl.login.PubTkt: remaining() for pre-graceperiod renewal
Tero Marttila <terom@paivola.fi>
parents:
356
diff
changeset
|
269 |
# expired |
|
b1689d86f5ac
pvl.login.PubTkt: remaining() for pre-graceperiod renewal
Tero Marttila <terom@paivola.fi>
parents:
356
diff
changeset
|
270 |
return False |
|
b1689d86f5ac
pvl.login.PubTkt: remaining() for pre-graceperiod renewal
Tero Marttila <terom@paivola.fi>
parents:
356
diff
changeset
|
271 |
|
|
366
af3833864b89
pvl.login.PubTkt: grace_period() for the fixed length of the grace period
Tero Marttila <terom@paivola.fi>
parents:
364
diff
changeset
|
272 |
def grace_period (self) : |
|
af3833864b89
pvl.login.PubTkt: grace_period() for the fixed length of the grace period
Tero Marttila <terom@paivola.fi>
parents:
364
diff
changeset
|
273 |
""" |
|
af3833864b89
pvl.login.PubTkt: grace_period() for the fixed length of the grace period
Tero Marttila <terom@paivola.fi>
parents:
364
diff
changeset
|
274 |
Return the length of the grace period. |
|
af3833864b89
pvl.login.PubTkt: grace_period() for the fixed length of the grace period
Tero Marttila <terom@paivola.fi>
parents:
364
diff
changeset
|
275 |
""" |
|
af3833864b89
pvl.login.PubTkt: grace_period() for the fixed length of the grace period
Tero Marttila <terom@paivola.fi>
parents:
364
diff
changeset
|
276 |
|
|
af3833864b89
pvl.login.PubTkt: grace_period() for the fixed length of the grace period
Tero Marttila <terom@paivola.fi>
parents:
364
diff
changeset
|
277 |
if self.graceperiod : |
|
af3833864b89
pvl.login.PubTkt: grace_period() for the fixed length of the grace period
Tero Marttila <terom@paivola.fi>
parents:
364
diff
changeset
|
278 |
return self.validuntil - self.graceperiod |
|
af3833864b89
pvl.login.PubTkt: grace_period() for the fixed length of the grace period
Tero Marttila <terom@paivola.fi>
parents:
364
diff
changeset
|
279 |
else : |
|
af3833864b89
pvl.login.PubTkt: grace_period() for the fixed length of the grace period
Tero Marttila <terom@paivola.fi>
parents:
364
diff
changeset
|
280 |
return None |
|
af3833864b89
pvl.login.PubTkt: grace_period() for the fixed length of the grace period
Tero Marttila <terom@paivola.fi>
parents:
364
diff
changeset
|
281 |
|
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
282 |
def renew (self, valid, grace=None) : |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
349
diff
changeset
|
283 |
if not self.valid() : |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
349
diff
changeset
|
284 |
raise ExpiredError(self, "Unable to renew expired pubtkt") |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
349
diff
changeset
|
285 |
|
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
286 |
now = self.now() |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
349
diff
changeset
|
287 |
|
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
288 |
self.validuntil = now + valid |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
289 |
self.graceperiod = now + grace if grace else None |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
290 |
|
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
291 |