pvl-verkko: pvl/login/server.py@70bcd6f1fa4a (annotated)

348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	1	# encoding: utf-8
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	2
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	3	import datetime
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	4	import urlparse
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	5	import werkzeug
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	6	import werkzeug.urls
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	7
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	8	import pvl.web
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	9	import pvl.web.response
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	10
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	11	from pvl.login import pubtkt
359 70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	12	from pvl.web import urls
70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	13	from pvl.web import html5 as html
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	14
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	15	import logging; log = logging.getLogger('pvl.login.server')
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	16
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	17	class Handler (pvl.web.Handler) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	18	# Bootstrap
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	19	DOCTYPE = 'html'
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	20	HTML_XMLNS = None
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	21	HTML_LANG = 'en'
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	22	CSS = (
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	23	'//netdna.bootstrapcdn.com/bootstrap/3.0.3/css/bootstrap.min.css',
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	24	)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	25	JS = (
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	26	'//code.jquery.com/jquery.js',
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	27	'//netdna.bootstrapcdn.com/bootstrap/3.0.3/js/bootstrap.min.js',
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	28	)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	29
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	30	STYLE = """
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	31	body {
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	32	padding-top: 2em;
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	33	text-align: center;
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	34	}
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	35
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	36	.container {
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	37	padding: 2em 1em;
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	38	text-align: left;
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	39	}
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	40	"""
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	41
350 1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	42	def redirect (self, url, *params) :
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	43	return pvl.web.response.redirect(self.url(url, *params))
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	44
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	45	pubtkt = None
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	46
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	47	def init (self) :
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	48	self.alerts = []
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	49
359 70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	50	def alert (self, type, alert, icon=None) :
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	51	log.info(u"%s: %s", type, alert)
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	52
359 70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	53	self.alerts.append((type, icon, unicode(alert)))
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	54
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	55	def process_cookie (self) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	56	"""
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	57	Reverse the urlencoding used for the cookie...
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	58	"""
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	59
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	60	log.debug("cookies: %s", self.request.cookies)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	61
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	62	cookie = self.request.cookies.get(self.app.cookie_name)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	63
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	64	if not cookie :
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	65	return
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	66
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	67	log.debug("cookie %s=%s", self.app.cookie_name, cookie)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	68
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	69	cookie = werkzeug.urls.url_unquote(cookie)
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	70
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	71	log.debug("cookie decoded: %s", cookie)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	72
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	73	if not cookie :
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	74	return
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	75
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	76	try :
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	77	self.pubtkt = self.app.load(cookie)
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	78
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	79	except pubtkt.ParseError as ex :
359 70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	80	self.alert('danger', ex, icon='compare')
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	81
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	82	except pubtkt.ExpiredError as ex :
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	83	self.pubtkt = ex.pubtkt
359 70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	84	self.alert('warning', ex, icon='clock')
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	85
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	86	except pubtkt.VerifyError as ex :
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	87	self.pubtkt = ex.pubtkt
359 70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	88	self.alert('danger', ex, icon='warning-sign')
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	89
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	90	def process_back (self) :
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	91	self.server = None
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	92	self.back = urlparse.urlunparse((self.app.login_scheme, self.app.login_server, '/', '', '', ''))
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	93
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	94	back = self.request.args.get('back')
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	95
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	96	if back :
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	97	url = urlparse.urlparse(back, self.app.login_scheme)
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	98
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	99	if not self.app.login_scheme :
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	100	scheme = url.scheme
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	101
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	102	elif url.scheme == self.app.login_scheme :
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	103	scheme = url.scheme
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	104
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	105	else :
359 70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	106	self.alert('info', "Using SSL for application URL", icon='lock')
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	107	scheme = self.app.login_scheme
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	108
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	109	self.server = self.app.check_server(url.hostname)
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	110	self.back = urlparse.urlunparse((scheme, self.server, url.path, url.params, url.query, url.fragment))
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	111
359 70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	112	def render_alerts (self) :
70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	113	for type, icon, alert in self.alerts :
70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	114	yield html.div(class_='alert alert-{type}'.format(type=type))(
70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	115	html.span(class_='glyphicon glyphicon-{glyphicon}'.format(glyphicon=icon)) if icon else None,
70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	116	alert
70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	117	)
70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	118
70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	119
70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	120
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	121	class Index (Handler) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	122	TITLE = u"Päivölä Network Login"
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	123
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	124	STYLE = Handler.STYLE + """
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	125	.pubtkt {
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	126	width: 30em;
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	127	margin: 1em auto;
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	128	}
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	129
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	130	.pubtkt form {
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	131	display: inline;
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	132	}
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	133	"""
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	134
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	135	def process (self) :
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	136	self.process_cookie()
350 1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	137
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	138	if not self.pubtkt :
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	139	return self.redirect(Login)
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	140
349 3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	141	def render_valid (self, valid) :
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	142	seconds = valid.seconds + valid.days * (24 * 60 * 60)
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	143
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	144	minutes, seconds = divmod(seconds, 60)
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	145	hours, minutes = divmod(minutes, 60)
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	146
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	147	return "%2d:%02d:%02d" % (hours, minutes, seconds)
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	148
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	149	def render_status (self, pubtkt) :
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	150	valid = pubtkt.valid()
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	151	grace = pubtkt.grace()
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	152
357 f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	153	if grace :
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	154	return 'warning'
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	155	elif valid :
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	156	return 'success'
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	157	else :
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	158	return 'danger'
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	159
349 3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	160	def render_pubtkt_fields (self, pubtkt) :
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	161	"""
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	162	Yield (glyphicon, text) to render as fields for ticket.
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	163	"""
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	164
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	165	yield 'user', None, "User account", pubtkt.uid
349 3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	166
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	167	valid = pubtkt.valid()
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	168	grace = pubtkt.grace()
349 3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	169
357 f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	170	if grace :
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	171	valid = "{grace} (Renew)".format(grace=self.render_valid(grace))
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	172	valid_status = 'warning'
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	173	elif valid :
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	174	valid = "{valid}".format(valid=self.render_valid(valid))
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	175	valid_status = 'success'
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	176	else :
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	177	valid = "Expired"
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	178	valid_status = 'danger'
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	179
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	180	yield 'time', valid_status, "Remaining validity", valid
349 3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	181
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	182	if pubtkt.cip :
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	183	yield 'cloud', None, "Network address", pubtkt.cip
349 3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	184
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	185	if pubtkt.udata :
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	186	yield 'comment', None, "Associated data", pubtkt.udata
349 3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	187
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	188	for token in pubtkt.tokens :
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	189	yield 'flag', None, "Access token", token
349 3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	190
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	191	if pubtkt.bauth :
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	192	yield 'keys', None, "Authentication token", pubtkt.bauth
349 3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	193
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	194	def render_pubtkt (self, pubtkt) :
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	195	status = self.render_status(pubtkt)
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	196
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	197	return html.div(class_='pubtkt panel panel-{status}'.format(status=status))(
349 3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	198	html.div(class_='panel-heading')("Login: {pubtkt.uid}".format(pubtkt=self.pubtkt)),
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	199	html.ul(class_='list-group')(
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	200	html.li(class_='list-group-item {status}'.format(status=('alert-'+status if status else '')), title=title)(
349 3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	201	html.span(class_='glyphicon glyphicon-{glyphicon}'.format(glyphicon=icon)) if icon else None,
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	202	info,
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	203	) for icon, status, title, info in self.render_pubtkt_fields(pubtkt)
349 3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	204	),
350 1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	205	html.div(class_='panel-footer')(
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	206	#html.div(class_='btn-toolbar', role='toolbar')(
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	207	(
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	208	html.form(action=self.url(Login), method='post', class_='form-inline')(
359 70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	209	html.button(type='submit', class_='btn btn-success')(
70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	210	html.span(class_='glyphicon glyphicon-time'), "Renew"
70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	211	)
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	212	)
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	213	) if pubtkt.valid() else (
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	214	html.form(action=self.url(Login), method='get', class_='form-inline')(
359 70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	215	html.button(type='submit', class_='btn btn-info')(
70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	216	html.span(class_='glyphicon glyphicon-log-in'), "Login"
70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	217	)
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	218	),
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	219	),
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	220
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	221	html.form(action=self.url(Logout), method='post', class_='form-inline pull-right')(
359 70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	222	html.button(type='submit', class_='btn btn-warning')(
70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	223	html.span(class_='glyphicon glyphicon-log-out'), "Logout"
70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	224	)
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	225	),
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	226	#),
350 1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	227	),
349 3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	228	)
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	229
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	230	def render (self) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	231	return html.div(class_='container')(
359 70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	232	self.render_alerts(),
70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	233	self.render_pubtkt(self.pubtkt) if self.pubtkt else None,
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	234	)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	235
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	236	class Login (Handler) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	237	TITLE = "Login"
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	238
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	239	STYLE = Handler.STYLE + """
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	240	form#login {
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	241	max-width: 50%;
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	242	padding: 1em;
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	243	margin: 0 auto;
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	244	}
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	245
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	246	"""
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	247	def process (self) :
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	248	self.process_cookie()
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	249
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	250	try :
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	251	self.process_back()
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	252	except pubtkt.Error as ex :
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	253	self.alert('danger', ex)
357 f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	254
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	255	# update cookie?
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	256	set_pubtkt = None
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	257
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	258	if self.request.method == 'POST' :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	259	username = self.request.form.get('username')
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	260	password = self.request.form.get('username')
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	261
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	262	if username and password :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	263	# preprocess
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	264	username = username.strip().lower()
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	265
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	266	try :
357 f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	267	set_pubtkt = self.app.auth(username, password)
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	268
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	269	except pubtkt.Error as ex :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	270	self.auth_errors = ex
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	271
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	272	elif self.pubtkt and self.pubtkt.valid() :
357 f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	273	# renew manually if valid
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	274	set_pubtkt = self.app.renew(self.pubtkt)
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	275
357 f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	276	elif 'renew' in self.request.args :
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	277	# renew automatically if in grace period
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	278	if self.pubtkt and self.pubtkt.grace() :
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	279	set_pubtkt = self.app.renew(self.pubtkt)
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	280
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	281	if set_pubtkt :
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	282	# browsers seem to be very particular about quoting ;'s in cookie values...
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	283	# this follows PHP's setcookie() encoding...
357 f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	284	cookie = werkzeug.urls.url_quote(self.app.sign(set_pubtkt))
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	285
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	286	self.pubtkt = set_pubtkt
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	287
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	288	# redirect with cookie
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	289	response = pvl.web.response.redirect(self.back)
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	290
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	291	response.set_cookie(self.app.cookie_name, cookie,
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	292	domain = self.app.cookie_domain,
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	293	secure = self.app.cookie_secure,
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	294	httponly = self.app.cookie_httponly,
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	295	)
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	296
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	297	return response
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	298
357 f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	299
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	300	def render (self) :
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	301	if self.pubtkt :
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	302	username = self.pubtkt.uid
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	303	else :
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	304	username = None
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	305
349 3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	306	domain = self.app.login_domain
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	307
355 2daf32a118ff pvl.login: logout -> /login?logout=1 Tero Marttila <terom@paivola.fi> parents: 354 diff changeset	308	if 'logout' in self.request.args :
359 70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	309	self.alert('info', "You have been logged out.", icon='log-out')
355 2daf32a118ff pvl.login: logout -> /login?logout=1 Tero Marttila <terom@paivola.fi> parents: 354 diff changeset	310
357 f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	311	if self.pubtkt and self.pubtkt.valid() :
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	312	renew = True
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	313
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	314	# within validity period...
359 70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	315	self.alert('info', "Login or renew ticket.", icon='log-in')
357 f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	316
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	317	else :
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	318	renew = False
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	319
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	320	return html.div(class_='container')(
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	321	html.form(action=self.url(back=self.back), method='POST', id='login')(
359 70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	322	self.render_alerts(),
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	323
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	324	html.fieldset(
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	325	html.legend(
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	326	(
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	327	"Login @ ",
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	328	html.a(href=self.back)(self.server),
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	329	) if self.server else (
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	330	"Login"
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	331	)
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	332	),
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	333
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	334	html.div(class_='form-group')(
349 3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	335	html.div(class_='input-group')(
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	336	html.label(for_='username', class_='sr-only')("Username"),
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	337	html.input(name='username', type='text', class_='form-control', placeholder="username", required=True, autofocus=True, value=username),
349 3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	338	html.span(class_='input-group-addon')("@{domain}".format(domain=domain)),
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	339	),
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	340
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	341	html.label(for_='password', class_='sr-only')("Password"),
357 f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	342	html.input(name='password', type='password', class_='form-control', placeholder="Password", required=(not renew)),
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	343	),
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	344
359 70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	345	html.button(type='submit', class_='btn btn-primary')(
70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	346	html.span(class_='glyphicon glyphicon-log-in'), "Login"
70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	347	),
357 f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	348
359 70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	349	html.button(type='submit', class_='btn btn-success')(
70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	350	html.span(class_='glyphicon glyphicon-time'), "Renew"
70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	351	) if renew else None,
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	352	)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	353	)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	354	)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	355
350 1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	356	class Logout (Handler) :
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	357	TITLE = "Logout"
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	358
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	359	def process (self) :
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	360	self.process_cookie()
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	361
350 1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	362	if not self.pubtkt :
355 2daf32a118ff pvl.login: logout -> /login?logout=1 Tero Marttila <terom@paivola.fi> parents: 354 diff changeset	363	return self.redirect(Login)
350 1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	364
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	365	if self.request.method == 'POST' :
355 2daf32a118ff pvl.login: logout -> /login?logout=1 Tero Marttila <terom@paivola.fi> parents: 354 diff changeset	366	response = pvl.web.response.redirect(self.url(Login, logout=1))
350 1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	367
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	368	response.set_cookie(self.app.cookie_name, '',
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	369	expires = 0,
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	370	domain = self.app.cookie_domain,
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	371	secure = self.app.cookie_secure,
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	372	httponly = self.app.cookie_httponly,
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	373	)
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	374
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	375	return response
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	376
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	377	def render (self) :
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	378	return html.div(class_='container')(
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	379	html.form(action=self.url(), method='post')(
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	380	html.fieldset(
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	381	html.legend("Logout {pubtkt.uid}".format(pubtkt=self.pubtkt)),
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	382
359 70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	383	html.button(type='submit', class_='btn btn-warning')(
70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	384	html.span(class_='glyphicon glyphicon-log-out'), "Logout"
70bcd6f1fa4a pvl.login.server: iconify everything Tero Marttila <terom@paivola.fi> parents: 357 diff changeset	385	),
350 1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	386	)
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	387	)
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	388	)
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	389
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	390	class LoginApplication (pvl.web.Application) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	391	URLS = urls.Map((
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	392	urls.rule('/', Index),
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	393	urls.rule('/login', Login),
350 1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	394	urls.rule('/logout', Logout),
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	395	))
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	396
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	397	PUBLIC_KEY = 'etc/login/public.pem'
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	398	PRIVATE_KEY = 'etc/login/private.pem'
349 3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	399
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	400	login_domain = 'test.paivola.fi'
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	401	login_server = 'login.test.paivola.fi'
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	402	login_valid = datetime.timedelta(seconds=60)
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	403	login_grace = datetime.timedelta(seconds=30)
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	404	login_scheme = 'https'
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	405
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	406	cookie_name = 'auth_pubtkt'
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	407	cookie_domain = 'test.paivola.fi'
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	408	cookie_secure = True
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	409	cookie_httponly = True
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	410
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	411	def __init__ (self, public_key=PUBLIC_KEY, private_key=PRIVATE_KEY, **opts) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	412	super(LoginApplication, self).__init__(**opts)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	413
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	414	self.server_keys = pubtkt.ServerKeys.config(
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	415	public_key = public_key,
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	416	private_key = private_key,
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	417	)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	418
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	419	def check_server (self, server) :
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	420	"""
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	421	Check that the given target server is valid.
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	422	"""
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	423
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	424	server = server.lower()
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	425
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	426	if server == self.login_domain or server.endswith('.' + self.login_domain) :
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	427	return server
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	428	else :
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	429	raise pubtkt.ServerError("Target server is not covered by our authentication domain: {domain}".format(domain=self.login_domain))
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	430
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	431	def load (self, cookie) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	432	"""
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	433	Load a pubtkt from a cookie, and verify it.
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	434	"""
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	435
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	436	return pubtkt.PubTkt.load(cookie, self.server_keys.public)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	437
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	438	def auth (self, username, password) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	439	"""
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	440	Perform authentication, returning a PubTkt, signed
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	441	"""
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	442
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	443	return pubtkt.PubTkt.new(username,
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	444	valid = self.login_valid,
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	445	grace = self.login_grace,
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	446	)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	447
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	448	def sign (self, pubtkt) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	449	"""
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	450	Create a cookie by signing the given pubtkt.
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	451	"""
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	452
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	453	return pubtkt.sign(self.server_keys.private)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	454
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	455	def renew (self, pubtkt) :
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	456	"""
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	457	Renew and re-sign the given pubtkt.
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	458	"""
357 f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	459
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	460	# XXX: inplace
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	461	pubtkt.renew(self.login_valid, self.login_grace)
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	462
357 f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	463	return pubtkt

author	Tero Marttila <terom@paivola.fi>
	Mon, 13 Jan 2014 18:05:29 +0200
changeset 359	70bcd6f1fa4a
parent 357	f85050bad115
child 360	1b33bed4a7c4
permissions	-rw-r--r--