| author | Tero Marttila <terom@paivola.fi> |
| Mon, 13 Jan 2014 21:14:52 +0200 | |
| changeset 369 | e6d0e8a967ac |
| parent 367 | e431a1b71006 |
| child 370 | 184917c7d4d4 |
| permissions | -rw-r--r-- |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
1 |
# encoding: utf-8 |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
2 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
3 |
import datetime |
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
4 |
import urlparse |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
5 |
import werkzeug |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
6 |
import werkzeug.urls |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
7 |
|
|
367
e431a1b71006
pvl.login: implement LDAPAuth; fix Index pageprogress grace period refresh
Tero Marttila <terom@paivola.fi>
parents:
365
diff
changeset
|
8 |
import pvl.login.auth |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
9 |
import pvl.web |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
10 |
import pvl.web.response |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
11 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
12 |
from pvl.login import pubtkt |
|
359
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
13 |
from pvl.web import urls |
|
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
14 |
from pvl.web import html5 as html |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
15 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
16 |
import logging; log = logging.getLogger('pvl.login.server')
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
17 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
18 |
class Handler (pvl.web.Handler) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
19 |
# Bootstrap |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
20 |
DOCTYPE = 'html' |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
21 |
HTML_XMLNS = None |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
22 |
HTML_LANG = 'en' |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
23 |
CSS = ( |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
24 |
'//netdna.bootstrapcdn.com/bootstrap/3.0.3/css/bootstrap.min.css', |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
25 |
) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
26 |
JS = ( |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
27 |
'//code.jquery.com/jquery.js', |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
28 |
'//netdna.bootstrapcdn.com/bootstrap/3.0.3/js/bootstrap.min.js', |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
29 |
) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
30 |
|
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
31 |
STYLE = """ |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
32 |
body {
|
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
33 |
padding-top: 2em; |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
34 |
text-align: center; |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
35 |
} |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
36 |
|
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
37 |
.container {
|
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
38 |
padding: 2em 1em; |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
39 |
text-align: left; |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
40 |
} |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
41 |
""" |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
42 |
|
| 350 | 43 |
def redirect (self, *url, **params) : |
44 |
return pvl.web.response.redirect(self.url(*url, **params)) |
|
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
45 |
|
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
46 |
pubtkt = None |
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
47 |
|
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
48 |
def init (self) : |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
49 |
self.alerts = [] |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
50 |
|
|
359
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
51 |
def alert (self, type, alert, icon=None) : |
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
52 |
log.info(u"%s: %s", type, alert) |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
53 |
|
|
359
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
54 |
self.alerts.append((type, icon, unicode(alert))) |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
55 |
|
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
56 |
def process_cookie (self) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
57 |
""" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
58 |
Reverse the urlencoding used for the cookie... |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
59 |
""" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
60 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
61 |
log.debug("cookies: %s", self.request.cookies)
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
62 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
63 |
cookie = self.request.cookies.get(self.app.cookie_name) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
64 |
|
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
65 |
if not cookie : |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
66 |
return |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
67 |
|
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
68 |
log.debug("cookie %s=%s", self.app.cookie_name, cookie)
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
69 |
|
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
70 |
cookie = werkzeug.urls.url_unquote(cookie) |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
71 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
72 |
log.debug("cookie decoded: %s", cookie)
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
73 |
|
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
74 |
if not cookie : |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
75 |
return |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
76 |
|
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
77 |
try : |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
78 |
self.pubtkt = self.app.load(cookie) |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
79 |
|
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
80 |
except pubtkt.ParseError as ex : |
|
359
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
81 |
self.alert('danger', ex, icon='compare')
|
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
82 |
|
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
83 |
except pubtkt.ExpiredError as ex : |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
84 |
self.pubtkt = ex.pubtkt |
|
359
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
85 |
self.alert('warning', ex, icon='clock')
|
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
86 |
|
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
87 |
except pubtkt.VerifyError as ex : |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
88 |
self.pubtkt = ex.pubtkt |
|
359
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
89 |
self.alert('danger', ex, icon='warning-sign')
|
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
90 |
|
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
91 |
def process_back (self) : |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
92 |
self.server = None |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
93 |
self.back = urlparse.urlunparse((self.app.login_scheme, self.app.login_server, '/', '', '', '')) |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
94 |
|
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
95 |
back = self.request.args.get('back')
|
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
96 |
|
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
97 |
if back : |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
98 |
url = urlparse.urlparse(back, self.app.login_scheme) |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
99 |
|
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
100 |
if not self.app.login_scheme : |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
101 |
scheme = url.scheme |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
102 |
|
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
103 |
elif url.scheme == self.app.login_scheme : |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
104 |
scheme = url.scheme |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
105 |
|
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
106 |
else : |
|
359
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
107 |
self.alert('info', "Using SSL for application URL", icon='lock')
|
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
108 |
scheme = self.app.login_scheme |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
109 |
|
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
110 |
self.server = self.app.check_server(url.hostname) |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
111 |
self.back = urlparse.urlunparse((scheme, self.server, url.path, url.params, url.query, url.fragment)) |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
112 |
|
|
359
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
113 |
def render_alerts (self) : |
|
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
114 |
for type, icon, alert in self.alerts : |
|
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
115 |
yield html.div(class_='alert alert-{type}'.format(type=type))(
|
|
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
116 |
html.span(class_='glyphicon glyphicon-{glyphicon}'.format(glyphicon=icon)) if icon else None,
|
|
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
117 |
alert |
|
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
118 |
) |
|
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
119 |
|
|
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
120 |
|
|
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
121 |
|
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
122 |
class Index (Handler) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
123 |
TITLE = u"Päivölä Network Login" |
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
124 |
|
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
125 |
STYLE = Handler.STYLE + """ |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
126 |
.pubtkt {
|
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
127 |
width: 30em; |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
128 |
margin: 1em auto; |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
129 |
} |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
130 |
|
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
131 |
.pubtkt form {
|
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
132 |
display: inline; |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
133 |
} |
|
360
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
134 |
|
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
135 |
.pubtkt .panel-heading {
|
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
136 |
line-height: 20px; |
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
137 |
} |
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
138 |
|
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
139 |
.pubtkt .panel-body .glyphicon {
|
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
140 |
width: 1em; |
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
141 |
float: left; |
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
142 |
line-height: 20px; |
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
143 |
} |
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
144 |
|
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
145 |
.pubtkt .panel-body .progress {
|
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
146 |
margin-bottom: 0; |
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
147 |
margin-left: 2em; |
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
148 |
} |
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
149 |
""" |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
150 |
|
|
365
e9e3d1580d36
pvl.login: animated expire progress
Tero Marttila <terom@paivola.fi>
parents:
360
diff
changeset
|
151 |
JS = Handler.JS + ( |
|
e9e3d1580d36
pvl.login: animated expire progress
Tero Marttila <terom@paivola.fi>
parents:
360
diff
changeset
|
152 |
'/static/pubtkt-expire.js', |
|
e9e3d1580d36
pvl.login: animated expire progress
Tero Marttila <terom@paivola.fi>
parents:
360
diff
changeset
|
153 |
) |
|
e9e3d1580d36
pvl.login: animated expire progress
Tero Marttila <terom@paivola.fi>
parents:
360
diff
changeset
|
154 |
|
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
155 |
def process (self) : |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
156 |
self.process_cookie() |
| 350 | 157 |
|
158 |
if not self.pubtkt : |
|
159 |
return self.redirect(Login) |
|
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
160 |
|
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
161 |
def render_valid (self, valid) : |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
162 |
seconds = valid.seconds + valid.days * (24 * 60 * 60) |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
163 |
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
164 |
minutes, seconds = divmod(seconds, 60) |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
165 |
hours, minutes = divmod(minutes, 60) |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
166 |
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
167 |
return "%2d:%02d:%02d" % (hours, minutes, seconds) |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
168 |
|
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
169 |
def render_status (self, pubtkt) : |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
170 |
valid = pubtkt.valid() |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
171 |
grace = pubtkt.grace() |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
172 |
|
|
357
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
173 |
if grace : |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
174 |
return 'warning' |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
175 |
elif valid : |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
176 |
return 'success' |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
177 |
else : |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
178 |
return 'danger' |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
179 |
|
|
360
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
180 |
def render_pubtkt_valid (self, pubtkt) : |
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
181 |
""" |
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
182 |
Yield HTML for ticket validity. |
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
183 |
""" |
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
184 |
|
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
185 |
|
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
186 |
lifetime = self.app.login_valid |
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
187 |
valid = pubtkt.valid() |
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
188 |
grace = pubtkt.grace() |
|
367
e431a1b71006
pvl.login: implement LDAPAuth; fix Index pageprogress grace period refresh
Tero Marttila <terom@paivola.fi>
parents:
365
diff
changeset
|
189 |
grace_period = pubtkt.grace_period() |
|
365
e9e3d1580d36
pvl.login: animated expire progress
Tero Marttila <terom@paivola.fi>
parents:
360
diff
changeset
|
190 |
remaining = pubtkt.remaining() |
|
360
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
191 |
|
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
192 |
if valid : |
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
193 |
progress = float(valid.seconds) / float(lifetime.seconds) |
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
194 |
else : |
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
195 |
progress = None |
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
196 |
|
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
197 |
if grace : |
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
198 |
title = "Remaining renewal period" |
|
365
e9e3d1580d36
pvl.login: animated expire progress
Tero Marttila <terom@paivola.fi>
parents:
360
diff
changeset
|
199 |
label = "{grace} (Renew)".format(grace=self.render_valid(grace))
|
|
360
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
200 |
status = 'warning' |
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
201 |
elif valid : |
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
202 |
title = "Remaining validity period" |
|
365
e9e3d1580d36
pvl.login: animated expire progress
Tero Marttila <terom@paivola.fi>
parents:
360
diff
changeset
|
203 |
label = "{valid}".format(valid=self.render_valid(valid))
|
|
360
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
204 |
status = 'success' |
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
205 |
else : |
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
206 |
title = "Expired" |
|
365
e9e3d1580d36
pvl.login: animated expire progress
Tero Marttila <terom@paivola.fi>
parents:
360
diff
changeset
|
207 |
label = "Expired" |
|
360
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
208 |
status = 'danger' |
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
209 |
|
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
210 |
if progress : |
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
211 |
return html.div(class_='panel-body', title=title)( |
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
212 |
html.span(class_='glyphicon glyphicon-time'), |
|
365
e9e3d1580d36
pvl.login: animated expire progress
Tero Marttila <terom@paivola.fi>
parents:
360
diff
changeset
|
213 |
html.div(class_='progress pubtkt-progress', |
|
e9e3d1580d36
pvl.login: animated expire progress
Tero Marttila <terom@paivola.fi>
parents:
360
diff
changeset
|
214 |
data_start=valid.seconds, |
|
367
e431a1b71006
pvl.login: implement LDAPAuth; fix Index pageprogress grace period refresh
Tero Marttila <terom@paivola.fi>
parents:
365
diff
changeset
|
215 |
data_refresh=grace_period.seconds if remaining else None, |
|
365
e9e3d1580d36
pvl.login: animated expire progress
Tero Marttila <terom@paivola.fi>
parents:
360
diff
changeset
|
216 |
data_end=lifetime.seconds, |
|
e9e3d1580d36
pvl.login: animated expire progress
Tero Marttila <terom@paivola.fi>
parents:
360
diff
changeset
|
217 |
)( |
|
360
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
218 |
html.div(class_='progress-bar progress-bar-{status}'.format(status=status),
|
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
219 |
role='progressbar', |
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
220 |
style='width: {pp:.0f}%'.format(pp=progress*100),
|
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
221 |
)( |
|
365
e9e3d1580d36
pvl.login: animated expire progress
Tero Marttila <terom@paivola.fi>
parents:
360
diff
changeset
|
222 |
html.span(class_='pubtkt-progress-label')(label) |
|
360
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
223 |
) |
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
224 |
) |
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
225 |
) |
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
226 |
else : |
|
365
e9e3d1580d36
pvl.login: animated expire progress
Tero Marttila <terom@paivola.fi>
parents:
360
diff
changeset
|
227 |
return None # html.p(label) |
|
360
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
228 |
|
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
229 |
def render_pubtkt_fields (self, pubtkt) : |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
230 |
""" |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
231 |
Yield (glyphicon, text) to render as fields for ticket. |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
232 |
""" |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
233 |
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
234 |
if pubtkt.cip : |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
235 |
yield 'cloud', None, "Network address", pubtkt.cip |
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
236 |
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
237 |
if pubtkt.udata : |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
238 |
yield 'comment', None, "Associated data", pubtkt.udata |
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
239 |
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
240 |
for token in pubtkt.tokens : |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
241 |
yield 'flag', None, "Access token", token |
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
242 |
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
243 |
if pubtkt.bauth : |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
244 |
yield 'keys', None, "Authentication token", pubtkt.bauth |
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
245 |
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
246 |
def render_pubtkt (self, pubtkt) : |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
247 |
status = self.render_status(pubtkt) |
|
360
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
248 |
domain = self.app.login_domain |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
249 |
|
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
250 |
return html.div(class_='pubtkt panel panel-{status}'.format(status=status))(
|
|
360
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
251 |
html.div(class_='panel-heading')( |
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
252 |
html.span(class_='glyphicon glyphicon-user'), |
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
253 |
html.strong(pubtkt.uid), |
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
254 |
html.span("@", domain),
|
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
255 |
), |
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
256 |
self.render_pubtkt_valid(pubtkt), |
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
257 |
html.ul(class_='list-group')( |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
258 |
html.li(class_='list-group-item {status}'.format(status=('alert-'+status if status else '')), title=title)(
|
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
259 |
html.span(class_='glyphicon glyphicon-{glyphicon}'.format(glyphicon=icon)) if icon else None,
|
|
360
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
260 |
data, |
|
1b33bed4a7c4
pimp out pubtkt panel on index page, although alignment is getting difficult
Tero Marttila <terom@paivola.fi>
parents:
359
diff
changeset
|
261 |
) for icon, status, title, data in self.render_pubtkt_fields(pubtkt) |
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
262 |
), |
| 350 | 263 |
html.div(class_='panel-footer')( |
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
264 |
#html.div(class_='btn-toolbar', role='toolbar')( |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
265 |
( |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
266 |
html.form(action=self.url(Login), method='post', class_='form-inline')( |
|
359
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
267 |
html.button(type='submit', class_='btn btn-success')( |
|
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
268 |
html.span(class_='glyphicon glyphicon-time'), "Renew" |
|
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
269 |
) |
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
270 |
) |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
271 |
) if pubtkt.valid() else ( |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
272 |
html.form(action=self.url(Login), method='get', class_='form-inline')( |
|
359
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
273 |
html.button(type='submit', class_='btn btn-info')( |
|
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
274 |
html.span(class_='glyphicon glyphicon-log-in'), "Login" |
|
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
275 |
) |
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
276 |
), |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
277 |
), |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
278 |
|
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
279 |
html.form(action=self.url(Logout), method='post', class_='form-inline pull-right')( |
|
359
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
280 |
html.button(type='submit', class_='btn btn-warning')( |
|
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
281 |
html.span(class_='glyphicon glyphicon-log-out'), "Logout" |
|
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
282 |
) |
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
283 |
), |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
284 |
#), |
| 350 | 285 |
), |
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
286 |
) |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
287 |
|
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
288 |
def render (self) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
289 |
return html.div(class_='container')( |
|
359
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
290 |
self.render_alerts(), |
|
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
291 |
self.render_pubtkt(self.pubtkt) if self.pubtkt else None, |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
292 |
) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
293 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
294 |
class Login (Handler) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
295 |
TITLE = "Login" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
296 |
|
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
297 |
STYLE = Handler.STYLE + """ |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
298 |
form#login {
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
299 |
max-width: 50%; |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
300 |
padding: 1em; |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
301 |
margin: 0 auto; |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
302 |
} |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
303 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
304 |
""" |
|
369
e6d0e8a967ac
pvl.login: ldap access (tokens) and userdata support
Tero Marttila <terom@paivola.fi>
parents:
367
diff
changeset
|
305 |
|
|
e6d0e8a967ac
pvl.login: ldap access (tokens) and userdata support
Tero Marttila <terom@paivola.fi>
parents:
367
diff
changeset
|
306 |
login_failure = None |
|
e6d0e8a967ac
pvl.login: ldap access (tokens) and userdata support
Tero Marttila <terom@paivola.fi>
parents:
367
diff
changeset
|
307 |
|
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
308 |
def process (self) : |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
309 |
self.process_cookie() |
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
310 |
|
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
311 |
try : |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
312 |
self.process_back() |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
313 |
except pubtkt.Error as ex : |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
314 |
self.alert('danger', ex)
|
|
367
e431a1b71006
pvl.login: implement LDAPAuth; fix Index pageprogress grace period refresh
Tero Marttila <terom@paivola.fi>
parents:
365
diff
changeset
|
315 |
|
|
e431a1b71006
pvl.login: implement LDAPAuth; fix Index pageprogress grace period refresh
Tero Marttila <terom@paivola.fi>
parents:
365
diff
changeset
|
316 |
if self.pubtkt : |
|
e431a1b71006
pvl.login: implement LDAPAuth; fix Index pageprogress grace period refresh
Tero Marttila <terom@paivola.fi>
parents:
365
diff
changeset
|
317 |
self.username = self.pubtkt.uid |
|
e431a1b71006
pvl.login: implement LDAPAuth; fix Index pageprogress grace period refresh
Tero Marttila <terom@paivola.fi>
parents:
365
diff
changeset
|
318 |
else : |
|
e431a1b71006
pvl.login: implement LDAPAuth; fix Index pageprogress grace period refresh
Tero Marttila <terom@paivola.fi>
parents:
365
diff
changeset
|
319 |
self.username = None |
|
357
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
320 |
|
|
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
321 |
# update cookie? |
|
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
322 |
set_pubtkt = None |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
323 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
324 |
if self.request.method == 'POST' : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
325 |
username = self.request.form.get('username')
|
|
367
e431a1b71006
pvl.login: implement LDAPAuth; fix Index pageprogress grace period refresh
Tero Marttila <terom@paivola.fi>
parents:
365
diff
changeset
|
326 |
password = self.request.form.get('password')
|
|
e431a1b71006
pvl.login: implement LDAPAuth; fix Index pageprogress grace period refresh
Tero Marttila <terom@paivola.fi>
parents:
365
diff
changeset
|
327 |
|
|
e431a1b71006
pvl.login: implement LDAPAuth; fix Index pageprogress grace period refresh
Tero Marttila <terom@paivola.fi>
parents:
365
diff
changeset
|
328 |
if username : |
|
e431a1b71006
pvl.login: implement LDAPAuth; fix Index pageprogress grace period refresh
Tero Marttila <terom@paivola.fi>
parents:
365
diff
changeset
|
329 |
# preprocess |
|
e431a1b71006
pvl.login: implement LDAPAuth; fix Index pageprogress grace period refresh
Tero Marttila <terom@paivola.fi>
parents:
365
diff
changeset
|
330 |
username = username.strip().lower() |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
331 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
332 |
if username and password : |
|
367
e431a1b71006
pvl.login: implement LDAPAuth; fix Index pageprogress grace period refresh
Tero Marttila <terom@paivola.fi>
parents:
365
diff
changeset
|
333 |
self.username = username |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
334 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
335 |
try : |
|
357
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
336 |
set_pubtkt = self.app.auth(username, password) |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
337 |
|
|
367
e431a1b71006
pvl.login: implement LDAPAuth; fix Index pageprogress grace period refresh
Tero Marttila <terom@paivola.fi>
parents:
365
diff
changeset
|
338 |
except pvl.login.auth.AuthError as ex : |
|
e431a1b71006
pvl.login: implement LDAPAuth; fix Index pageprogress grace period refresh
Tero Marttila <terom@paivola.fi>
parents:
365
diff
changeset
|
339 |
self.alert('danger', "Internal authentication error, try again later?")
|
|
e431a1b71006
pvl.login: implement LDAPAuth; fix Index pageprogress grace period refresh
Tero Marttila <terom@paivola.fi>
parents:
365
diff
changeset
|
340 |
|
|
369
e6d0e8a967ac
pvl.login: ldap access (tokens) and userdata support
Tero Marttila <terom@paivola.fi>
parents:
367
diff
changeset
|
341 |
else : |
|
e6d0e8a967ac
pvl.login: ldap access (tokens) and userdata support
Tero Marttila <terom@paivola.fi>
parents:
367
diff
changeset
|
342 |
if not set_pubtkt : |
|
e6d0e8a967ac
pvl.login: ldap access (tokens) and userdata support
Tero Marttila <terom@paivola.fi>
parents:
367
diff
changeset
|
343 |
self.alert('danger', "Invalid authentication credentials, try again.")
|
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
344 |
|
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
345 |
elif self.pubtkt and self.pubtkt.valid() : |
|
357
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
346 |
# renew manually if valid |
|
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
347 |
set_pubtkt = self.app.renew(self.pubtkt) |
|
369
e6d0e8a967ac
pvl.login: ldap access (tokens) and userdata support
Tero Marttila <terom@paivola.fi>
parents:
367
diff
changeset
|
348 |
|
|
e6d0e8a967ac
pvl.login: ldap access (tokens) and userdata support
Tero Marttila <terom@paivola.fi>
parents:
367
diff
changeset
|
349 |
# a POST request that does not modify state is a failure |
|
e6d0e8a967ac
pvl.login: ldap access (tokens) and userdata support
Tero Marttila <terom@paivola.fi>
parents:
367
diff
changeset
|
350 |
if not set_pubtkt : |
|
e6d0e8a967ac
pvl.login: ldap access (tokens) and userdata support
Tero Marttila <terom@paivola.fi>
parents:
367
diff
changeset
|
351 |
self.login_failure = True |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
352 |
|
|
357
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
353 |
elif 'renew' in self.request.args : |
|
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
354 |
# renew automatically if in grace period |
|
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
355 |
if self.pubtkt and self.pubtkt.grace() : |
|
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
356 |
set_pubtkt = self.app.renew(self.pubtkt) |
|
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
357 |
|
|
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
358 |
if set_pubtkt : |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
359 |
# browsers seem to be very particular about quoting ;'s in cookie values... |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
360 |
# this follows PHP's setcookie() encoding... |
|
357
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
361 |
cookie = werkzeug.urls.url_quote(self.app.sign(set_pubtkt)) |
|
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
362 |
|
|
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
363 |
self.pubtkt = set_pubtkt |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
364 |
|
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
365 |
# redirect with cookie |
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
366 |
response = pvl.web.response.redirect(self.back) |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
367 |
|
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
368 |
response.set_cookie(self.app.cookie_name, cookie, |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
369 |
domain = self.app.cookie_domain, |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
370 |
secure = self.app.cookie_secure, |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
371 |
httponly = self.app.cookie_httponly, |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
372 |
) |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
373 |
|
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
374 |
return response |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
375 |
|
|
369
e6d0e8a967ac
pvl.login: ldap access (tokens) and userdata support
Tero Marttila <terom@paivola.fi>
parents:
367
diff
changeset
|
376 |
def status (self) : |
|
e6d0e8a967ac
pvl.login: ldap access (tokens) and userdata support
Tero Marttila <terom@paivola.fi>
parents:
367
diff
changeset
|
377 |
if self.login_failure : |
|
e6d0e8a967ac
pvl.login: ldap access (tokens) and userdata support
Tero Marttila <terom@paivola.fi>
parents:
367
diff
changeset
|
378 |
return 400 |
|
e6d0e8a967ac
pvl.login: ldap access (tokens) and userdata support
Tero Marttila <terom@paivola.fi>
parents:
367
diff
changeset
|
379 |
else : |
|
e6d0e8a967ac
pvl.login: ldap access (tokens) and userdata support
Tero Marttila <terom@paivola.fi>
parents:
367
diff
changeset
|
380 |
return 200 |
|
357
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
381 |
|
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
382 |
def render (self) : |
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
383 |
domain = self.app.login_domain |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
384 |
|
|
355
2daf32a118ff
pvl.login: logout -> /login?logout=1
Tero Marttila <terom@paivola.fi>
parents:
354
diff
changeset
|
385 |
if 'logout' in self.request.args : |
|
359
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
386 |
self.alert('info', "You have been logged out.", icon='log-out')
|
|
355
2daf32a118ff
pvl.login: logout -> /login?logout=1
Tero Marttila <terom@paivola.fi>
parents:
354
diff
changeset
|
387 |
|
|
357
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
388 |
if self.pubtkt and self.pubtkt.valid() : |
|
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
389 |
renew = True |
|
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
390 |
|
|
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
391 |
# within validity period... |
|
359
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
392 |
self.alert('info', "Login or renew ticket.", icon='log-in')
|
|
357
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
393 |
|
|
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
394 |
else : |
|
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
395 |
renew = False |
|
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
396 |
|
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
397 |
return html.div(class_='container')( |
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
398 |
html.form(action=self.url(back=self.back), method='POST', id='login')( |
|
359
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
399 |
self.render_alerts(), |
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
400 |
|
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
401 |
html.fieldset( |
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
402 |
html.legend( |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
403 |
( |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
404 |
"Login @ ", |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
405 |
html.a(href=self.back)(self.server), |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
406 |
) if self.server else ( |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
407 |
"Login" |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
408 |
) |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
409 |
), |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
410 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
411 |
html.div(class_='form-group')( |
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
412 |
html.div(class_='input-group')( |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
413 |
html.label(for_='username', class_='sr-only')("Username"),
|
|
367
e431a1b71006
pvl.login: implement LDAPAuth; fix Index pageprogress grace period refresh
Tero Marttila <terom@paivola.fi>
parents:
365
diff
changeset
|
414 |
html.input(name='username', type='text', class_='form-control', placeholder="username", required=True, autofocus=(not self.username), value=self.username), |
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
415 |
html.span(class_='input-group-addon')("@{domain}".format(domain=domain)),
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
416 |
), |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
417 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
418 |
html.label(for_='password', class_='sr-only')("Password"),
|
|
367
e431a1b71006
pvl.login: implement LDAPAuth; fix Index pageprogress grace period refresh
Tero Marttila <terom@paivola.fi>
parents:
365
diff
changeset
|
419 |
html.input(name='password', type='password', class_='form-control', placeholder="Password", required=(not renew), autofocus=bool(self.username)), |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
420 |
), |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
421 |
|
|
359
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
422 |
html.button(type='submit', class_='btn btn-primary')( |
|
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
423 |
html.span(class_='glyphicon glyphicon-log-in'), "Login" |
|
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
424 |
), |
|
357
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
425 |
|
|
359
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
426 |
html.button(type='submit', class_='btn btn-success')( |
|
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
427 |
html.span(class_='glyphicon glyphicon-time'), "Renew" |
|
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
428 |
) if renew else None, |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
429 |
) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
430 |
) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
431 |
) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
432 |
|
| 350 | 433 |
class Logout (Handler) : |
434 |
TITLE = "Logout" |
|
435 |
||
436 |
def process (self) : |
|
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
437 |
self.process_cookie() |
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
438 |
|
| 350 | 439 |
if not self.pubtkt : |
|
355
2daf32a118ff
pvl.login: logout -> /login?logout=1
Tero Marttila <terom@paivola.fi>
parents:
354
diff
changeset
|
440 |
return self.redirect(Login) |
| 350 | 441 |
|
442 |
if self.request.method == 'POST' : |
|
|
355
2daf32a118ff
pvl.login: logout -> /login?logout=1
Tero Marttila <terom@paivola.fi>
parents:
354
diff
changeset
|
443 |
response = pvl.web.response.redirect(self.url(Login, logout=1)) |
| 350 | 444 |
|
445 |
response.set_cookie(self.app.cookie_name, '', |
|
446 |
expires = 0, |
|
447 |
domain = self.app.cookie_domain, |
|
448 |
secure = self.app.cookie_secure, |
|
449 |
httponly = self.app.cookie_httponly, |
|
450 |
) |
|
451 |
||
452 |
return response |
|
453 |
||
454 |
def render (self) : |
|
455 |
return html.div(class_='container')( |
|
456 |
html.form(action=self.url(), method='post')( |
|
457 |
html.fieldset( |
|
458 |
html.legend("Logout {pubtkt.uid}".format(pubtkt=self.pubtkt)),
|
|
459 |
||
|
359
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
460 |
html.button(type='submit', class_='btn btn-warning')( |
|
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
461 |
html.span(class_='glyphicon glyphicon-log-out'), "Logout" |
|
70bcd6f1fa4a
pvl.login.server: iconify everything
Tero Marttila <terom@paivola.fi>
parents:
357
diff
changeset
|
462 |
), |
| 350 | 463 |
) |
464 |
) |
|
465 |
) |
|
466 |
||
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
467 |
class LoginApplication (pvl.web.Application) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
468 |
URLS = urls.Map(( |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
469 |
urls.rule('/', Index),
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
470 |
urls.rule('/login', Login),
|
| 350 | 471 |
urls.rule('/logout', Logout),
|
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
472 |
)) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
473 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
474 |
PUBLIC_KEY = 'etc/login/public.pem' |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
475 |
PRIVATE_KEY = 'etc/login/private.pem' |
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
476 |
|
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
477 |
login_domain = 'test.paivola.fi' |
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
478 |
login_server = 'login.test.paivola.fi' |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
479 |
login_valid = datetime.timedelta(seconds=60) |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
480 |
login_grace = datetime.timedelta(seconds=30) |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
481 |
login_scheme = 'https' |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
482 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
483 |
cookie_name = 'auth_pubtkt' |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
484 |
cookie_domain = 'test.paivola.fi' |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
485 |
cookie_secure = True |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
486 |
cookie_httponly = True |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
487 |
|
|
367
e431a1b71006
pvl.login: implement LDAPAuth; fix Index pageprogress grace period refresh
Tero Marttila <terom@paivola.fi>
parents:
365
diff
changeset
|
488 |
def __init__ (self, auth, public_key=PUBLIC_KEY, private_key=PRIVATE_KEY, **opts) : |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
489 |
super(LoginApplication, self).__init__(**opts) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
490 |
|
|
367
e431a1b71006
pvl.login: implement LDAPAuth; fix Index pageprogress grace period refresh
Tero Marttila <terom@paivola.fi>
parents:
365
diff
changeset
|
491 |
self._auth = auth |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
492 |
self.server_keys = pubtkt.ServerKeys.config( |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
493 |
public_key = public_key, |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
494 |
private_key = private_key, |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
495 |
) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
496 |
|
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
497 |
def check_server (self, server) : |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
498 |
""" |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
499 |
Check that the given target server is valid. |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
500 |
""" |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
501 |
|
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
502 |
server = server.lower() |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
503 |
|
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
504 |
if server == self.login_domain or server.endswith('.' + self.login_domain) :
|
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
505 |
return server |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
506 |
else : |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
507 |
raise pubtkt.ServerError("Target server is not covered by our authentication domain: {domain}".format(domain=self.login_domain))
|
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
508 |
|
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
509 |
def load (self, cookie) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
510 |
""" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
511 |
Load a pubtkt from a cookie, and verify it. |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
512 |
""" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
513 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
514 |
return pubtkt.PubTkt.load(cookie, self.server_keys.public) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
515 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
516 |
def auth (self, username, password) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
517 |
""" |
|
367
e431a1b71006
pvl.login: implement LDAPAuth; fix Index pageprogress grace period refresh
Tero Marttila <terom@paivola.fi>
parents:
365
diff
changeset
|
518 |
Perform authentication, returning a PubTkt, signed, or None. |
|
e431a1b71006
pvl.login: implement LDAPAuth; fix Index pageprogress grace period refresh
Tero Marttila <terom@paivola.fi>
parents:
365
diff
changeset
|
519 |
|
|
e431a1b71006
pvl.login: implement LDAPAuth; fix Index pageprogress grace period refresh
Tero Marttila <terom@paivola.fi>
parents:
365
diff
changeset
|
520 |
Raises auth.AuthError. |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
521 |
""" |
|
367
e431a1b71006
pvl.login: implement LDAPAuth; fix Index pageprogress grace period refresh
Tero Marttila <terom@paivola.fi>
parents:
365
diff
changeset
|
522 |
|
|
e431a1b71006
pvl.login: implement LDAPAuth; fix Index pageprogress grace period refresh
Tero Marttila <terom@paivola.fi>
parents:
365
diff
changeset
|
523 |
auth = self._auth.auth(username, password) |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
524 |
|
|
367
e431a1b71006
pvl.login: implement LDAPAuth; fix Index pageprogress grace period refresh
Tero Marttila <terom@paivola.fi>
parents:
365
diff
changeset
|
525 |
if not auth : |
|
e431a1b71006
pvl.login: implement LDAPAuth; fix Index pageprogress grace period refresh
Tero Marttila <terom@paivola.fi>
parents:
365
diff
changeset
|
526 |
return None |
|
e431a1b71006
pvl.login: implement LDAPAuth; fix Index pageprogress grace period refresh
Tero Marttila <terom@paivola.fi>
parents:
365
diff
changeset
|
527 |
|
|
369
e6d0e8a967ac
pvl.login: ldap access (tokens) and userdata support
Tero Marttila <terom@paivola.fi>
parents:
367
diff
changeset
|
528 |
tokens = list(self._auth.access(auth)) |
|
e6d0e8a967ac
pvl.login: ldap access (tokens) and userdata support
Tero Marttila <terom@paivola.fi>
parents:
367
diff
changeset
|
529 |
udata = self._auth.userdata(auth) |
|
e6d0e8a967ac
pvl.login: ldap access (tokens) and userdata support
Tero Marttila <terom@paivola.fi>
parents:
367
diff
changeset
|
530 |
|
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
531 |
return pubtkt.PubTkt.new(username, |
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
532 |
valid = self.login_valid, |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
533 |
grace = self.login_grace, |
|
369
e6d0e8a967ac
pvl.login: ldap access (tokens) and userdata support
Tero Marttila <terom@paivola.fi>
parents:
367
diff
changeset
|
534 |
tokens = tokens, |
|
e6d0e8a967ac
pvl.login: ldap access (tokens) and userdata support
Tero Marttila <terom@paivola.fi>
parents:
367
diff
changeset
|
535 |
udata = udata, |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
536 |
) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
537 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
538 |
def sign (self, pubtkt) : |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
539 |
""" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
540 |
Create a cookie by signing the given pubtkt. |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
541 |
""" |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
542 |
|
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
543 |
return pubtkt.sign(self.server_keys.private) |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
544 |
|
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
545 |
def renew (self, pubtkt) : |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
546 |
""" |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
547 |
Renew and re-sign the given pubtkt. |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
548 |
""" |
|
357
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
549 |
|
|
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
550 |
# XXX: inplace |
|
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
551 |
pubtkt.renew(self.login_valid, self.login_grace) |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
552 |
|
|
357
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
553 |
return pubtkt |