author | Tero Marttila <terom@paivola.fi> |
Mon, 13 Jan 2014 17:44:45 +0200 | |
changeset 357 | f85050bad115 |
parent 355 | 2daf32a118ff |
child 359 | 70bcd6f1fa4a |
permissions | -rw-r--r-- |
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
1 |
# encoding: utf-8 |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
2 |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
3 |
import datetime |
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
4 |
import urlparse |
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
5 |
import werkzeug |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
6 |
import werkzeug.urls |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
7 |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
8 |
import pvl.web |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
9 |
import pvl.web.response |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
10 |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
11 |
from pvl.login import pubtkt |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
12 |
from pvl.web import urls, html |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
13 |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
14 |
import logging; log = logging.getLogger('pvl.login.server') |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
15 |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
16 |
class Handler (pvl.web.Handler) : |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
17 |
# Bootstrap |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
18 |
DOCTYPE = 'html' |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
19 |
HTML_XMLNS = None |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
20 |
HTML_LANG = 'en' |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
21 |
CSS = ( |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
22 |
'//netdna.bootstrapcdn.com/bootstrap/3.0.3/css/bootstrap.min.css', |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
23 |
) |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
24 |
JS = ( |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
25 |
'//code.jquery.com/jquery.js', |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
26 |
'//netdna.bootstrapcdn.com/bootstrap/3.0.3/js/bootstrap.min.js', |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
27 |
) |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
28 |
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
29 |
STYLE = """ |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
30 |
body { |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
31 |
padding-top: 2em; |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
32 |
text-align: center; |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
33 |
} |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
34 |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
35 |
.container { |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
36 |
padding: 2em 1em; |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
37 |
text-align: left; |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
38 |
} |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
39 |
""" |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
40 |
|
350 | 41 |
def redirect (self, *url, **params) : |
42 |
return pvl.web.response.redirect(self.url(*url, **params)) |
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
43 |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
44 |
pubtkt = None |
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
45 |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
46 |
def init (self) : |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
47 |
self.alerts = [] |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
48 |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
49 |
def alert (self, type, alert) : |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
50 |
log.info(u"%s: %s", type, alert) |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
51 |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
52 |
self.alerts.append((type, unicode(alert))) |
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
53 |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
54 |
def process_cookie (self) : |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
55 |
""" |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
56 |
Reverse the urlencoding used for the cookie... |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
57 |
""" |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
58 |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
59 |
log.debug("cookies: %s", self.request.cookies) |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
60 |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
61 |
cookie = self.request.cookies.get(self.app.cookie_name) |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
62 |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
63 |
if not cookie : |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
64 |
return |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
65 |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
66 |
log.debug("cookie %s=%s", self.app.cookie_name, cookie) |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
67 |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
68 |
cookie = werkzeug.urls.url_unquote(cookie) |
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
69 |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
70 |
log.debug("cookie decoded: %s", cookie) |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
71 |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
72 |
if not cookie : |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
73 |
return |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
74 |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
75 |
try : |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
76 |
self.pubtkt = self.app.load(cookie) |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
77 |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
78 |
except pubtkt.ParseError as ex : |
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
79 |
self.alert('danger', ex) |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
80 |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
81 |
except pubtkt.ExpiredError as ex : |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
82 |
self.pubtkt = ex.pubtkt |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
83 |
self.alert('warning', ex) |
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
84 |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
85 |
except pubtkt.VerifyError as ex : |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
86 |
self.pubtkt = ex.pubtkt |
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
87 |
self.alert('danger', ex) |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
88 |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
89 |
def process_back (self) : |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
90 |
self.server = None |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
91 |
self.back = urlparse.urlunparse((self.app.login_scheme, self.app.login_server, '/', '', '', '')) |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
92 |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
93 |
back = self.request.args.get('back') |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
94 |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
95 |
if back : |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
96 |
url = urlparse.urlparse(back, self.app.login_scheme) |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
97 |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
98 |
if not self.app.login_scheme : |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
99 |
scheme = url.scheme |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
100 |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
101 |
elif url.scheme == self.app.login_scheme : |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
102 |
scheme = url.scheme |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
103 |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
104 |
else : |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
105 |
self.alert('info', "Using SSL for application URL") |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
106 |
scheme = self.app.login_scheme |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
107 |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
108 |
self.server = self.app.check_server(url.hostname) |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
109 |
self.back = urlparse.urlunparse((scheme, self.server, url.path, url.params, url.query, url.fragment)) |
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
110 |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
111 |
class Index (Handler) : |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
112 |
TITLE = u"Päivölä Network Login" |
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
113 |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
114 |
STYLE = Handler.STYLE + """ |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
115 |
.pubtkt { |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
116 |
width: 30em; |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
117 |
margin: 1em auto; |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
118 |
} |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
119 |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
120 |
.pubtkt form { |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
121 |
display: inline; |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
122 |
} |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
123 |
""" |
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
124 |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
125 |
def process (self) : |
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
126 |
self.process_cookie() |
350 | 127 |
|
128 |
if not self.pubtkt : |
|
129 |
return self.redirect(Login) |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
130 |
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
131 |
def render_valid (self, valid) : |
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
132 |
seconds = valid.seconds + valid.days * (24 * 60 * 60) |
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
133 |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
134 |
minutes, seconds = divmod(seconds, 60) |
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
135 |
hours, minutes = divmod(minutes, 60) |
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
136 |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
137 |
return "%2d:%02d:%02d" % (hours, minutes, seconds) |
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
138 |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
139 |
def render_status (self, pubtkt) : |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
140 |
valid = pubtkt.valid() |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
141 |
grace = pubtkt.grace() |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
142 |
|
357
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
143 |
if grace : |
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
144 |
return 'warning' |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
145 |
elif valid : |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
146 |
return 'success' |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
147 |
else : |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
148 |
return 'danger' |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
149 |
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
150 |
def render_pubtkt_fields (self, pubtkt) : |
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
151 |
""" |
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
152 |
Yield (glyphicon, text) to render as fields for ticket. |
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
153 |
""" |
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
154 |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
155 |
yield 'user', None, "User account", pubtkt.uid |
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
156 |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
157 |
valid = pubtkt.valid() |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
158 |
grace = pubtkt.grace() |
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
159 |
|
357
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
160 |
if grace : |
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
161 |
valid = "{grace} (Renew)".format(grace=self.render_valid(grace)) |
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
162 |
valid_status = 'warning' |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
163 |
elif valid : |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
164 |
valid = "{valid}".format(valid=self.render_valid(valid)) |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
165 |
valid_status = 'success' |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
166 |
else : |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
167 |
valid = "Expired" |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
168 |
valid_status = 'danger' |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
169 |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
170 |
yield 'time', valid_status, "Remaining validity", valid |
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
171 |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
172 |
if pubtkt.cip : |
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
173 |
yield 'cloud', None, "Network address", pubtkt.cip |
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
174 |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
175 |
if pubtkt.udata : |
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
176 |
yield 'comment', None, "Associated data", pubtkt.udata |
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
177 |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
178 |
for token in pubtkt.tokens : |
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
179 |
yield 'flag', None, "Access token", token |
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
180 |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
181 |
if pubtkt.bauth : |
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
182 |
yield 'keys', None, "Authentication token", pubtkt.bauth |
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
183 |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
184 |
def render_pubtkt (self, pubtkt) : |
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
185 |
status = self.render_status(pubtkt) |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
186 |
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
187 |
return html.div(class_='pubtkt panel panel-{status}'.format(status=status))( |
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
188 |
html.div(class_='panel-heading')("Login: {pubtkt.uid}".format(pubtkt=self.pubtkt)), |
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
189 |
html.ul(class_='list-group')( |
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
190 |
html.li(class_='list-group-item {status}'.format(status=('alert-'+status if status else '')), title=title)( |
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
191 |
html.span(class_='glyphicon glyphicon-{glyphicon}'.format(glyphicon=icon)) if icon else None, |
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
192 |
info, |
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
193 |
) for icon, status, title, info in self.render_pubtkt_fields(pubtkt) |
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
194 |
), |
350 | 195 |
html.div(class_='panel-footer')( |
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
196 |
#html.div(class_='btn-toolbar', role='toolbar')( |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
197 |
( |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
198 |
html.form(action=self.url(Login), method='post', class_='form-inline')( |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
199 |
html.button(type='submit', class_='btn btn-success')("Renew"), |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
200 |
) |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
201 |
) if pubtkt.valid() else ( |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
202 |
html.form(action=self.url(Login), method='get', class_='form-inline')( |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
203 |
html.button(type='submit', class_='btn btn-info')("Login"), |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
204 |
), |
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
205 |
), |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
206 |
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
207 |
html.form(action=self.url(Logout), method='post', class_='form-inline pull-right')( |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
208 |
html.button(type='submit', class_='btn btn-warning')("Logout"), |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
209 |
), |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
210 |
#), |
350 | 211 |
), |
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
212 |
) |
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
213 |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
214 |
def render_info (self) : |
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
215 |
for type, alert in self.alerts : |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
216 |
yield html.div(class_='alert alert-{type}'.format(type=type))(alert) |
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
217 |
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
218 |
if self.pubtkt : |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
219 |
yield self.render_pubtkt(self.pubtkt) |
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
220 |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
221 |
def render (self) : |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
222 |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
223 |
return html.div(class_='container')( |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
224 |
self.render_info(), |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
225 |
) |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
226 |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
227 |
class Login (Handler) : |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
228 |
TITLE = "Login" |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
229 |
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
230 |
STYLE = Handler.STYLE + """ |
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
231 |
form#login { |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
232 |
max-width: 50%; |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
233 |
padding: 1em; |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
234 |
margin: 0 auto; |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
235 |
} |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
236 |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
237 |
""" |
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
238 |
def process (self) : |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
239 |
self.process_cookie() |
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
240 |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
241 |
try : |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
242 |
self.process_back() |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
243 |
except pubtkt.Error as ex : |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
244 |
self.alert('danger', ex) |
357
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
245 |
|
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
246 |
# update cookie? |
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
247 |
set_pubtkt = None |
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
248 |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
249 |
if self.request.method == 'POST' : |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
250 |
username = self.request.form.get('username') |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
251 |
password = self.request.form.get('username') |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
252 |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
253 |
if username and password : |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
254 |
# preprocess |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
255 |
username = username.strip().lower() |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
256 |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
257 |
try : |
357
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
258 |
set_pubtkt = self.app.auth(username, password) |
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
259 |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
260 |
except pubtkt.Error as ex : |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
261 |
self.auth_errors = ex |
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
262 |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
263 |
elif self.pubtkt and self.pubtkt.valid() : |
357
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
264 |
# renew manually if valid |
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
265 |
set_pubtkt = self.app.renew(self.pubtkt) |
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
266 |
|
357
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
267 |
elif 'renew' in self.request.args : |
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
268 |
# renew automatically if in grace period |
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
269 |
if self.pubtkt and self.pubtkt.grace() : |
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
270 |
set_pubtkt = self.app.renew(self.pubtkt) |
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
271 |
|
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
272 |
if set_pubtkt : |
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
273 |
# browsers seem to be very particular about quoting ;'s in cookie values... |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
274 |
# this follows PHP's setcookie() encoding... |
357
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
275 |
cookie = werkzeug.urls.url_quote(self.app.sign(set_pubtkt)) |
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
276 |
|
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
277 |
self.pubtkt = set_pubtkt |
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
278 |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
279 |
# redirect with cookie |
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
280 |
response = pvl.web.response.redirect(self.back) |
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
281 |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
282 |
response.set_cookie(self.app.cookie_name, cookie, |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
283 |
domain = self.app.cookie_domain, |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
284 |
secure = self.app.cookie_secure, |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
285 |
httponly = self.app.cookie_httponly, |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
286 |
) |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
287 |
|
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
288 |
return response |
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
289 |
|
357
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
290 |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
291 |
def render (self) : |
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
292 |
if self.pubtkt : |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
293 |
username = self.pubtkt.uid |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
294 |
else : |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
295 |
username = None |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
296 |
|
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
297 |
domain = self.app.login_domain |
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
298 |
|
355
2daf32a118ff
pvl.login: logout -> /login?logout=1
Tero Marttila <terom@paivola.fi>
parents:
354
diff
changeset
|
299 |
if 'logout' in self.request.args : |
2daf32a118ff
pvl.login: logout -> /login?logout=1
Tero Marttila <terom@paivola.fi>
parents:
354
diff
changeset
|
300 |
self.alert('info', "You have been logged out.") |
2daf32a118ff
pvl.login: logout -> /login?logout=1
Tero Marttila <terom@paivola.fi>
parents:
354
diff
changeset
|
301 |
|
357
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
302 |
if self.pubtkt and self.pubtkt.valid() : |
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
303 |
renew = True |
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
304 |
|
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
305 |
# within validity period... |
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
306 |
self.alert('info', "Login or renew ticket.") |
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
307 |
|
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
308 |
else : |
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
309 |
renew = False |
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
310 |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
311 |
return html.div(class_='container')( |
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
312 |
html.form(action=self.url(back=self.back), method='POST', id='login')( |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
313 |
( |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
314 |
html.div(class_='alert alert-{alert}'.format(alert=type))(alert) |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
315 |
for type, alert in self.alerts |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
316 |
), |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
317 |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
318 |
html.fieldset( |
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
319 |
html.legend( |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
320 |
( |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
321 |
"Login @ ", |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
322 |
html.a(href=self.back)(self.server), |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
323 |
) if self.server else ( |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
324 |
"Login" |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
325 |
) |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
326 |
), |
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
327 |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
328 |
html.div(class_='form-group')( |
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
329 |
html.div(class_='input-group')( |
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
330 |
html.label(for_='username', class_='sr-only')("Username"), |
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
331 |
html.input(name='username', type='text', class_='form-control', placeholder="username", required=True, autofocus=True, value=username), |
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
332 |
html.span(class_='input-group-addon')("@{domain}".format(domain=domain)), |
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
333 |
), |
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
334 |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
335 |
html.label(for_='password', class_='sr-only')("Password"), |
357
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
336 |
html.input(name='password', type='password', class_='form-control', placeholder="Password", required=(not renew)), |
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
337 |
), |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
338 |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
339 |
html.button(type='submit', class_='btn btn-primary')("Login"), |
357
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
340 |
|
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
341 |
html.button(type='submit', class_='btn btn-success')("Rewnew") if renew else None, |
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
342 |
) |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
343 |
) |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
344 |
) |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
345 |
|
350 | 346 |
class Logout (Handler) : |
347 |
TITLE = "Logout" |
|
348 |
||
349 |
def process (self) : |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
350 |
self.process_cookie() |
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
351 |
|
350 | 352 |
if not self.pubtkt : |
355
2daf32a118ff
pvl.login: logout -> /login?logout=1
Tero Marttila <terom@paivola.fi>
parents:
354
diff
changeset
|
353 |
return self.redirect(Login) |
350 | 354 |
|
355 |
if self.request.method == 'POST' : |
|
355
2daf32a118ff
pvl.login: logout -> /login?logout=1
Tero Marttila <terom@paivola.fi>
parents:
354
diff
changeset
|
356 |
response = pvl.web.response.redirect(self.url(Login, logout=1)) |
350 | 357 |
|
358 |
response.set_cookie(self.app.cookie_name, '', |
|
359 |
expires = 0, |
|
360 |
domain = self.app.cookie_domain, |
|
361 |
secure = self.app.cookie_secure, |
|
362 |
httponly = self.app.cookie_httponly, |
|
363 |
) |
|
364 |
||
365 |
return response |
|
366 |
||
367 |
def render (self) : |
|
368 |
return html.div(class_='container')( |
|
369 |
html.form(action=self.url(), method='post')( |
|
370 |
html.fieldset( |
|
371 |
html.legend("Logout {pubtkt.uid}".format(pubtkt=self.pubtkt)), |
|
372 |
||
373 |
html.button(type='submit', class_='btn btn-warning')("Logout"), |
|
374 |
) |
|
375 |
) |
|
376 |
) |
|
377 |
||
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
378 |
class LoginApplication (pvl.web.Application) : |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
379 |
URLS = urls.Map(( |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
380 |
urls.rule('/', Index), |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
381 |
urls.rule('/login', Login), |
350 | 382 |
urls.rule('/logout', Logout), |
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
383 |
)) |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
384 |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
385 |
PUBLIC_KEY = 'etc/login/public.pem' |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
386 |
PRIVATE_KEY = 'etc/login/private.pem' |
349
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
387 |
|
3c20473d0bdc
pvl.login: pimp out form with domain, and iconized panel for ticket
Tero Marttila <terom@paivola.fi>
parents:
348
diff
changeset
|
388 |
login_domain = 'test.paivola.fi' |
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
389 |
login_server = 'login.test.paivola.fi' |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
390 |
login_valid = datetime.timedelta(seconds=60) |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
391 |
login_grace = datetime.timedelta(seconds=30) |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
392 |
login_scheme = 'https' |
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
393 |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
394 |
cookie_name = 'auth_pubtkt' |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
395 |
cookie_domain = 'test.paivola.fi' |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
396 |
cookie_secure = True |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
397 |
cookie_httponly = True |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
398 |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
399 |
def __init__ (self, public_key=PUBLIC_KEY, private_key=PRIVATE_KEY, **opts) : |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
400 |
super(LoginApplication, self).__init__(**opts) |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
401 |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
402 |
self.server_keys = pubtkt.ServerKeys.config( |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
403 |
public_key = public_key, |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
404 |
private_key = private_key, |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
405 |
) |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
406 |
|
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
407 |
def check_server (self, server) : |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
408 |
""" |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
409 |
Check that the given target server is valid. |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
410 |
""" |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
411 |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
412 |
server = server.lower() |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
413 |
|
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
414 |
if server == self.login_domain or server.endswith('.' + self.login_domain) : |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
415 |
return server |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
416 |
else : |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
417 |
raise pubtkt.ServerError("Target server is not covered by our authentication domain: {domain}".format(domain=self.login_domain)) |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
418 |
|
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
419 |
def load (self, cookie) : |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
420 |
""" |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
421 |
Load a pubtkt from a cookie, and verify it. |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
422 |
""" |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
423 |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
424 |
return pubtkt.PubTkt.load(cookie, self.server_keys.public) |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
425 |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
426 |
def auth (self, username, password) : |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
427 |
""" |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
428 |
Perform authentication, returning a PubTkt, signed |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
429 |
""" |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
430 |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
431 |
return pubtkt.PubTkt.new(username, |
354
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
432 |
valid = self.login_valid, |
d46c8d3e3140
pvl.login: ui tweaks, alerts, back support
Tero Marttila <terom@paivola.fi>
parents:
351
diff
changeset
|
433 |
grace = self.login_grace, |
348
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
434 |
) |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
435 |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
436 |
def sign (self, pubtkt) : |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
437 |
""" |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
438 |
Create a cookie by signing the given pubtkt. |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
439 |
""" |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
440 |
|
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
441 |
return pubtkt.sign(self.server_keys.private) |
089ec3eddc92
pvl.login: a pubtkt-based sso login server..
Tero Marttila <terom@paivola.fi>
parents:
diff
changeset
|
442 |
|
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
443 |
def renew (self, pubtkt) : |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
444 |
""" |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
445 |
Renew and re-sign the given pubtkt. |
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
446 |
""" |
357
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
447 |
|
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
448 |
# XXX: inplace |
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
449 |
pubtkt.renew(self.login_valid, self.login_grace) |
351
147f5e86b139
pvl.login: fix validity logic, implement renew
Tero Marttila <terom@paivola.fi>
parents:
350
diff
changeset
|
450 |
|
357
f85050bad115
pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period
Tero Marttila <terom@paivola.fi>
parents:
355
diff
changeset
|
451 |
return pubtkt |