pvl-verkko: pvl/login/server.py@f85050bad115 (annotated)

348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	1	# encoding: utf-8
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	2
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	3	import datetime
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	4	import urlparse
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	5	import werkzeug
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	6	import werkzeug.urls
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	7
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	8	import pvl.web
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	9	import pvl.web.response
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	10
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	11	from pvl.login import pubtkt
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	12	from pvl.web import urls, html
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	13
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	14	import logging; log = logging.getLogger('pvl.login.server')
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	15
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	16	class Handler (pvl.web.Handler) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	17	# Bootstrap
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	18	DOCTYPE = 'html'
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	19	HTML_XMLNS = None
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	20	HTML_LANG = 'en'
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	21	CSS = (
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	22	'//netdna.bootstrapcdn.com/bootstrap/3.0.3/css/bootstrap.min.css',
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	23	)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	24	JS = (
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	25	'//code.jquery.com/jquery.js',
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	26	'//netdna.bootstrapcdn.com/bootstrap/3.0.3/js/bootstrap.min.js',
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	27	)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	28
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	29	STYLE = """
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	30	body {
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	31	padding-top: 2em;
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	32	text-align: center;
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	33	}
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	34
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	35	.container {
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	36	padding: 2em 1em;
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	37	text-align: left;
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	38	}
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	39	"""
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	40
350 1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	41	def redirect (self, url, *params) :
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	42	return pvl.web.response.redirect(self.url(url, *params))
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	43
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	44	pubtkt = None
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	45
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	46	def init (self) :
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	47	self.alerts = []
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	48
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	49	def alert (self, type, alert) :
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	50	log.info(u"%s: %s", type, alert)
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	51
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	52	self.alerts.append((type, unicode(alert)))
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	53
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	54	def process_cookie (self) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	55	"""
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	56	Reverse the urlencoding used for the cookie...
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	57	"""
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	58
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	59	log.debug("cookies: %s", self.request.cookies)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	60
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	61	cookie = self.request.cookies.get(self.app.cookie_name)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	62
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	63	if not cookie :
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	64	return
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	65
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	66	log.debug("cookie %s=%s", self.app.cookie_name, cookie)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	67
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	68	cookie = werkzeug.urls.url_unquote(cookie)
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	69
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	70	log.debug("cookie decoded: %s", cookie)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	71
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	72	if not cookie :
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	73	return
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	74
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	75	try :
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	76	self.pubtkt = self.app.load(cookie)
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	77
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	78	except pubtkt.ParseError as ex :
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	79	self.alert('danger', ex)
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	80
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	81	except pubtkt.ExpiredError as ex :
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	82	self.pubtkt = ex.pubtkt
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	83	self.alert('warning', ex)
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	84
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	85	except pubtkt.VerifyError as ex :
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	86	self.pubtkt = ex.pubtkt
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	87	self.alert('danger', ex)
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	88
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	89	def process_back (self) :
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	90	self.server = None
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	91	self.back = urlparse.urlunparse((self.app.login_scheme, self.app.login_server, '/', '', '', ''))
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	92
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	93	back = self.request.args.get('back')
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	94
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	95	if back :
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	96	url = urlparse.urlparse(back, self.app.login_scheme)
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	97
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	98	if not self.app.login_scheme :
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	99	scheme = url.scheme
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	100
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	101	elif url.scheme == self.app.login_scheme :
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	102	scheme = url.scheme
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	103
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	104	else :
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	105	self.alert('info', "Using SSL for application URL")
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	106	scheme = self.app.login_scheme
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	107
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	108	self.server = self.app.check_server(url.hostname)
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	109	self.back = urlparse.urlunparse((scheme, self.server, url.path, url.params, url.query, url.fragment))
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	110
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	111	class Index (Handler) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	112	TITLE = u"Päivölä Network Login"
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	113
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	114	STYLE = Handler.STYLE + """
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	115	.pubtkt {
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	116	width: 30em;
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	117	margin: 1em auto;
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	118	}
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	119
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	120	.pubtkt form {
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	121	display: inline;
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	122	}
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	123	"""
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	124
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	125	def process (self) :
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	126	self.process_cookie()
350 1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	127
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	128	if not self.pubtkt :
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	129	return self.redirect(Login)
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	130
349 3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	131	def render_valid (self, valid) :
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	132	seconds = valid.seconds + valid.days * (24 * 60 * 60)
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	133
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	134	minutes, seconds = divmod(seconds, 60)
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	135	hours, minutes = divmod(minutes, 60)
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	136
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	137	return "%2d:%02d:%02d" % (hours, minutes, seconds)
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	138
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	139	def render_status (self, pubtkt) :
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	140	valid = pubtkt.valid()
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	141	grace = pubtkt.grace()
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	142
357 f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	143	if grace :
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	144	return 'warning'
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	145	elif valid :
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	146	return 'success'
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	147	else :
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	148	return 'danger'
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	149
349 3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	150	def render_pubtkt_fields (self, pubtkt) :
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	151	"""
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	152	Yield (glyphicon, text) to render as fields for ticket.
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	153	"""
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	154
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	155	yield 'user', None, "User account", pubtkt.uid
349 3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	156
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	157	valid = pubtkt.valid()
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	158	grace = pubtkt.grace()
349 3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	159
357 f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	160	if grace :
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	161	valid = "{grace} (Renew)".format(grace=self.render_valid(grace))
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	162	valid_status = 'warning'
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	163	elif valid :
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	164	valid = "{valid}".format(valid=self.render_valid(valid))
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	165	valid_status = 'success'
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	166	else :
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	167	valid = "Expired"
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	168	valid_status = 'danger'
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	169
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	170	yield 'time', valid_status, "Remaining validity", valid
349 3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	171
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	172	if pubtkt.cip :
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	173	yield 'cloud', None, "Network address", pubtkt.cip
349 3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	174
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	175	if pubtkt.udata :
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	176	yield 'comment', None, "Associated data", pubtkt.udata
349 3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	177
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	178	for token in pubtkt.tokens :
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	179	yield 'flag', None, "Access token", token
349 3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	180
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	181	if pubtkt.bauth :
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	182	yield 'keys', None, "Authentication token", pubtkt.bauth
349 3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	183
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	184	def render_pubtkt (self, pubtkt) :
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	185	status = self.render_status(pubtkt)
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	186
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	187	return html.div(class_='pubtkt panel panel-{status}'.format(status=status))(
349 3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	188	html.div(class_='panel-heading')("Login: {pubtkt.uid}".format(pubtkt=self.pubtkt)),
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	189	html.ul(class_='list-group')(
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	190	html.li(class_='list-group-item {status}'.format(status=('alert-'+status if status else '')), title=title)(
349 3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	191	html.span(class_='glyphicon glyphicon-{glyphicon}'.format(glyphicon=icon)) if icon else None,
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	192	info,
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	193	) for icon, status, title, info in self.render_pubtkt_fields(pubtkt)
349 3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	194	),
350 1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	195	html.div(class_='panel-footer')(
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	196	#html.div(class_='btn-toolbar', role='toolbar')(
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	197	(
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	198	html.form(action=self.url(Login), method='post', class_='form-inline')(
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	199	html.button(type='submit', class_='btn btn-success')("Renew"),
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	200	)
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	201	) if pubtkt.valid() else (
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	202	html.form(action=self.url(Login), method='get', class_='form-inline')(
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	203	html.button(type='submit', class_='btn btn-info')("Login"),
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	204	),
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	205	),
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	206
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	207	html.form(action=self.url(Logout), method='post', class_='form-inline pull-right')(
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	208	html.button(type='submit', class_='btn btn-warning')("Logout"),
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	209	),
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	210	#),
350 1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	211	),
349 3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	212	)
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	213
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	214	def render_info (self) :
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	215	for type, alert in self.alerts :
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	216	yield html.div(class_='alert alert-{type}'.format(type=type))(alert)
349 3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	217
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	218	if self.pubtkt :
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	219	yield self.render_pubtkt(self.pubtkt)
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	220
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	221	def render (self) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	222
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	223	return html.div(class_='container')(
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	224	self.render_info(),
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	225	)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	226
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	227	class Login (Handler) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	228	TITLE = "Login"
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	229
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	230	STYLE = Handler.STYLE + """
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	231	form#login {
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	232	max-width: 50%;
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	233	padding: 1em;
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	234	margin: 0 auto;
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	235	}
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	236
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	237	"""
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	238	def process (self) :
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	239	self.process_cookie()
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	240
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	241	try :
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	242	self.process_back()
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	243	except pubtkt.Error as ex :
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	244	self.alert('danger', ex)
357 f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	245
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	246	# update cookie?
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	247	set_pubtkt = None
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	248
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	249	if self.request.method == 'POST' :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	250	username = self.request.form.get('username')
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	251	password = self.request.form.get('username')
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	252
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	253	if username and password :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	254	# preprocess
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	255	username = username.strip().lower()
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	256
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	257	try :
357 f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	258	set_pubtkt = self.app.auth(username, password)
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	259
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	260	except pubtkt.Error as ex :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	261	self.auth_errors = ex
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	262
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	263	elif self.pubtkt and self.pubtkt.valid() :
357 f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	264	# renew manually if valid
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	265	set_pubtkt = self.app.renew(self.pubtkt)
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	266
357 f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	267	elif 'renew' in self.request.args :
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	268	# renew automatically if in grace period
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	269	if self.pubtkt and self.pubtkt.grace() :
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	270	set_pubtkt = self.app.renew(self.pubtkt)
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	271
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	272	if set_pubtkt :
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	273	# browsers seem to be very particular about quoting ;'s in cookie values...
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	274	# this follows PHP's setcookie() encoding...
357 f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	275	cookie = werkzeug.urls.url_quote(self.app.sign(set_pubtkt))
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	276
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	277	self.pubtkt = set_pubtkt
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	278
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	279	# redirect with cookie
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	280	response = pvl.web.response.redirect(self.back)
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	281
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	282	response.set_cookie(self.app.cookie_name, cookie,
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	283	domain = self.app.cookie_domain,
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	284	secure = self.app.cookie_secure,
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	285	httponly = self.app.cookie_httponly,
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	286	)
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	287
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	288	return response
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	289
357 f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	290
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	291	def render (self) :
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	292	if self.pubtkt :
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	293	username = self.pubtkt.uid
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	294	else :
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	295	username = None
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	296
349 3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	297	domain = self.app.login_domain
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	298
355 2daf32a118ff pvl.login: logout -> /login?logout=1 Tero Marttila <terom@paivola.fi> parents: 354 diff changeset	299	if 'logout' in self.request.args :
2daf32a118ff pvl.login: logout -> /login?logout=1 Tero Marttila <terom@paivola.fi> parents: 354 diff changeset	300	self.alert('info', "You have been logged out.")
2daf32a118ff pvl.login: logout -> /login?logout=1 Tero Marttila <terom@paivola.fi> parents: 354 diff changeset	301
357 f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	302	if self.pubtkt and self.pubtkt.valid() :
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	303	renew = True
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	304
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	305	# within validity period...
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	306	self.alert('info', "Login or renew ticket.")
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	307
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	308	else :
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	309	renew = False
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	310
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	311	return html.div(class_='container')(
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	312	html.form(action=self.url(back=self.back), method='POST', id='login')(
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	313	(
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	314	html.div(class_='alert alert-{alert}'.format(alert=type))(alert)
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	315	for type, alert in self.alerts
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	316	),
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	317
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	318	html.fieldset(
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	319	html.legend(
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	320	(
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	321	"Login @ ",
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	322	html.a(href=self.back)(self.server),
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	323	) if self.server else (
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	324	"Login"
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	325	)
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	326	),
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	327
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	328	html.div(class_='form-group')(
349 3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	329	html.div(class_='input-group')(
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	330	html.label(for_='username', class_='sr-only')("Username"),
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	331	html.input(name='username', type='text', class_='form-control', placeholder="username", required=True, autofocus=True, value=username),
349 3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	332	html.span(class_='input-group-addon')("@{domain}".format(domain=domain)),
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	333	),
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	334
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	335	html.label(for_='password', class_='sr-only')("Password"),
357 f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	336	html.input(name='password', type='password', class_='form-control', placeholder="Password", required=(not renew)),
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	337	),
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	338
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	339	html.button(type='submit', class_='btn btn-primary')("Login"),
357 f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	340
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	341	html.button(type='submit', class_='btn btn-success')("Rewnew") if renew else None,
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	342	)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	343	)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	344	)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	345
350 1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	346	class Logout (Handler) :
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	347	TITLE = "Logout"
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	348
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	349	def process (self) :
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	350	self.process_cookie()
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	351
350 1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	352	if not self.pubtkt :
355 2daf32a118ff pvl.login: logout -> /login?logout=1 Tero Marttila <terom@paivola.fi> parents: 354 diff changeset	353	return self.redirect(Login)
350 1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	354
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	355	if self.request.method == 'POST' :
355 2daf32a118ff pvl.login: logout -> /login?logout=1 Tero Marttila <terom@paivola.fi> parents: 354 diff changeset	356	response = pvl.web.response.redirect(self.url(Login, logout=1))
350 1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	357
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	358	response.set_cookie(self.app.cookie_name, '',
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	359	expires = 0,
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	360	domain = self.app.cookie_domain,
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	361	secure = self.app.cookie_secure,
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	362	httponly = self.app.cookie_httponly,
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	363	)
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	364
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	365	return response
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	366
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	367	def render (self) :
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	368	return html.div(class_='container')(
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	369	html.form(action=self.url(), method='post')(
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	370	html.fieldset(
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	371	html.legend("Logout {pubtkt.uid}".format(pubtkt=self.pubtkt)),
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	372
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	373	html.button(type='submit', class_='btn btn-warning')("Logout"),
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	374	)
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	375	)
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	376	)
1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	377
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	378	class LoginApplication (pvl.web.Application) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	379	URLS = urls.Map((
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	380	urls.rule('/', Index),
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	381	urls.rule('/login', Login),
350 1ca04394c314 pvl.login.server: logout Tero Marttila <terom@paivola.fi> parents: 349 diff changeset	382	urls.rule('/logout', Logout),
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	383	))
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	384
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	385	PUBLIC_KEY = 'etc/login/public.pem'
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	386	PRIVATE_KEY = 'etc/login/private.pem'
349 3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	387
3c20473d0bdc pvl.login: pimp out form with domain, and iconized panel for ticket Tero Marttila <terom@paivola.fi> parents: 348 diff changeset	388	login_domain = 'test.paivola.fi'
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	389	login_server = 'login.test.paivola.fi'
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	390	login_valid = datetime.timedelta(seconds=60)
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	391	login_grace = datetime.timedelta(seconds=30)
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	392	login_scheme = 'https'
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	393
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	394	cookie_name = 'auth_pubtkt'
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	395	cookie_domain = 'test.paivola.fi'
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	396	cookie_secure = True
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	397	cookie_httponly = True
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	398
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	399	def __init__ (self, public_key=PUBLIC_KEY, private_key=PRIVATE_KEY, **opts) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	400	super(LoginApplication, self).__init__(**opts)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	401
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	402	self.server_keys = pubtkt.ServerKeys.config(
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	403	public_key = public_key,
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	404	private_key = private_key,
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	405	)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	406
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	407	def check_server (self, server) :
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	408	"""
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	409	Check that the given target server is valid.
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	410	"""
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	411
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	412	server = server.lower()
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	413
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	414	if server == self.login_domain or server.endswith('.' + self.login_domain) :
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	415	return server
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	416	else :
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	417	raise pubtkt.ServerError("Target server is not covered by our authentication domain: {domain}".format(domain=self.login_domain))
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	418
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	419	def load (self, cookie) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	420	"""
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	421	Load a pubtkt from a cookie, and verify it.
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	422	"""
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	423
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	424	return pubtkt.PubTkt.load(cookie, self.server_keys.public)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	425
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	426	def auth (self, username, password) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	427	"""
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	428	Perform authentication, returning a PubTkt, signed
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	429	"""
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	430
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	431	return pubtkt.PubTkt.new(username,
354 d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	432	valid = self.login_valid,
d46c8d3e3140 pvl.login: ui tweaks, alerts, back support Tero Marttila <terom@paivola.fi> parents: 351 diff changeset	433	grace = self.login_grace,
348 089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	434	)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	435
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	436	def sign (self, pubtkt) :
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	437	"""
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	438	Create a cookie by signing the given pubtkt.
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	439	"""
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	440
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	441	return pubtkt.sign(self.server_keys.private)
089ec3eddc92 pvl.login: a pubtkt-based sso login server.. Tero Marttila <terom@paivola.fi> parents: diff changeset	442
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	443	def renew (self, pubtkt) :
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	444	"""
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	445	Renew and re-sign the given pubtkt.
147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	446	"""
357 f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	447
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	448	# XXX: inplace
f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	449	pubtkt.renew(self.login_valid, self.login_grace)
351 147f5e86b139 pvl.login: fix validity logic, implement renew Tero Marttila <terom@paivola.fi> parents: 350 diff changeset	450
357 f85050bad115 pvl.login.server: improved renewal handling, with manual renewal while valid, and automatic renewal within grace period Tero Marttila <terom@paivola.fi> parents: 355 diff changeset	451	return pubtkt

author	Tero Marttila <terom@paivola.fi>
	Mon, 13 Jan 2014 17:44:45 +0200
changeset 357	f85050bad115
parent 355	2daf32a118ff
child 359	70bcd6f1fa4a
permissions	-rw-r--r--