| 1 | """WSGI Middleware components - OpenID package Authentication Interface |
|---|
| 2 | plugins sub-package |
|---|
| 3 | |
|---|
| 4 | NERC DataGrid Project""" |
|---|
| 5 | __author__ = "P J Kershaw" |
|---|
| 6 | __date__ = "05/12/08" |
|---|
| 7 | __copyright__ = "(C) 2009 Science and Technology Facilities Council" |
|---|
| 8 | __license__ = "BSD - see LICENSE file in top-level directory" |
|---|
| 9 | __contact__ = "Philip.Kershaw@stfc.ac.uk" |
|---|
| 10 | __revision__ = '$Id$' |
|---|
| 11 | import logging |
|---|
| 12 | log = logging.getLogger(__name__) |
|---|
| 13 | |
|---|
| 14 | |
|---|
| 15 | class AuthNInterfaceError(Exception): |
|---|
| 16 | """Base class for AbstractAuthNInterface exceptions |
|---|
| 17 | |
|---|
| 18 | A standard message is raised set by the msg class variable but the actual |
|---|
| 19 | exception details are logged to the error log. The use of a standard |
|---|
| 20 | message enables callers to use its content for user error messages. |
|---|
| 21 | |
|---|
| 22 | @type msg: basestring |
|---|
| 23 | @cvar msg: standard message to be raised for this exception""" |
|---|
| 24 | userMsg = ("An internal error occurred during login, Please contact your " |
|---|
| 25 | "system administrator") |
|---|
| 26 | errorMsg = "AuthNInterface error" |
|---|
| 27 | |
|---|
| 28 | def __init__(self, *arg, **kw): |
|---|
| 29 | if len(arg) > 0: |
|---|
| 30 | msg = arg[0] |
|---|
| 31 | else: |
|---|
| 32 | msg = self.__class__.errorMsg |
|---|
| 33 | |
|---|
| 34 | log.error(msg) |
|---|
| 35 | Exception.__init__(self, msg, **kw) |
|---|
| 36 | |
|---|
| 37 | |
|---|
| 38 | class AuthNInterfaceInvalidCredentials(AuthNInterfaceError): |
|---|
| 39 | """User has provided incorrect username/password. Raise from logon""" |
|---|
| 40 | userMsg = ("Invalid username / password provided. Please try again. If " |
|---|
| 41 | "the problem persists please contact your system " |
|---|
| 42 | "administrator") |
|---|
| 43 | errorMsg = "Invalid username/password provided" |
|---|
| 44 | |
|---|
| 45 | |
|---|
| 46 | class AuthNInterfaceUsername2IdentifierMismatch(AuthNInterfaceError): |
|---|
| 47 | """User has provided a username which doesn't match the identifier from |
|---|
| 48 | the OpenID URL that they provided. DOESN'T apply to ID Select mode where |
|---|
| 49 | the user has given a generic URL for their OpenID Provider.""" |
|---|
| 50 | userMsg = ("Invalid username for the OpenID entered. Please ensure you " |
|---|
| 51 | "have the correct OpenID and username and try again. If the " |
|---|
| 52 | "problem persists contact your system administrator") |
|---|
| 53 | errorMsg = "invalid username / OpenID identifier combination" |
|---|
| 54 | |
|---|
| 55 | |
|---|
| 56 | class AuthNInterfaceRetrieveError(AuthNInterfaceError): |
|---|
| 57 | """Error with retrieval of information to authenticate user e.g. error with |
|---|
| 58 | database look-up. Raise from logon""" |
|---|
| 59 | errorMsg = ("An error occurred retrieving information to check the login " |
|---|
| 60 | "credentials") |
|---|
| 61 | |
|---|
| 62 | |
|---|
| 63 | class AuthNInterfaceInitError(AuthNInterfaceError): |
|---|
| 64 | """Error with initialisation of AuthNInterface. Raise from __init__""" |
|---|
| 65 | errorMsg = "AuthNInterface initialisation error" |
|---|
| 66 | |
|---|
| 67 | |
|---|
| 68 | class AuthNInterfaceConfigError(AuthNInterfaceError): |
|---|
| 69 | """Error with Authentication configuration. Raise from __init__""" |
|---|
| 70 | errorMsg = "AuthNInterface configuration error" |
|---|
| 71 | |
|---|
| 72 | |
|---|
| 73 | class AbstractAuthNInterface(object): |
|---|
| 74 | '''OpenID Provider abstract base class for authentication configuration. |
|---|
| 75 | Derive from this class to define the authentication interface for users |
|---|
| 76 | logging into the OpenID Provider''' |
|---|
| 77 | |
|---|
| 78 | # Slot declaration here enables derived classes to use slots if they want to |
|---|
| 79 | __slots__ = () |
|---|
| 80 | |
|---|
| 81 | def __init__(self, **prop): |
|---|
| 82 | """Make any initial settings |
|---|
| 83 | |
|---|
| 84 | Settings are held in a dictionary which can be set from **prop, |
|---|
| 85 | a call to setProperties() or by passing settings in an XML file |
|---|
| 86 | given by propFilePath |
|---|
| 87 | |
|---|
| 88 | @type **prop: dict |
|---|
| 89 | @param **prop: set properties via keywords |
|---|
| 90 | @raise AuthNInterfaceInitError: error with initialisation |
|---|
| 91 | @raise AuthNInterfaceConfigError: error with configuration |
|---|
| 92 | @raise AuthNInterfaceError: generic exception not described by the |
|---|
| 93 | other specific exception types. |
|---|
| 94 | """ |
|---|
| 95 | |
|---|
| 96 | def logon(self, environ, identityURI, username, password): |
|---|
| 97 | """Interface login method |
|---|
| 98 | |
|---|
| 99 | @type environ: dict |
|---|
| 100 | @param environ: standard WSGI environ parameter |
|---|
| 101 | |
|---|
| 102 | @type identityURI: basestring |
|---|
| 103 | @param identityURI: user's identity URL e.g. |
|---|
| 104 | 'https://joebloggs.somewhere.ac.uk/' |
|---|
| 105 | |
|---|
| 106 | @type username: basestring |
|---|
| 107 | @param username: user identifier for authentication |
|---|
| 108 | |
|---|
| 109 | @type password: basestring |
|---|
| 110 | @param password: corresponding password for username givens |
|---|
| 111 | |
|---|
| 112 | @raise AuthNInterfaceInvalidCredentials: invalid username/password |
|---|
| 113 | @raise AuthNInterfaceUsername2IdentifierMismatch: username doesn't |
|---|
| 114 | match the OpenID URL provided by the user. (Doesn't apply to ID Select |
|---|
| 115 | type requests). |
|---|
| 116 | @raise AuthNInterfaceRetrieveError: error with retrieval of information |
|---|
| 117 | to authenticate user e.g. error with database look-up. |
|---|
| 118 | @raise AuthNInterfaceError: generic exception not described by the |
|---|
| 119 | other specific exception types. |
|---|
| 120 | """ |
|---|
| 121 | raise NotImplementedError() |
|---|
| 122 | |
|---|
| 123 | def username2UserIdentifiers(self, environ, username): |
|---|
| 124 | """Map the login username to an identifier which will become the |
|---|
| 125 | unique path suffix to the user's OpenID identifier. The |
|---|
| 126 | OpenIDProviderMiddleware takes self.urls['id_url']/ |
|---|
| 127 | self.urls['id_yadis'] and adds it to this identifier: |
|---|
| 128 | |
|---|
| 129 | identifier = self._authN.username2UserIdentifiers(environ, |
|---|
| 130 | username) |
|---|
| 131 | identityURL = self.createIdentityURI(self.urls['url_id'], |
|---|
| 132 | identifier) |
|---|
| 133 | |
|---|
| 134 | @type environ: dict |
|---|
| 135 | @param environ: standard WSGI environ parameter |
|---|
| 136 | |
|---|
| 137 | @type username: basestring |
|---|
| 138 | @param username: user identifier |
|---|
| 139 | |
|---|
| 140 | @rtype: tuple |
|---|
| 141 | @return: one or more identifiers to be used to make OpenID user |
|---|
| 142 | identity URL(s). |
|---|
| 143 | |
|---|
| 144 | @raise AuthNInterfaceConfigError: problem with the configuration |
|---|
| 145 | @raise AuthNInterfaceRetrieveError: error with retrieval of information |
|---|
| 146 | to identifier e.g. error with database look-up. |
|---|
| 147 | @raise AuthNInterfaceError: generic exception not described by the |
|---|
| 148 | other specific exception types. |
|---|
| 149 | """ |
|---|
| 150 | raise NotImplementedError() |
|---|
| 151 | |
|---|
| 152 | def logout(self, authNInterface): |
|---|
| 153 | """Stub to enable custom actions for logout. |
|---|
| 154 | |
|---|
| 155 | @type authNInterface: AbstractAuthNInterface derived type |
|---|
| 156 | @param authNInterface: authentication interface object. See |
|---|
| 157 | AbstractAuthNInterface class for details |
|---|
| 158 | """ |
|---|
| 159 | raise NotImplementedError() |
|---|
