Changeset 4155

Timestamp:

01/09/08 11:39:28 (12 years ago)

Author:

pjkersha

Message:

Added and updated epydoc for openid_provider

File:

• TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid_provider.py (modified) (27 diffs)

TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid_provider.py

@@ -42 +42 @@
    
 class OpenIDProviderMiddleware(object):
-    """WSGI Middleware to implement an OpenID Provider"""
+    """WSGI Middleware to implement an OpenID Provider
+    
+    @cvar defKw: keywords to __init__ and their default values.  Input
+    keywords must match these
+    @type defKw: dict
+    
+    @cvar defPaths: subset of defKw.  These are keyword items corresponding
+    to the URL paths to be set for the individual OpenID Provider functions
+    @type: defPaths: dict
+    
+    @cvar formRespWrapperTmpl: If the response to the Relying Party is too long
+    it's rendered as form with the POST method instead of query arguments in a 
+    GET 302 redirect.  Wrap the form in this document to make the form submit 
+    automatically without user intervention.  See _displayResponse method 
+    below...
+    @type formRespWrapperTmpl: basestring"""
+    
+    formRespWrapperTmpl = """<html>
+    <head>
+        <script type="text/javascript">
+            function doRedirect()
+            {
+                document.forms[0].submit();
+            }
+        </script>
+    </head>
+    <body onLoad="doRedirect()">
+        %s
+    </body>
+</html>"""
 
     defKw = dict(path_openidserver='/openidserver',
@@ -66 +95 @@
      
     def __init__(self, app, app_conf=None, prefix='openid_provider.', **kw):
-        '''       
+        '''
+        @type app: callable following WSGI interface
+        @param app: next middleware application in the chain      
         @type app_conf: dict        
         @param app_conf: PasteDeploy application configuration dictionary
+        @type prefix: basestring
+        @param prefix: prefix for OpenID Provider configuration items
+        @type kw: dict
+        @param kw: keyword dictionary - must follow format of defKw 
+        class variable    
         '''
 
@@ -201 +237 @@
     
     def __call__(self, environ, start_response):
-        
+        """Standard WSGI interface.  Intercepts the path if it matches any of 
+        the paths set in the path_* keyword settings to the config
+        
+        @type environ: dict
+        @param environ: dictionary of environment variables
+        @type start_response: callable
+        @param start_response: standard WSGI callable to set HTTP headers
+        @rtype: basestring
+        @return: WSGI response
+        """
         if not environ.has_key(self.session_middleware):
             raise OpenIDProviderConfigError('The session middleware %r is not '
@@ -249 +294 @@
 
     def do_id(self, environ, start_response):
-        '''Handle ID request'''
+        '''Handle ID request
+        
+        @type environ: dict
+        @param environ: dictionary of environment variables
+        @type start_response: callable
+        @param start_response: standard WSGI callable to set HTTP headers
+        @rtype: basestring
+        @return: WSGI response
+       
+        '''
         response = self._renderer.renderIdentityPage(environ)
 
@@ -259 +313 @@
 
     def do_yadis(self, environ, start_response):
-        """Generate Yadis document"""
+        """Generate Yadis document
+        
+        @type environ: dict
+        @param environ: dictionary of environment variables
+        @type start_response: callable
+        @param start_response: standard WSGI callable to set HTTP headers
+        @rtype: basestring
+        @return: WSGI response
+
+        """
         response = self._renderer.renderYadis(environ)
      
@@ -269 +332 @@
 
     def do_openidserver(self, environ, start_response):
-        """Handle OpenID Server Request"""
+        """Handle OpenID Server Request
+        
+        @type environ: dict
+        @param environ: dictionary of environment variables
+        @type start_response: callable
+        @param start_response: standard WSGI callable to set HTTP headers
+        @rtype: basestring
+        @return: WSGI response
+
+        """
 
         try:
@@ -294 +366 @@
     def do_allow(self, environ, start_response):
         """Handle allow request - user allow credentials to be passed back to
-        the Relying Party?"""
+        the Relying Party?
+        
+        @type environ: dict
+        @param environ: dictionary of environment variables
+        @type start_response: callable
+        @param start_response: standard WSGI callable to set HTTP headers
+        @rtype: basestring
+        @return: WSGI response
+
+        """
         
         oidRequest = self.session.get('lastCheckIDRequest')
@@ -346 +427 @@
 
     def do_serveryadis(self, environ, start_response):
-        """Handle Server Yadis call"""
+        """Handle Server Yadis call
+        
+        @type environ: dict
+        @param environ: dictionary of environment variables
+        @type start_response: callable
+        @param start_response: standard WSGI callable to set HTTP headers
+        @rtype: basestring
+        @return: WSGI response
+
+        """
         response = self._renderer.renderServerYadis(environ)
         start_response("200 OK", 
@@ -355 +445 @@
 
     def do_login(self, environ, start_response, **kw):
-        """Display Login form"""
+        """Display Login form
+        
+        @type environ: dict
+        @param environ: dictionary of environment variables
+        @type start_response: callable
+        @param start_response: standard WSGI callable to set HTTP headers
+        @type kw: dict
+        @param kw: keywords to login renderer - see RenderingInterface class
+        @rtype: basestring
+        @return: WSGI response
+        """
         
         if 'fail_to' not in kw:
@@ -368 +468 @@
 
     def do_loginsubmit(self, environ, start_response):
-        """Handle user submission from login and logout"""
+        """Handle user submission from login and logout
+        
+        @type environ: dict
+        @param environ: dictionary of environment variables
+        @type start_response: callable
+        @param start_response: standard WSGI callable to set HTTP headers
+        @rtype: basestring
+        @return: WSGI response
+        """
         
         if 'submit' in self.query:
@@ -421 +529 @@
 
     def do_mainpage(self, environ, start_response):
-
+        '''Show an information page about the OpenID Provider
+        
+        @type environ: dict
+        @param environ: dictionary of environment variables
+        @type start_response: callable
+        @param start_response: standard WSGI callable to set HTTP headers
+        @rtype: basestring
+        @return: WSGI response
+        '''
+        
         response = self._renderer.renderMainPage(environ)
         start_response('200 OK', 
@@ -431 +548 @@
     def do_decide(self, environ, start_response):
         """Display page prompting the user to decide whether to trust the site
-        requesting their credentials"""
+        requesting their credentials
+        
+        @type environ: dict
+        @param environ: dictionary of environment variables
+        @type start_response: callable
+        @param start_response: standard WSGI callable to set HTTP headers
+        @rtype: basestring
+        @return: WSGI response
+        """
 
         oidRequest = self.session.get('lastCheckIDRequest')
@@ -454 +579 @@
         
     def _identityIsAuthorized(self, oidRequest):
-        '''The given identity URL matches with a logged in user'''
-
+        '''Check that a user is authorized i.e. does a session exist for their
+        username and if so does it correspond to the identity URL provided.
+        This last check doesn't apply for ID Select mode where no ID was input
+        at the Relying Party.
+        
+        @type oidRequest: openid.server.server.CheckIDRequest
+        @param oidRequest: OpenID Request object
+        @rtype: bool
+        @return: True/False is user authorized
+        '''
         username = self.session.get('username')
         if username is None:
@@ -478 +611 @@
     
     def _trustRootIsAuthorized(self, trust_root):
-        '''The given trust root (Relying Party) has previously been approved
-        by the user'''
+        '''Return True/False for the given trust root (Relying Party) 
+        previously been approved by the user
+        
+        @type trust_root: dict
+        @param trust_root: keyed by trusted root (Relying Party) URL and 
+        containing string item 'always' if approved
+        @rtype: bool
+        @return: True - trust has already been approved, False - trust root is
+        not approved'''
         approvedRoots = self.session.get('approved', {})
         return approvedRoots.get(trust_root) is not None
 
 
-    def _addSRegResponse(self, request, response):
-        '''Add Simple Registration attributes to response to Relying Party'''
+    def _addSRegResponse(self, oidRequest, oidResponse):
+        '''Add Simple Registration attributes to response to Relying Party
+        
+        @type oidRequest: openid.server.server.CheckIDRequest
+        @param oidRequest: OpenID Check ID Request object
+        @type oidResponse: openid.server.server.OpenIDResponse
+        @param oidResponse: OpenID response object'''
+        
         if self.sregResponseHandler is None:
+            # No Simple Registration response object was set
             return
         
-        sreg_req = sreg.SRegRequest.fromOpenIDRequest(request)
+        sreg_req = sreg.SRegRequest.fromOpenIDRequest(oidRequest)
 
         # Callout to external callable sets additional user attributes to be
@@ -495 +642 @@
         sreg_data = self.sregResponseHandler(self.session.get('username'))
         sreg_resp = sreg.SRegResponse.extractResponse(sreg_req, sreg_data)
-        response.addExtension(sreg_resp)
-
-
-    def _addAXResponse(self, request, response):
+        oidResponse.addExtension(sreg_resp)
+
+
+    def _addAXResponse(self, oidRequest, oidResponse):
         '''Add attributes to response based on the OpenID Attribute Exchange 
-        interface'''
-
-        ax_req = ax.FetchRequest.fromOpenIDRequest(request)
+        interface
+        
+        @type oidRequest: openid.server.server.CheckIDRequest
+        @param oidRequest: OpenID Check ID Request object
+        @type oidResponse: openid.server.server.OpenIDResponse
+        @param oidResponse: OpenID response object'''
+
+
+        ax_req = ax.FetchRequest.fromOpenIDRequest(oidRequest)
         if ax_req is None:
             log.debug("No Attribute Exchange extension set in request")
@@ -520 +673 @@
         # release of attributes + assignment based on required attributes - 
         # possibly via FetchRequest.getRequiredAttrs()
-#        for typeURI, attrInfo in ax_req.requested_attributes.items():
-#            # Value input must be list type
-#            ax_resp.setValues(typeURI, [attrInfo.alias+"Value"])
         self.axResponseHandler(ax_req, ax_resp, self.session.get('username'))
         
-        response.addExtension(ax_resp)
-        
-        
-    def _identityApproved(self, request, identifier=None):
-        '''Action following approval of a Relying Party by the user'''
-        response = request.answer(True, identity=identifier)
-        self._addSRegResponse(request, response)
-        self._addAXResponse(request, response)
-        return response
+        oidResponse.addExtension(ax_resp)
+        
+        
+    def _identityApproved(self, oidRequest, identifier=None):
+        '''Action following approval of a Relying Party by the user.  Add
+        Simple Registration and/or Attribute Exchange parameters if handlers
+        were specified - See _addSRegResponse and _addAXResponse methods
+        
+        @type oidRequest: openid.server.server.CheckIDRequest
+        @param oidRequest: OpenID Check ID Request object
+        @type identifier: basestring
+        @param identifier: OpenID selected by user - for ID Select mode only
+        @rtype oidResponse: openid.server.server.OpenIDResponse
+        @return oidResponse: OpenID response object'''
+
+        oidResponse = oidRequest.answer(True, identity=identifier)
+        self._addSRegResponse(oidRequest, oidResponse)
+        self._addAXResponse(oidRequest, oidResponse)
+        
+        return oidResponse
 
 
     def _handleCheckIDRequest(self, oidRequest):
-        
+        """Handle "checkid_immediate" and "checkid_setup" type requests from
+        Relying Party
+        
+        @type oidRequest: openid.server.server.CheckIDRequest
+        @param oidRequest: OpenID Check ID request
+        @rtype: basestring
+        @return: WSGI response
+        """
         log.debug("OpenIDProviderMiddleware._handleCheckIDRequest ...")
         
@@ -575 +743 @@
             return response
 
-    # If the response to the Relying Party is too long it's rendered as form
-    # with the POST method instead of query arguments in a GET 302 redirect.
-    # Wrap the form in this document to make the form submit automatically
-    # without user intervention.  See _displayResponse method below...
-    formRespWrapperTmpl = """<html>
-    <head>
-        <script type="text/javascript">
-            function doRedirect()
-            {
-                document.forms[0].submit();
-            }
-        </script>
-    </head>
-    <body onLoad="doRedirect()">
-        %s
-    </body>
-</html>"""
 
     def _displayResponse(self, oidResponse):
+        """Serialize an OpenID Response object, set headers and return WSGI
+        response.
+        
+        If the URL length for a GET request exceeds a maximum, then convert the
+        response into a HTML form and use POST method.
+        
+        @type oidResponse: openid.server.server.OpenIDResponse
+        @param oidResponse: OpenID response object
+        
+        @rtype: basestring
+        @return: WSGI response'''
+        """
+        
         try:
             webresponse = self.oidserver.encodeResponse(oidResponse)
@@ -622 +786 @@
 
     def _redirect(self, start_response, url):
+        """Do a HTTP 302 redirect
+        
+        @type start_response: callable following WSGI start_response convention
+        @param start_response: WSGI start response callable
+        @type url: basestring
+        @param url: URL to redirect to
+        @rtype: list
+        @return: empty HTML body
+        """
         start_response('302 %s' % httplib.responses[302], 
                        [('Content-type', 'text/html'+self.charset),
@@ -629 +802 @@
 
     def _showErrorPage(self, msg, code=500):
+        """Display error information to the user
+        
+        @type msg: basestring
+        @param msg: error message
+        @type code: int
+        @param code: HTTP error code
+        """
+        
         response = self._renderer.renderErrorPage(self.environ,cgi.escape(msg))
         self.start_response('%d %s' % (code, httplib.responses[code]), 
@@ -640 +821 @@
     derivative from this class to override the default look and feel and 
     behaviour of these pages.  Pass the new class name via the renderClass
-    keyword to OpenIDProviderMiddleware.__init__"""
-    
+    keyword to OpenIDProviderMiddleware.__init__
+    
+    @cvar tmplServerYadis: template for returning Yadis document to Relying 
+    Party.  Derived classes can reset this or completely override the 
+    renderServerYadis method.
+    
+    @type tmplServerYadis: basestring
+    
+    @cvar tmplYadis: template for returning Yadis document containing user
+    URL to Relying Party.  Derived classes can reset this or completely 
+    override the renderYadis method.
+    
+    @type tmplYadis: basestring"""
+   
+    tmplServerYadis = """\
+<?xml version="1.0" encoding="UTF-8"?>
+<xrds:XRDS
+    xmlns:xrds="xri://$xrds"
+    xmlns="xri://$xrd*($v*2.0)">
+  <XRD>
+
+    <Service priority="0">
+      <Type>%(openid20type)s</Type>
+      <URI>%(endpoint_url)s</URI>
+    </Service>
+
+  </XRD>
+</xrds:XRDS>
+"""
+
+    tmplYadis = """\
+<?xml version="1.0" encoding="UTF-8"?>
+<xrds:XRDS
+    xmlns:xrds="xri://$xrds"
+    xmlns="xri://$xrd*($v*2.0)">
+  <XRD>
+
+    <Service priority="0">
+      <Type>%(openid20type)s</Type>
+      <Type>%(openid10type)s</Type>
+      <URI>%(endpoint_url)s</URI>
+      <LocalID>%(user_url)s</LocalID>
+    </Service>
+
+  </XRD>
+</xrds:XRDS>"""    
+   
     def __init__(self, base_url, urls):
+        """
+        @type base_url: basestring
+        @param base_url: base URL for OpenID Provider to which individual paths
+        are appended
+        @type urls: dict
+        @param urls: full urls for all the paths used by all the exposed 
+        methods - keyed by method name - see OpenIDProviderMiddleware.paths
+        """
         self.base_url = base_url
         self.urls = urls
 
+
     def renderIdentityPage(self, environ):
-        """Render the identity page."""
+        """Render the identity page.
+        
+        @type environ: dict
+        @param environ: dictionary of environment variables
+        @rtype: basestring
+        @return: WSGI response
+        """
         path = environ.get('PATH_INFO').rstrip('/')
         username = path[len(self.paths['path_id'])+1:]
@@ -654 +895 @@
               self.urls['url_openidserver']
               
-        yadis_loc_tag = '<meta http-equiv="x-xrds-location" content="%s">'%\
+        yadis_loc_tag = '<meta http-equiv="x-xrds-location" content="%s">' % \
             (self.urls['url_yadis']+'/'+path[4:])
             
@@ -668 +909 @@
                                 ''' % (ident, msg))
     
-    tmplServerYadis = """\
-<?xml version="1.0" encoding="UTF-8"?>
-<xrds:XRDS
-    xmlns:xrds="xri://$xrds"
-    xmlns="xri://$xrd*($v*2.0)">
-  <XRD>
-
-    <Service priority="0">
-      <Type>%(openid20type)s</Type>
-      <URI>%(endpoint_url)s</URI>
-    </Service>
-
-  </XRD>
-</xrds:XRDS>
-"""
-
+    
     def renderServerYadis(self, environ):
-        '''Render Yadis info'''
+        '''Render Yadis info
+        
+        @type environ: dict
+        @param environ: dictionary of environment variables
+        @rtype: basestring
+        @return: WSGI response
+        '''
         endpoint_url = self.urls['url_openidserver']
         return RenderingInterface.tmplServerYadis % \
             {'openid20type': discover.OPENID_IDP_2_0_TYPE, 
-             'endpoint_url': endpoint_url}
-        
-    tmplYadis = """\
-<?xml version="1.0" encoding="UTF-8"?>
-<xrds:XRDS
-    xmlns:xrds="xri://$xrds"
-    xmlns="xri://$xrd*($v*2.0)">
-  <XRD>
-
-    <Service priority="0">
-      <Type>%(openid20type)s</Type>
-      <Type>%(openid10type)s</Type>
-      <URI>%(endpoint_url)s</URI>
-      <LocalID>%(user_url)s</LocalID>
-    </Service>
-
-  </XRD>
-</xrds:XRDS>"""    
-    
-    
+             'endpoint_url': endpoint_url}    
+
+
     def renderYadis(self, environ):
-        """Render Yadis document"""
+        """Render Yadis document containing user URL
+        
+        @type environ: dict
+        @param environ: dictionary of environment variables
+        @rtype: basestring
+        @return: WSGI response
+        """
+        
         username = environ['PATH_INFO'].rstrip('/').split('/')[-1]
         
@@ -725 +947 @@
         
     def renderLogin(self, environ, success_to=None, fail_to=None, msg=''):
-        """Render the login form."""
+        """Render the login form.
+        
+        @type environ: dict
+        @param environ: dictionary of environment variables
+        @type success_to: basestring
+        @param success_to: URL put into hidden field telling  
+        OpenIDProviderMiddleware.do_loginsubmit() where to forward to on 
+        successful login
+        @type fail_to: basestring
+        @param fail_to: URL put into hidden field telling  
+        OpenIDProviderMiddleware.do_loginsubmit() where to forward to on 
+        login error
+        @type msg: basestring
+        @param msg: display (error) message below login form e.g. following
+        previous failed login attempt.
+        @rtype: basestring
+        @return: WSGI response
+        """
         
         if success_to is None:
@@ -748 +987 @@
 
     def renderMainPage(self, environ):
-        """Rendering the main page."""
+        """Rendering the main page.
+        
+        @type environ: dict
+        @param environ: dictionary of environment variables
+        @rtype: basestring
+        @return: WSGI response
+        """
         
         yadis_tag = '<meta http-equiv="x-xrds-location" content="%s">' % \
@@ -774 +1019 @@
     
     def renderDecidePage(self, environ, oidRequest):
+        """Show page giving the user the option to approve the return of their
+        credentials to the Relying Party.  This page is also displayed for
+        ID select mode if the user is already logged in at the OpenID Provider.
+        This enables them to confirm the OpenID to be sent back to the 
+        Relying Party
+        
+        @type environ: dict
+        @param environ: dictionary of environment variables
+        @type oidRequest: openid.server.server.CheckIDRequest
+        @param oidRequest: OpenID Check ID Request object
+        @rtype: basestring
+        @return: WSGI response
+        """
         id_url_base = self.urls['url_id'] + '/'
         
@@ -886 +1144 @@
     def _showPage(self, environ, 
                   title, head_extras='', msg=None, err=None, form=None):
-
+        """Generic page rendering method.  Derived classes may ignore this.
+        
+        @type environ: dict
+        @param environ: dictionary of environment variables
+        @type title: basestring
+        @param title: page title
+        @type head_extras: basestring
+        @param head_extras: add extra HTML header elements
+        @type msg: basestring
+        @param msg: optional message for page body
+        @type err: basestring
+        @param err: optional error message for page body
+        @type form: basestring
+        @param form: optional form for page body        
+        @rtype: basestring
+        @return: WSGI response
+        """
+        
         username = environ['beaker.session'].get('username')
         if username is None:
@@ -1008 +1283 @@
 
     def renderErrorPage(self, environ, msg):
+        """Display error page 
+        
+        @type environ: dict
+        @param environ: dictionary of environment variables
+        @type msg: basestring
+        @param msg: optional message for page body
+        @rtype: basestring
+        @return: WSGI response
+        """
+        
         response = self._showPage(environ, 'Error Processing Request', err='''\
         <p>%s</p>