Changeset 4905

Timestamp:

03/02/09 16:40:11 (12 years ago)

Author:

pjkersha

Message:

Initial working version of OpenID Relying Party middleware - this is an RP factored out of the original functionality included in the SSO Pylons project.

Location:

TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/relyingparty

Files:

• __init__.py (modified) (4 diffs)
• signin_interface/buffet/__init__.py (modified) (4 diffs)
• signin_interface/buffet/templates/ndgpage.kid (modified) (4 diffs)
• signin_interface/buffet/templates/signin.kid (modified) (1 diff)

TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/relyingparty/__init__.py

@@ -13 +13 @@
 import logging
 log = logging.getLogger(__name__)
+
+import httplib # to get official status code messages
 
 import authkit.authenticate
@@ -47 +49 @@
         @param app_conf: application specific configuration - must follow 
         format of propertyDefaults class variable"""    
+
+            
+        authKitApp = authkit.authenticate.middleware(app, app_conf)
+        app = beaker.middleware.SessionMiddleware(authKitApp)
                 
         # Check for sign in template settings
@@ -73 +79 @@
                         del conf[k]
         
-            app_conf['authkit.openid.template.string']=app.makeTemplate()
-            
-        app = authkit.authenticate.middleware(app, app_conf)
-        app = beaker.middleware.SessionMiddleware(app)
+            authKitApp.template = app.getTemplateFunc()#app.makeTemplate()
 
         super(OpenIDRelyingPartyMiddleware, self).__init__(app, 
@@ -84 +87 @@
                 
     def __call__(self, environ, start_response):
-        return self._app(environ, start_response)
+        '''Alter start_response to override the status code and force to 401.
+        This will non-browser based client code to bypass the OpenID interface
+        '''
+        def setUnauthorizedResponse(status, header, exc_info=None):
+            return start_response("%s %s" % (401, httplib.responses[401]), 
+                                  header,
+                                  exc_info)
+            
+        return self._app(environ, setUnauthorizedResponse)
 
 class SigninInterfaceError(Exception):

TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/relyingparty/signin_interface/buffet/__init__.py

@@ -32 +32 @@
     propertyDefaults = {
         'templateType': 'kid', 
-        'templateRootDir': None,
+        'templatePackage': None,
         'staticContentRootDir': './',
         'baseURL': 'http://localhost',
+        'logoutURI': '',
         'leftLogo': None,
         'leftAlt': None,
@@ -58 +59 @@
         
         self._buffet = OpenIDRelyingPartyRenderingBuffet(self.templateType, 
-                                            template_root=self.templateRootDir)
+                                            template_root=self.templatePackage)
         
         self.title = "Enter your OpenID to Sign in"
@@ -64 +65 @@
         self.headExtras = ''
         self.loginStatus = True
+        self.loggedIn = False
+        
+        # TODO: handle session object scope
+        self.session = {'username': ''}
         
         staticApp = StaticURLParser(self.staticContentRootDir)
-        app = Cascade([staticApp, self._app])
+        self._app = Cascade([staticApp, app])
         
     def _render(self, templateName, c=None, **kw):
@@ -91 +96 @@
     
     def __call__(self, environ, start_response):
-        static_app = StaticURLParser(document_root=self.documentRootDir)
-        app = Cascade([static_app, self._app])
-        return app
+        return self._app(environ, start_response)

TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/relyingparty/signin_interface/buffet/templates/ndgpage.kid

@@ -7 +7 @@
         <title py:content="c.title">title</title>
                 ${XML(c.headExtras)}
-        <!--! The following includes the javascript, note that the XML
-        function is needed to avoid escaping the < character -->
-<!--  
-        <?python
-            # Fudge for WebHelpers migration to 0.6.1
-            if hasattr(h, 'javascript_include_tag'):
-                javascript_include_tag = h.javascript_include_tag
-            else:
-                javascript_include_tag = h.rails.javascript_include_tag
-        ?>
-        ${XML(javascript_include_tag(builtins=True))}
-        <script type="text/javascript" src="${c.baseURL}/js/toggleDiv.js"/>
--->
-        <link media="all, screen" href="${c.baseURL}/layout/ndg2.css" type="text/css" rel="stylesheet"/>
-        <link rel="icon" type="image/ico" href="${c.baseURL}/layout/favicon.jpg" />
+        <link media="all, screen" href="${c.baseURL}/layout/ndg2.css" 
+            type="text/css" rel="stylesheet"/>
+        <link rel="icon" type="image/ico" 
+            href="${c.baseURL}/layout/favicon.jpg"/>
     </head>
 
@@ -41 +30 @@
                     ?>
                     <li class="$status"><span class="pagetab">
-<!--  
-                    ${XML(h.link_to_if(linkto,tab[0],tab[1]))}
--->
                     </span></li> 
                  </span>
@@ -59 +45 @@
                 <td align="left" width="60%">
                     <table><tbody>
-                    <tr><td><span py:replace="linkimage(c.ndgLink,c.ndgImage,'NDG')"/></td>
-                    <td>OpenID Provider Site for <a href="http://ndg.nerc.ac.uk"> NERC DataGrid</a>
-                    ${c.disclaimer} </td>
+                    <tr>
+                        <td><span py:replace="linkimage(c.ndgLink,c.ndgImage,'NDG')"/></td>
+                        <td>OpenID Provider Site for <a href="http://ndg.nerc.ac.uk">NERC DataGrid</a>
+                    ${c.disclaimer}</td>
                     </tr>
                     </tbody></table>
@@ -68 +55 @@
                     <div py:if="c.loginStatus" id="loginStatus">
                         <!--! now we choose one of the next two (logged in or not) -->
-                        <div py:if="'username' in c.session" id="loggedIn">
+                        <div py:if="c.loggedIn" id="loggedIn">
                             <table><tbody><tr><td> 
-                                <!-- Create link using embedded python 
-                                    construct because including a link with '&'
-                                    directly causes an error
-                                -->
-                                <?python
-                                    logOutLink='%s?submit=true&success_to=%s&fail_to=%s' % \
-                                    (c.urls['url_loginsubmit'], 
-                                     c.urls['url_login'],
-                                     c.urls['url_mainpage'])
-                                ?>
                                 Logged in as ${c.session['username']}. 
-                                [<a href="$logOutLink">
-                                    Log out
-                                </a>]
-                            </td></tr></tbody></table>
-                        </div>
-                        <div py:if="'username' not in c.session" id="loggedOut">
-                            <table><tbody><tr><td> 
-                                Other services may be available if you <a href="${c.urls['url_login']}">login</a>.
+                                [<a href="$c.logOutURI">Log out</a>]
                             </td></tr></tbody></table>
                         </div>

TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/relyingparty/signin_interface/buffet/templates/signin.kid

@@ -2 +2 @@
         <div py:def="openIDSignin()" class="openIDSignin" style="text-indent:5px">
                 <form action="$c.baseURL/verify" method="post">
-                  <table cellspacing="0" border="0" cellpadding="5">
-                    <tr>
-                        <td>OpenID:</td> 
-                        <td>
-                                <input type="text" name="openid" value="" class='openid-identifier'/>
-                        </td>
-                        <td align="right">
-                                <input type="submit" name="authform" value="Go"/>
-                        </td>
-                        <td>
-                                <a href="http://openid.net/what/" target="_blank"><small>What's this?</small></a>
-                        </td>
-                    </tr>
+                        <table cellspacing="0" border="0" cellpadding="5" style="align: left">
+                            <tr align="left">
+                                        <td>OpenID:</td> 
+                                        <td align="left">
+                                                <input type="text" name="openid" value="" class='openid-identifier'/>
+                                        </td>
+                                        <td align="right">
+                                                <input type="submit" name="authform" value="Go"/>
+                                        </td>
+                                        <td>
+                                                <a href="http://openid.net/what/" target="_blank"><small>What's this?</small></a>
+                                        </td>
+                            </tr>
                   </table>
                 </form>
+                <div id="message">
+                        $$message
+                </div>
         </div>
-
+        
     <head>
                 <style>